public void Init()
{
// set this so we can fiddle
ServicePointManager.ServerCertificateValidationCallback += delegate { return true; };
var auth = new DirectoryGraphAuthentication(ConfigurationManager.AppSettings["TenantId"], ConfigurationManager.AppSettings["SymmetricKey"], ConfigurationManager.AppSettings["AppPrincipalId"]);
var accessToken = auth.GetAccessToken(); // you can cache this until token.ExpiresOn
this.graph = new DirectoryGraph(ConfigurationManager.AppSettings["TenantId"], accessToken.AccessToken);
}
public void Init()
{
// set this so we can fiddle
ServicePointManager.ServerCertificateValidationCallback += delegate { return(true); };
var auth = new DirectoryGraphAuthentication(ConfigurationManager.AppSettings["TenantId"], ConfigurationManager.AppSettings["SymmetricKey"], ConfigurationManager.AppSettings["AppPrincipalId"]);
var accessToken = auth.GetAccessToken(); // you can cache this until token.ExpiresOn
this.graph = new DirectoryGraph(ConfigurationManager.AppSettings["TenantId"], accessToken.AccessToken);
}
public async Task <ActionResult> Callback(string wresult, string wa, string wctx)
{
// http://www.tecsupra.com/blog/system-identitymodel-manually-parsing-the-saml-token/
var wrappedToken = XDocument.Parse(wresult);
var requestedSecurityToken = wrappedToken.Root.Descendants("{http://schemas.xmlsoap.org/ws/2005/02/trust}RequestedSecurityToken").First();
var asssertion = requestedSecurityToken.DescendantNodes().First();
var xmlTextReader = asssertion.CreateReader();
var securityTokenHandlers = SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection();
// Fix for ID1032 http://blog.fabse.net/2013/01/10/id1032-at-least-one-audienceuri-must-be-specified-2/
securityTokenHandlers.Configuration.AudienceRestriction.AllowedAudienceUris.Add(new Uri(AzureAdAppUri));
securityTokenHandlers.Configuration.CertificateValidationMode = X509CertificateValidationMode.None;
securityTokenHandlers.Configuration.CertificateValidator = X509CertificateValidator.None;
securityTokenHandlers.Configuration.IssuerNameRegistry = new ValidatingIssuerNameRegistry(AzureAdAuthroAuthority);
SecurityToken token = securityTokenHandlers.ReadToken(xmlTextReader);
var viewModel = new CallbackViewModel();
var claimsIdentity = securityTokenHandlers.ValidateToken(token);
var claimsPrincipal = new ClaimsPrincipal(claimsIdentity);
viewModel.Claims = claimsPrincipal.Claims.ToList();
var tenantId =
claimsPrincipal.Claims.Single(x => x.Type == "http://schemas.microsoft.com/identity/claims/tenantid")
.Value;
var waadRequest = new HttpClient();
string postData = "grant_type=client_credentials";
postData += "&resource=" + HttpUtility.UrlEncode("https://graph.windows.net");
postData += "&client_id=" + HttpUtility.UrlEncode(AzureAdAppClientId);
postData += "&client_secret=" + HttpUtility.UrlEncode(AzureAdAppClientSecret);
var waadRequestContent = new StringContent(postData, System.Text.Encoding.ASCII, "application/x-www-form-urlencoded");
string postUrl = string.Format("https://login.windows.net/{0}/oauth2/token?api-version=1.0", tenantId);
var waadResult = await waadRequest.PostAsync(postUrl, waadRequestContent);
waadResult.EnsureSuccessStatusCode();
var result = await waadResult.Content.ReadAsStringAsync();
var jObject = JObject.Parse(result);
var accessToken = jObject.SelectToken("access_token");
var graph = new DirectoryGraph(tenantId, accessToken.Value <string>());
string nextPageUrl;
var user = graph.GetUsers(out nextPageUrl);
viewModel.Users = user;
return(View(viewModel));
}
