Example #1
0
        /// <summary>
        /// Initializes the Authentication Provider
        /// </summary>
        /// <param name="options">The options to use</param>
        internal override void Init(PnPCoreAuthenticationCredentialConfigurationOptions options)
        {
            // We need the OnBehalfOf options
            if (options.OnBehalfOf == null)
            {
                throw new ConfigurationErrorsException(
                          PnPCoreAuthResources.OnBehalfOfAuthenticationProvider_InvalidConfiguration);
            }

            // We need the certificate thumbprint
            if (string.IsNullOrEmpty(options.OnBehalfOf.ClientSecret) && string.IsNullOrEmpty(options.OnBehalfOf.Thumbprint))
            {
                throw new ConfigurationErrorsException(PnPCoreAuthResources.OnBehalfOfAuthenticationProvider_InvalidClientSecretOrCertificate);
            }

            ClientId = !string.IsNullOrEmpty(options.ClientId) ? options.ClientId : AuthGlobals.DefaultClientId;
            TenantId = !string.IsNullOrEmpty(options.TenantId) ? options.TenantId : AuthGlobals.OrganizationsTenantId;
            if (!string.IsNullOrEmpty(options.OnBehalfOf.Thumbprint))
            {
                // We prioritize the X.509 certificate, if any
                Certificate = X509CertificateUtility.LoadCertificate(
                    options.OnBehalfOf.StoreName,
                    options.OnBehalfOf.StoreLocation,
                    options.OnBehalfOf.Thumbprint);
            }
            else if (!string.IsNullOrEmpty(options.OnBehalfOf.ClientSecret))
            {
                // Otherwise we fallback to the client secret
                ClientSecret = options.OnBehalfOf.ClientSecret.ToSecureString();
            }

            if (Certificate != null)
            {
                confidentialClientApplication = ConfidentialClientApplicationBuilder
                                                .Create(ClientId)
                                                .WithCertificate(Certificate)
                                                .WithPnPAdditionalAuthenticationSettings(
                    options.OnBehalfOf.AuthorityUri,
                    options.OnBehalfOf.RedirectUri,
                    TenantId)
                                                .Build();
            }
            else
            {
                confidentialClientApplication = ConfidentialClientApplicationBuilder
                                                .Create(ClientId)
                                                .WithClientSecret(ClientSecret.ToInsecureString())
                                                .WithPnPAdditionalAuthenticationSettings(
                    options.OnBehalfOf.AuthorityUri,
                    options.OnBehalfOf.RedirectUri,
                    TenantId)
                                                .Build();
            }

            // Log the initialization information
            Log?.LogInformation(PnPCoreAuthResources.OnBehalfOfAuthenticationProvider_LogInit);
        }
        /// <summary>
        /// Encrypt a piece of text based on a given certificate
        /// </summary>
        /// <param name="stringToEncrypt">Text to encrypt</param>
        /// <param name="thumbPrint">Thumbprint of the certificate to use</param>
        /// <returns>Encrypted text</returns>
        internal static string Encrypt(this string stringToEncrypt, string thumbPrint)
        {
            X509Certificate2 certificate = X509CertificateUtility.LoadCertificate(StoreName.My, StoreLocation.CurrentUser, thumbPrint);

            if (certificate == null)
            {
                return(string.Empty);
            }

            byte[] encoded = Encoding.UTF8.GetBytes(stringToEncrypt);
            byte[] encrypted;

            encrypted = X509CertificateUtility.Encrypt(encoded, certificate);

            string encryptedString = Convert.ToBase64String(encrypted);

            return(encryptedString);
        }
        /// <summary>
        /// Decrypt a piece of text based on a given certificate
        /// </summary>
        /// <param name="stringToDecrypt">Text to decrypt</param>
        /// <param name="thumbPrint">Thumbprint of the certificate to use</param>
        /// <returns>Decrypted text</returns>
        internal static string Decrypt(this string stringToDecrypt, string thumbPrint)
        {
            X509Certificate2 certificate = X509CertificateUtility.LoadCertificate(StoreName.My, StoreLocation.CurrentUser, thumbPrint);

            if (certificate == null)
            {
                return(string.Empty);
            }

            byte[] encrypted;
            byte[] decrypted;

            encrypted = Convert.FromBase64String(stringToDecrypt);
            decrypted = X509CertificateUtility.Decrypt(encrypted, certificate);

            string decryptedString = Encoding.UTF8.GetString(decrypted);

            return(decryptedString);
        }
        /// <summary>
        /// Initializes the X509Certificate Authentication Provider
        /// </summary>
        /// <param name="options">The options to use</param>
        internal override void Init(PnPCoreAuthenticationCredentialConfigurationOptions options)
        {
            // We need the X509Certificate options
            if (options.X509Certificate == null)
            {
                throw new ConfigurationErrorsException(
                          PnPCoreAuthResources.X509CertificateAuthenticationProvider_InvalidConfiguration);
            }

            // We need the certificate thumbprint
            if (options.X509Certificate.Certificate == null && string.IsNullOrEmpty(options.X509Certificate.Thumbprint))
            {
                throw new ConfigurationErrorsException(PnPCoreAuthResources.X509CertificateAuthenticationProvider_InvalidCertificateOrThumbprint);
            }

            ClientId    = !string.IsNullOrEmpty(options.ClientId) ? options.ClientId : AuthGlobals.DefaultClientId;
            TenantId    = !string.IsNullOrEmpty(options.TenantId) ? options.TenantId : AuthGlobals.OrganizationsTenantId;
            Certificate = options.X509Certificate.Certificate ?? X509CertificateUtility.LoadCertificate(
                options.X509Certificate.StoreName,
                options.X509Certificate.StoreLocation,
                options.X509Certificate.Thumbprint);

            confidentialClientApplication = ConfidentialClientApplicationBuilder
                                            .Create(ClientId)
                                            .WithCertificate(Certificate)
                                            .WithHttpClientFactory(msalHttpClientFactory)
                                            .WithPnPAdditionalAuthenticationSettings(
                options.X509Certificate.AuthorityUri,
                options.X509Certificate.RedirectUri,
                TenantId,
                options.Environment)
                                            .Build();

            // Log the initialization information
            Log?.LogInformation(PnPCoreAuthResources.X509CertificateAuthenticationProvider_LogInit,
                                options.X509Certificate.Thumbprint,
                                options.X509Certificate.StoreName,
                                options.X509Certificate.StoreLocation);
        }