//MSAL doesn't cache Service Principal into msal.cache
public override Task <IAccessToken> Authenticate(AuthenticationParameters parameters, CancellationToken cancellationToken)
{
var spParameters = parameters as ServicePrincipalParameters;
var onPremise = spParameters.Environment.OnPremise;
var tenantId = onPremise ? AdfsTenant :
(string.Equals(parameters.TenantId, OrganizationsTenant, StringComparison.OrdinalIgnoreCase) ? null : parameters.TenantId);
var resource = spParameters.Environment.GetEndpoint(spParameters.ResourceId) ?? spParameters.ResourceId;
var scopes = AuthenticationHelpers.GetScope(onPremise, resource);
var clientId = spParameters.ApplicationId;
var authority = spParameters.Environment.ActiveDirectoryAuthority;
var requestContext = new TokenRequestContext(scopes);
var options = new ClientCertificateCredentialOptions()
{
AuthorityHost = new Uri(authority)
};
if (!string.IsNullOrEmpty(spParameters.Thumbprint))
{
//Service Principal with Certificate
ClientCertificateCredential certCredential;
if (!ClientCertCredentialMap.TryGetValue(spParameters.ApplicationId, out certCredential))
{
//first time login
var certificate = AzureSession.Instance.DataStore.GetCertificate(spParameters.Thumbprint);
certCredential = new ClientCertificateCredential(tenantId, spParameters.ApplicationId, certificate, options);
var tokenTask = certCredential.GetTokenAsync(requestContext, cancellationToken);
return(MsalAccessToken.GetAccessTokenAsync(tokenTask,
() => { ClientCertCredentialMap[spParameters.ApplicationId] = certCredential; },
spParameters.TenantId,
spParameters.ApplicationId));
}
else
{
var tokenTask = certCredential.GetTokenAsync(requestContext, cancellationToken);
return(MsalAccessToken.GetAccessTokenAsync(tokenTask, spParameters.TenantId, spParameters.ApplicationId));
}
}
else if (spParameters.Secret != null)
{
// service principal with secret
var secretCredential = new ClientSecretCredential(tenantId, spParameters.ApplicationId, spParameters.Secret.ConvertToString(), options);
var tokenTask = secretCredential.GetTokenAsync(requestContext, cancellationToken);
return(MsalAccessToken.GetAccessTokenAsync(
tokenTask,
spParameters.TenantId,
spParameters.ApplicationId));
}
else
{
throw new MsalException(MsalError.AuthenticationFailed, string.Format(AuthenticationFailedMessage, clientId));
}
}
//MSAL doesn't cache Service Principal into msal.cache
public override Task <IAccessToken> Authenticate(AuthenticationParameters parameters, CancellationToken cancellationToken)
{
var spParameters = parameters as ServicePrincipalParameters;
var onPremise = spParameters.Environment.OnPremise;
var tenantId = onPremise ? AdfsTenant :
(string.Equals(parameters.TenantId, OrganizationsTenant, StringComparison.OrdinalIgnoreCase) ? null : parameters.TenantId);
var resource = spParameters.Environment.GetEndpoint(spParameters.ResourceId) ?? spParameters.ResourceId;
var scopes = AuthenticationHelpers.GetScope(onPremise, resource);
var clientId = spParameters.ApplicationId;
var authority = spParameters.Environment.ActiveDirectoryAuthority;
var requestContext = new TokenRequestContext(scopes);
var options = new ClientCertificateCredentialOptions()
{
AuthorityHost = new Uri(authority),
SendCertificateChain = spParameters.SendCertificateChain ?? default(bool)
};
if (!string.IsNullOrEmpty(spParameters.Thumbprint))
{
//Service Principal with Certificate
var certificate = AzureSession.Instance.DataStore.GetCertificate(spParameters.Thumbprint);
ClientCertificateCredential certCredential = new ClientCertificateCredential(tenantId, spParameters.ApplicationId, certificate, options);
var parametersLog = $"- Thumbprint:'{spParameters.Thumbprint}', ApplicationId:'{spParameters.ApplicationId}', TenantId:'{tenantId}', Scopes:'{string.Join(",", scopes)}', AuthorityHost:'{options.AuthorityHost}'";
return(MsalAccessToken.GetAccessTokenAsync(
nameof(ServicePrincipalAuthenticator),
parametersLog,
certCredential,
requestContext,
cancellationToken,
spParameters.TenantId,
spParameters.ApplicationId));
}
else if (spParameters.Secret != null)
{
// service principal with secret
var secretCredential = new ClientSecretCredential(tenantId, spParameters.ApplicationId, spParameters.Secret.ConvertToString(), options);
var parametersLog = $"- ApplicationId:'{spParameters.ApplicationId}', TenantId:'{tenantId}', Scopes:'{string.Join(",", scopes)}', AuthorityHost:'{options.AuthorityHost}'";
return(MsalAccessToken.GetAccessTokenAsync(
nameof(ServicePrincipalAuthenticator),
parametersLog,
secretCredential,
requestContext,
cancellationToken,
spParameters.TenantId,
spParameters.ApplicationId));
}
else
{
throw new MsalException(MsalError.AuthenticationFailed, string.Format(AuthenticationFailedMessage, clientId));
}
}
public virtual TokenCredential CreateClientCertificateCredential(string tenantId, string clientId, string certificatePath, ClientCertificateCredentialOptions options)
{
return(new ClientCertificateCredential(tenantId, clientId, certificatePath, options));
}
public virtual TokenCredential CreateClientSecretCredential(string tenantId, string clientId, SecureString secret, ClientCertificateCredentialOptions options)
{
return(new ClientSecretCredential(tenantId, clientId, secret.ConvertToString(), options));
}
