public async Task AcquireTokens()
{
this.TokenStorage.ClearCache();
this.TenantStorage.ClearCache();
var tokenCache = new CustomTokenCache();
var cacheInfo = await GetAuthorizationResult(tokenCache, Constants.AADTenantId);
Utils.Trace.WriteLine(string.Format("Welcome {0} (Tenant: {1})", cacheInfo.DisplayableId, cacheInfo.TenantId));
var tenantCache = await GetTokenForTenants(tokenCache, cacheInfo);
this.TokenStorage.SaveCache(tokenCache);
this.TenantStorage.SaveCache(tenantCache);
}
public void SaveCache(CustomTokenCache cache)
{
var state = cache.GetState();
ProtectedFile.WriteAllText(ProtectedFile.GetCacheFile(_cacheFileName), state);
}
public void Clone(CustomTokenCache tokenCache)
{
_caches = tokenCache._caches;
}
protected async Task<Dictionary<string, TenantCacheInfo>> GetTokenForTenants(CustomTokenCache tokenCache, TokenCacheInfo cacheInfo,
string appId = null, string appKey = null, string username = null, string password = null)
{
var recentInfo = cacheInfo;
var tenantIds = await GetTenantIds(cacheInfo);
if (!tenantIds.Contains(cacheInfo.TenantId))
{
var list = tenantIds.ToList();
list.Insert(0, cacheInfo.TenantId);
tenantIds = list.ToArray();
}
var tenantCache = this.TenantStorage.GetCache();
foreach (var tenantId in tenantIds)
{
var info = new TenantCacheInfo
{
tenantId = tenantId,
displayName = "unknown",
domain = (tenantIds.Length == 1 || tenantId != cacheInfo.TenantId) ? cacheInfo.TenantId : "unknown"
};
TokenCacheInfo result = null;
try
{
if (!String.IsNullOrEmpty(appId) && !String.IsNullOrEmpty(appKey))
{
result = GetAuthorizationResultBySpn(tokenCache, tenantId: tenantId, appId: appId, appKey: appKey, resource: Constants.CSMResources[(int)AzureEnvironments]);
}
else if (!String.IsNullOrEmpty(username) && !String.IsNullOrEmpty(password))
{
result = GetAuthorizationResultByUpn(tokenCache, tenantId: tenantId, username: username, password: password, resource: Constants.CSMResources[(int)AzureEnvironments]);
}
else
{
result = await GetAuthorizationResult(tokenCache, tenantId: tenantId, user: cacheInfo.DisplayableId);
}
}
catch (Exception ex)
{
Utils.Trace.WriteLine(string.Format("User: {0}, Tenant: {1} {2}", cacheInfo.DisplayableId, tenantId, ex.Message));
Utils.Trace.WriteLine(string.Empty);
continue;
}
try
{
TokenCacheInfo aadToken = null;
if (!String.IsNullOrEmpty(appId) && appKey == "_certificate_")
{
Utils.Trace.WriteLine(string.Format("AppId: {0}, Tenant: {1}", appId, tenantId));
}
else if (!String.IsNullOrEmpty(appId) && !String.IsNullOrEmpty(appKey))
{
aadToken = GetAuthorizationResultBySpn(tokenCache, tenantId: tenantId, appId: appId, appKey: appKey, resource: Constants.AADGraphUrls[(int)AzureEnvironments]);
}
else if (!String.IsNullOrEmpty(username) && !String.IsNullOrEmpty(password))
{
aadToken = GetAuthorizationResultByUpn(tokenCache, tenantId: tenantId, username: username, password: password, resource: Constants.AADGraphUrls[(int)AzureEnvironments]);
}
else
{
aadToken = await GetAuthorizationResult(tokenCache, tenantId: tenantId, user: cacheInfo.DisplayableId, resource: Constants.AADGraphUrls[(int)AzureEnvironments]);
}
if (aadToken != null)
{
var details = await GetTenantDetail(aadToken, tenantId);
info.displayName = details.displayName;
info.domain = details.verifiedDomains.First(d => d.@default).name;
if (!String.IsNullOrEmpty(appId) && !String.IsNullOrEmpty(appKey))
{
Utils.Trace.WriteLine(string.Format("AppId: {0}, Tenant: {1} ({2})", appId, tenantId, info.domain));
}
else
{
Utils.Trace.WriteLine(string.Format("User: {0}, Tenant: {1} ({2})", result.DisplayableId, tenantId, info.domain));
}
}
}
catch (Exception)
{
if (!String.IsNullOrEmpty(appId) && !String.IsNullOrEmpty(appKey))
{
Utils.Trace.WriteLine(string.Format("AppId: {0}, Tenant: {1}", appId, tenantId));
}
else
{
Utils.Trace.WriteLine(string.Format("User: {0}, Tenant: {1}", result.DisplayableId, tenantId));
}
}
try
{
var subscriptions = await GetSubscriptions(result);
Utils.Trace.WriteLine(string.Format("\tThere are {0} subscriptions", subscriptions.Length));
info.subscriptions = subscriptions.Select(subscription => new SubscriptionCacheInfo
{
subscriptionId = subscription.subscriptionId,
displayName = subscription.displayName
}).ToArray();
if (recentInfo != null && info.subscriptions.Length > 0)
{
recentInfo = result;
}
foreach (var subscription in subscriptions)
{
Utils.Trace.WriteLine(string.Format("\tSubscription {0} ({1})", subscription.subscriptionId, subscription.displayName));
}
}
catch (Exception ex)
{
Utils.Trace.WriteLine(string.Format("\t{0}!", ex.Message));
}
tenantCache[tenantId] = info;
if (!String.IsNullOrEmpty(info.domain) && info.domain != "unknown")
{
tenantCache[info.domain] = info;
}
Utils.Trace.WriteLine(string.Empty);
}
this.TokenStorage.SaveRecentToken(recentInfo, Constants.CSMResources[(int)AzureEnvironments]);
return tenantCache;
}
protected TokenCacheInfo GetAuthorizationResultByUpn(CustomTokenCache tokenCache, string tenantId, string username, string password, string resource)
{
TokenCacheInfo found;
if (tokenCache.TryGetValue(tenantId, resource, out found))
{
return found;
}
var azureEnvironment = this.AzureEnvironments;
var authority = String.Format("{0}/{1}", Constants.AADLoginUrls[(int)azureEnvironment], tenantId);
var context = new AuthenticationContext(
authority: authority,
validateAuthority: true,
tokenCache: tokenCache);
var credential = new UserCredential(username, password);
var result = context.AcquireToken(resource, Constants.AADClientId, credential);
var cacheInfo = new TokenCacheInfo(resource, result);
tokenCache.Add(cacheInfo);
return cacheInfo;
}
protected TokenCacheInfo GetAuthorizationResultBySpn(CustomTokenCache tokenCache, string tenantId, string appId, X509Certificate2 certificate, string resource)
{
TokenCacheInfo found;
if (tokenCache.TryGetValue(tenantId, resource, out found))
{
return found;
}
var azureEnvironment = this.AzureEnvironments;
var authority = String.Format("{0}/{1}", Constants.AADLoginUrls[(int)azureEnvironment], tenantId);
var context = new AuthenticationContext(
authority: authority,
validateAuthority: true,
tokenCache: tokenCache);
var credential = new ClientAssertionCertificate(appId, certificate);
var result = context.AcquireToken(resource, credential);
var cacheInfo = new TokenCacheInfo(tenantId, appId, "_certificate_", resource, result);
tokenCache.Add(cacheInfo);
return cacheInfo;
}
protected async Task<TokenCacheInfo> GetAuthorizationResultByRefreshToken(CustomTokenCache tokenCache, TokenCacheInfo cacheInfo)
{
var azureEnvironment = this.AzureEnvironments;
var authority = String.Format("{0}/{1}", Constants.AADLoginUrls[(int)azureEnvironment], cacheInfo.TenantId);
var context = new AuthenticationContext(
authority: authority,
validateAuthority: true,
tokenCache: tokenCache);
AuthenticationResult result = await context.AcquireTokenByRefreshTokenAsync(
refreshToken: cacheInfo.RefreshToken,
clientId: Constants.AADClientId,
resource: cacheInfo.Resource);
var ret = new TokenCacheInfo(cacheInfo.Resource, result);
ret.TenantId = cacheInfo.TenantId;
ret.DisplayableId = cacheInfo.DisplayableId;
tokenCache.Add(ret);
return ret;
}
protected Task<TokenCacheInfo> GetAuthorizationResult(CustomTokenCache tokenCache, string tenantId, string user = null, string resource = null)
{
var tcs = new TaskCompletionSource<TokenCacheInfo>();
resource = resource ?? Constants.CSMResources[(int)AzureEnvironments];
TokenCacheInfo found;
if (tokenCache.TryGetValue(tenantId, resource, out found))
{
tcs.SetResult(found);
return tcs.Task;
}
var thread = new Thread(() =>
{
try
{
var azureEnvironment = this.AzureEnvironments;
var authority = String.Format("{0}/{1}", Constants.AADLoginUrls[(int)azureEnvironment], tenantId);
var context = new AuthenticationContext(
authority: authority,
validateAuthority: true,
tokenCache: tokenCache);
AuthenticationResult result = null;
if (!string.IsNullOrEmpty(user))
{
result = context.AcquireToken(
resource: resource,
clientId: Constants.AADClientId,
redirectUri: new Uri(Constants.AADRedirectUri),
promptBehavior: PromptBehavior.Never,
userId: new UserIdentifier(user, UserIdentifierType.OptionalDisplayableId));
}
else
{
result = context.AcquireToken(
resource: resource,
clientId: Constants.AADClientId,
redirectUri: new Uri(Constants.AADRedirectUri),
promptBehavior: PromptBehavior.Always);
}
var cacheInfo = new TokenCacheInfo(resource, result);
tokenCache.Add(cacheInfo);
tcs.TrySetResult(cacheInfo);
}
catch (Exception ex)
{
tcs.TrySetException(ex);
}
});
thread.SetApartmentState(ApartmentState.STA);
thread.Name = "AcquireTokenThread";
thread.Start();
return tcs.Task;
}
public async Task<TokenCacheInfo> GetTokenByUpn(string username, string password)
{
this.TokenStorage.ClearCache();
this.TenantStorage.ClearCache();
var tokenCache = new CustomTokenCache();
var cacheInfo = GetAuthorizationResultByUpn(tokenCache, "common", username, password, Constants.CSMResources[(int)AzureEnvironments]);
var tenantCache = await GetTokenForTenants(tokenCache, cacheInfo, username: username, password: password);
this.TokenStorage.SaveCache(tokenCache);
this.TenantStorage.SaveCache(tenantCache);
return cacheInfo;
}
protected async Task<TokenCacheInfo> RefreshToken(CustomTokenCache tokenCache, TokenCacheInfo cacheInfo)
{
if (!String.IsNullOrEmpty(cacheInfo.RefreshToken))
{
try
{
return await GetAuthorizationResultByRefreshToken(tokenCache, cacheInfo);
}
catch (AdalServiceException ex)
{
if (ex.Message.IndexOf("The provided access grant is expired or revoked") > 0)
{
AcquireTokens().Wait();
cacheInfo = GetToken(cacheInfo.TenantId).Result;
tokenCache.Clone(this.TokenStorage.GetCache());
return cacheInfo;
}
throw;
}
}
else if (!String.IsNullOrEmpty(cacheInfo.AppId) && cacheInfo.AppKey == "_certificate_")
{
throw new InvalidOperationException("Unable to refresh expired token! Try login with certificate again.");
}
else if (!String.IsNullOrEmpty(cacheInfo.AppId) && !String.IsNullOrEmpty(cacheInfo.AppKey))
{
return GetAuthorizationResultBySpn(tokenCache, cacheInfo.TenantId, cacheInfo.AppId, cacheInfo.AppKey, cacheInfo.Resource);
}
throw new NotImplementedException();
}
public async Task<TokenCacheInfo> GetTokenBySpn(string tenantId, string appId, X509Certificate2 certificate)
{
this.TokenStorage.ClearCache();
this.TenantStorage.ClearCache();
var tokenCache = new CustomTokenCache();
var cacheInfo = GetAuthorizationResultBySpn(tokenCache, tenantId, appId, certificate, Constants.CSMResources[(int)AzureEnvironments]);
var tenantCache = await GetTokenForTenants(tokenCache, cacheInfo, appId: appId, appKey: "_certificate_");
this.TokenStorage.SaveCache(tokenCache);
this.TenantStorage.SaveCache(tenantCache);
return cacheInfo;
}
protected async Task<TokenCacheInfo> RefreshToken(CustomTokenCache tokenCache, TokenCacheInfo cacheInfo)
{
if (!String.IsNullOrEmpty(cacheInfo.RefreshToken))
{
return await GetAuthorizationResultByRefreshToken(tokenCache, cacheInfo);
}
else if (!String.IsNullOrEmpty(cacheInfo.AppId) && cacheInfo.AppKey == "_certificate_")
{
throw new InvalidOperationException("Unable to refresh expired token! Try login with certificate again.");
}
else if (!String.IsNullOrEmpty(cacheInfo.AppId) && !String.IsNullOrEmpty(cacheInfo.AppKey))
{
return GetAuthorizationResultBySpn(tokenCache, cacheInfo.TenantId, cacheInfo.AppId, cacheInfo.AppKey, cacheInfo.Resource);
}
throw new NotImplementedException();
}
public void Clone(CustomTokenCache tokenCache)
{
_caches = tokenCache._caches;
}
public async Task<TokenCacheInfo> GetTokenBySpn(string tenantId, string appId, string appKey)
{
this.TokenStorage.ClearCache();
this.TenantStorage.ClearCache();
var tokenCache = new CustomTokenCache();
var cacheInfo = GetAuthorizationResultBySpn(tokenCache, tenantId, appId, appKey, Constants.CSMResource);
var tenantCache = await GetTokenForTenants(tokenCache, cacheInfo, appId: appId, appKey: appKey);
this.TokenStorage.SaveCache(tokenCache);
this.TenantStorage.SaveCache(tenantCache);
return cacheInfo;
}
public void SaveCache(CustomTokenCache cache)
{
this._cache = cache;
}
