public async Task <AuthenticationResult> AcquireTokenByAuthorizationCodeAsync(string authority, string code, ApplicationCredential credential, Uri redirectUri, string resource) { AuthenticationContext authContext; ISecureClientSecret secret; authority.AssertNotEmpty(nameof(authority)); code.AssertNotEmpty(nameof(code)); redirectUri.AssertNotNull(nameof(redirectUri)); resource.AssertNotEmpty(nameof(resource)); try { authContext = new AuthenticationContext(authority); secret = new SecureClientSecret(credential.ApplicationSecret); return(await authContext.AcquireTokenByAuthorizationCodeAsync( code, redirectUri, new ClientCredential( credential.ApplicationId, secret), resource).ConfigureAwait(false)); } finally { authContext = null; secret = null; } }
/// <summary> /// Performs the necessary authentication and injects the required header. /// </summary> /// <param name="request">The request being made to the Microsoft Graph API.</param> /// <returns>A <see cref="Task"/> that represents the asynchronous operation.</returns> public async Task AuthenticateRequestAsync(HttpRequestMessage request) { SecureClientSecret clientSecret = new SecureClientSecret( await ApplicationDomain.Instance.KeyVaultService.GetAsync(WebPortalADClientSecretKey).ConfigureAwait(false)); AuthenticationResult token = await tokenProvider.GetAccessTokenAsync( $"{ApplicationConfiguration.ActiveDirectoryEndPoint}{customerId}", authorizationCode, redirectUri, new ClientCredential( ApplicationConfiguration.ActiveDirectoryClientID, clientSecret), "https://graph.microsoft.com").ConfigureAwait(false); request.Headers.Add(AuthHeaderName, $"{TokenType} {token.AccessToken}"); }
private static EutConfiguration NewEutConfiguration() { var securedStrClientSecret = new SecureString(); ConfigurationManager.AppSettings["ida:Secret"].ToList().ForEach(c => securedStrClientSecret.AppendChar(c)); var securedClientSecret = new SecureClientSecret(securedStrClientSecret); var appClientId = ConfigurationManager.AppSettings["ida:Audience"]; return(new EutConfiguration { ClientCredential = new ClientCredential(appClientId, securedClientSecret), AppClientId = ConfigurationManager.AppSettings["ida:Audience"], TenantName = ConfigurationManager.AppSettings["ida:Tenant"], TenantOnMicrosoft = string.Concat(ConfigurationManager.AppSettings["ida:Tenant"], ".onmicrosoft.com"), TenantAuthorityWindows = string.Concat("https://login.windows.net/", ConfigurationManager.AppSettings["ida:Tenant"], ".onmicrosoft.com"), TenantAuthorityMSOnline = string.Concat("https://login.microsoftonline.com/", ConfigurationManager.AppSettings["ida:Tenant"], ".onmicrosoft.com"), AppClientSecret = securedClientSecret }); }
/// <summary> /// Gets an access token from the authority. /// </summary> /// <param name="authority">Address of the authority to issue the token.</param> /// <param name="resource">Identifier of the target resource that is the recipient of the requested token.</param> /// <param name="credential">The application credential to use for token acquisition.</param> /// <param name="token">Assertion token representing the user.</param> /// <returns>An instance of <see cref="AuthenticationResult"/> that represented the access token.</returns> /// <exception cref="System.ArgumentException"> /// <paramref name="authority"/> is empty or null. /// or /// <paramref name="resource"/> is empty or null. /// or /// <paramref name="token"/> is empty or null. /// </exception> /// <exception cref="System.ArgumentNullException"> /// <paramref name="credential"/> is null. /// </exception> public async Task <AuthenticationResult> GetAccessTokenAsync(string authority, string resource, ApplicationCredential credential, string token) { AuthenticationContext authContext; AuthenticationResult authResult; DistributedTokenCache tokenCache; ISecureClientSecret secret; authority.AssertNotEmpty(nameof(authority)); resource.AssertNotEmpty(nameof(authority)); credential.AssertNotNull(nameof(credential)); token.AssertNotEmpty(nameof(token)); try { if (credential.UseCache) { tokenCache = new DistributedTokenCache(provider, resource); authContext = new AuthenticationContext(authority, tokenCache); } else { authContext = new AuthenticationContext(authority); } secret = new SecureClientSecret(credential.ApplicationSecret); authResult = await authContext.AcquireTokenAsync( resource, new ClientCredential( credential.ApplicationId, secret), new UserAssertion(token, AssertionType)).ConfigureAwait(false); return(authResult); } finally { authContext = null; tokenCache = null; secret = null; } }
/// <summary> /// Gets an access token from the authority. /// </summary> /// <param name="authority">Address of the authority to issue the token.</param> /// <param name="resource">Identifier of the target resource that is the recipient of the requested token.</param> /// <param name="credential">The application credential to use for token acquisition.</param> /// <returns>An instance of <see cref="AuthenticationResult"/> that represented the access token.</returns> /// <exception cref="System.ArgumentException"> /// <paramref name="authority"/> is empty or null. /// or /// <paramref name="resource"/> is empty or null. /// </exception> /// <exception cref="System.ArgumentNullException"> /// <paramref name="credential"/> is null. /// </exception> public async Task <AuthenticationResult> GetAccessTokenAsync(string authority, string resource, ApplicationCredential credential) { AuthenticationContext authContext; AuthenticationResult authResult; DistributedTokenCache tokenCache; Microsoft.IdentityModel.Clients.ActiveDirectory.ISecureClientSecret secret; authority.AssertNotEmpty(nameof(authority)); resource.AssertNotEmpty(nameof(resource)); credential.AssertNotNull(nameof(credential)); try { if (credential.UseCache) { tokenCache = new DistributedTokenCache(provider, resource, $"AppOnly::{authority}::{resource}"); authContext = new AuthenticationContext(authority, tokenCache); } else { authContext = new AuthenticationContext(authority); } secret = new SecureClientSecret(credential.ApplicationSecret); authResult = await authContext.AcquireTokenAsync( resource, new ClientCredential( credential.ApplicationId, secret)).ConfigureAwait(false); return(authResult); } finally { authContext = null; authResult = null; secret = null; tokenCache = null; } }
public void SecureClientSecretTest() { SecureString str = new SecureString(); str.AppendChar('x'); str.MakeReadOnly(); SecureClientSecret secret = new SecureClientSecret(str); IDictionary <string, string> paramStr = new Dictionary <string, string>(); secret.ApplyTo(paramStr); Assert.IsTrue(paramStr.ContainsKey("client_secret")); Assert.AreEqual("x", paramStr["client_secret"]); str = new SecureString(); str.AppendChar('x'); secret = new SecureClientSecret(str); paramStr = new Dictionary <string, string>(); secret.ApplyTo(paramStr); Assert.IsTrue(paramStr.ContainsKey("client_secret")); Assert.AreEqual("x", paramStr["client_secret"]); }