public async Task <MsalTokenResponse> AcquireTokenSilentDefaultUserAsync(
AuthenticationRequestParameters authenticationRequestParameters,
AcquireTokenSilentParameters acquireTokenSilentParameters)
{
var cancellationToken = authenticationRequestParameters.RequestContext.UserCancellationToken;
MsalTokenResponse msalTokenResponse = null;
_logger.Verbose("[WamBroker] Acquiring token silently for default account.");
using (var core = new NativeInterop.Core())
using (var authParams = WamAdapters.GetCommonAuthParameters(authenticationRequestParameters, _wamOptions.MsaPassthrough))
{
using (NativeInterop.AuthResult result = await core.SignInSilentlyAsync(
authParams,
authenticationRequestParameters.CorrelationId.ToString("D"),
cancellationToken).ConfigureAwait(false))
{
if (result.IsSuccess)
{
msalTokenResponse = WamAdapters.ParseRuntimeResponse(result, authenticationRequestParameters, _logger);
}
else
{
WamAdapters.ThrowExceptionFromWamError(result, authenticationRequestParameters, _logger);
}
}
}
return(msalTokenResponse);
}
public async Task <MsalTokenResponse> AcquireTokenInteractiveDefaultUserAsync(
AuthenticationRequestParameters authenticationRequestParameters,
AcquireTokenInteractiveParameters acquireTokenInteractiveParameters)
{
MsalTokenResponse msalTokenResponse = null;
var cancellationToken = authenticationRequestParameters.RequestContext.UserCancellationToken;
_logger.Verbose("[WamBroker] Signing in with the default user account.");
using (var core = new NativeInterop.Core())
using (var authParams = WamAdapters.GetCommonAuthParameters(authenticationRequestParameters, _wamOptions.MsaPassthrough))
{
using (NativeInterop.AuthResult result = await core.SignInAsync(
_parentHandle,
authParams,
authenticationRequestParameters.CorrelationId.ToString("D"),
cancellationToken).ConfigureAwait(false))
{
if (result.IsSuccess)
{
msalTokenResponse = WamAdapters.ParseRuntimeResponse(result, authenticationRequestParameters, _logger);
}
else
{
_logger.Error($"[WamBroker] Could not login interactively with the Default OS Account. {result.Error}");
WamAdapters.ThrowExceptionFromWamError(result, authenticationRequestParameters, _logger);
}
}
}
return(msalTokenResponse);
}
public async Task <MsalTokenResponse> AcquireTokenInteractiveAsync(
AuthenticationRequestParameters authenticationRequestParameters,
AcquireTokenInteractiveParameters acquireTokenInteractiveParameters)
{
MsalTokenResponse msalTokenResponse = null;
//need to provide a handle
if (_parentHandle == IntPtr.Zero)
{
throw new MsalClientException(
"window_handle_required",
"Public Client applications wanting to use WAM need to provide their window handle. Console applications can use GetConsoleWindow Windows API for this.");
}
//if OperatingSystemAccount is passed then we use the user signed-in on the machine
if (PublicClientApplication.IsOperatingSystemAccount(authenticationRequestParameters.Account))
{
return(await AcquireTokenInteractiveDefaultUserAsync(authenticationRequestParameters, acquireTokenInteractiveParameters).ConfigureAwait(false));
}
var cancellationToken = authenticationRequestParameters.RequestContext.UserCancellationToken;
_logger.Verbose("[WamBroker] Using Windows account picker.");
using (var core = new NativeInterop.Core())
using (var authParams = WamAdapters.GetCommonAuthParameters(authenticationRequestParameters, _wamOptions.MsaPassthrough))
{
//Login Hint
string loginHint = authenticationRequestParameters.LoginHint ?? authenticationRequestParameters?.Account?.Username;
_logger.Verbose("[WamBroker] AcquireTokenInteractive - login hint provided? " + string.IsNullOrEmpty(loginHint));
using (var result = await core.SignInInteractivelyAsync(
_parentHandle,
authParams,
authenticationRequestParameters.CorrelationId.ToString("D"),
loginHint,
cancellationToken).ConfigureAwait(false))
{
if (result.IsSuccess)
{
msalTokenResponse = WamAdapters.ParseRuntimeResponse(result, authenticationRequestParameters, _logger);
_logger.Verbose("[WamBroker] Successfully retrieved token.");
}
else
{
_logger.Error($"[WamBroker] Could not login interactively. {result.Error}");
WamAdapters.ThrowExceptionFromWamError(result, authenticationRequestParameters, _logger);
}
}
}
return(msalTokenResponse);
}
public async Task <MsalTokenResponse> AcquireTokenSilentAsync(
AuthenticationRequestParameters authenticationRequestParameters,
AcquireTokenSilentParameters acquireTokenSilentParameters)
{
var cancellationToken = authenticationRequestParameters.RequestContext.UserCancellationToken;
MsalTokenResponse msalTokenResponse = null;
_logger.Verbose("[WamBroker] Acquiring token silently.");
using (var core = new NativeInterop.Core())
using (var authParams = WamAdapters.GetCommonAuthParameters(authenticationRequestParameters, _wamOptions.MsaPassthrough))
{
using (var account = await core.ReadAccountByIdAsync(
acquireTokenSilentParameters.Account.HomeAccountId.ObjectId,
authenticationRequestParameters.CorrelationId.ToString("D"),
cancellationToken).ConfigureAwait(false))
{
if (account == null)
{
_logger.WarningPii(
$"Could not find a WAM account for the selected user {acquireTokenSilentParameters.Account.Username}",
"Could not find a WAM account for the selected user");
throw new MsalUiRequiredException(
"wam_no_account_for_id",
$"Could not find a WAM account for the selected user {acquireTokenSilentParameters.Account.Username}");
}
using (NativeInterop.AuthResult result = await core.AcquireTokenSilentlyAsync(
authParams,
authenticationRequestParameters.CorrelationId.ToString("D"),
account,
cancellationToken).ConfigureAwait(false))
{
if (result.IsSuccess)
{
msalTokenResponse = WamAdapters.ParseRuntimeResponse(result, authenticationRequestParameters, _logger);
}
else
{
WamAdapters.ThrowExceptionFromWamError(result, authenticationRequestParameters, _logger);
}
}
}
}
return(msalTokenResponse);
}
/// <summary>
/// Create WAM Error Response
/// </summary>
/// <param name="authResult"></param>
/// <param name="authenticationRequestParameters"></param>
/// <param name="logger"></param>
/// <exception cref="MsalClientException"></exception>
/// <exception cref="MsalUiRequiredException"></exception>
/// <exception cref="MsalServiceException"></exception>
internal static void ThrowExceptionFromWamError(
NativeInterop.AuthResult authResult,
AuthenticationRequestParameters authenticationRequestParameters,
ICoreLogger logger)
{
MsalServiceException serviceException = null;
string internalErrorCode = authResult.Error.Tag.ToString(CultureInfo.InvariantCulture);
int errorCode = authResult.Error.ErrorCode;
string errorMessage;
switch ((ResponseStatus)authResult.Error.Status)
{
case ResponseStatus.UserCanceled:
logger.Error($"[WamBroker] {MsalError.AuthenticationCanceledError} {MsalErrorMessage.AuthenticationCanceled}");
throw new MsalClientException(MsalError.AuthenticationCanceledError, MsalErrorMessage.AuthenticationCanceled);
case ResponseStatus.InteractionRequired:
case ResponseStatus.AccountUnusable:
errorMessage =
$"{WamErrorPrefix} \n" +
$" Error Code: {errorCode} \n" +
$" Error Message: {authResult.Error.Context} \n" +
$" Internal Error Code: {internalErrorCode} \n";
logger.Error($"[WamBroker] {MsalError.FailedToAcquireTokenSilentlyFromBroker} {errorMessage}");
throw new MsalUiRequiredException(MsalError.FailedToAcquireTokenSilentlyFromBroker, errorMessage);
case ResponseStatus.IncorrectConfiguration:
case ResponseStatus.ApiContractViolation:
errorMessage =
$"{WamErrorPrefix} \n" +
$" Error Code: {errorCode} \n" +
$" Error Message: {authResult.Error.Status} \n" +
$" WAM Error Message: {authResult.Error.Context} \n" +
$" Internal Error Code: {internalErrorCode} \n" +
$" Is Retryable: false \n" +
$" Possible causes: \n" +
$"- Invalid redirect uri - ensure you have configured the following url in the AAD portal App Registration: " +
$"{WamAdapters.GetExpectedRedirectUri(authenticationRequestParameters.AppConfig.ClientId)} \n" +
$"- No Internet connection \n" +
$"Please see https://aka.ms/msal-net-wam for details about Windows Broker integration";
logger.Error($"[WamBroker] WAM_provider_error_{errorCode} {errorMessage}");
serviceException = new MsalServiceException($"WAM_provider_error_{errorCode}", errorMessage);
serviceException.IsRetryable = false;
throw serviceException;
case ResponseStatus.NetworkTemporarilyUnavailable:
case ResponseStatus.NoNetwork:
case ResponseStatus.ServerTemporarilyUnavailable:
errorMessage =
$"{WamErrorPrefix} \n" +
$" Error Code: {errorCode} \n" +
$" Error Message: {authResult.Error.Status} \n" +
$" WAM Error Message: {authResult.Error.Context} \n" +
$" Internal Error Code: {internalErrorCode} \n" +
$" Is Retryable: true";
logger.Error($"[WamBroker] WAM_network_error_{errorCode} {errorMessage}");
serviceException = new MsalServiceException(errorCode.ToString(), errorMessage);
serviceException.IsRetryable = true;
throw serviceException;
default:
errorMessage = $"Unknown {authResult.Error} (error code {errorCode}) (internal error code {internalErrorCode})";
logger.Verbose($"[WamBroker] {MsalError.UnknownBrokerError} {errorMessage}");
throw new MsalServiceException(MsalError.UnknownBrokerError, errorMessage);
}
}
