public async Task <MsalTokenResponse> AcquireTokenSilentDefaultUserAsync(
AuthenticationRequestParameters authenticationRequestParameters,
AcquireTokenSilentParameters acquireTokenSilentParameters)
{
var cancellationToken = authenticationRequestParameters.RequestContext.UserCancellationToken;
MsalTokenResponse msalTokenResponse = null;
_logger.Verbose("[WamBroker] Acquiring token silently for default account.");
using (var core = new NativeInterop.Core())
using (var authParams = WamAdapters.GetCommonAuthParameters(authenticationRequestParameters, _wamOptions.MsaPassthrough))
{
using (NativeInterop.AuthResult result = await core.SignInSilentlyAsync(
authParams,
authenticationRequestParameters.CorrelationId.ToString("D"),
cancellationToken).ConfigureAwait(false))
{
if (result.IsSuccess)
{
msalTokenResponse = WamAdapters.ParseRuntimeResponse(result, authenticationRequestParameters, _logger);
}
else
{
WamAdapters.ThrowExceptionFromWamError(result, authenticationRequestParameters, _logger);
}
}
}
return(msalTokenResponse);
}
public async Task <MsalTokenResponse> AcquireTokenInteractiveDefaultUserAsync(
AuthenticationRequestParameters authenticationRequestParameters,
AcquireTokenInteractiveParameters acquireTokenInteractiveParameters)
{
MsalTokenResponse msalTokenResponse = null;
var cancellationToken = authenticationRequestParameters.RequestContext.UserCancellationToken;
_logger.Verbose("[WamBroker] Signing in with the default user account.");
using (var core = new NativeInterop.Core())
using (var authParams = WamAdapters.GetCommonAuthParameters(authenticationRequestParameters, _wamOptions.MsaPassthrough))
{
using (NativeInterop.AuthResult result = await core.SignInAsync(
_parentHandle,
authParams,
authenticationRequestParameters.CorrelationId.ToString("D"),
cancellationToken).ConfigureAwait(false))
{
if (result.IsSuccess)
{
msalTokenResponse = WamAdapters.ParseRuntimeResponse(result, authenticationRequestParameters, _logger);
}
else
{
_logger.Error($"[WamBroker] Could not login interactively with the Default OS Account. {result.Error}");
WamAdapters.ThrowExceptionFromWamError(result, authenticationRequestParameters, _logger);
}
}
}
return(msalTokenResponse);
}
public async Task <MsalTokenResponse> AcquireTokenSilentAsync(
AuthenticationRequestParameters authenticationRequestParameters,
AcquireTokenSilentParameters acquireTokenSilentParameters)
{
var cancellationToken = authenticationRequestParameters.RequestContext.UserCancellationToken;
MsalTokenResponse msalTokenResponse = null;
_logger.Verbose("[WamBroker] Acquiring token silently.");
using (var core = new NativeInterop.Core())
using (var authParams = WamAdapters.GetCommonAuthParameters(authenticationRequestParameters, _wamOptions.MsaPassthrough))
{
using (var account = await core.ReadAccountByIdAsync(
acquireTokenSilentParameters.Account.HomeAccountId.ObjectId,
authenticationRequestParameters.CorrelationId.ToString("D"),
cancellationToken).ConfigureAwait(false))
{
if (account == null)
{
_logger.WarningPii(
$"Could not find a WAM account for the selected user {acquireTokenSilentParameters.Account.Username}",
"Could not find a WAM account for the selected user");
throw new MsalUiRequiredException(
"wam_no_account_for_id",
$"Could not find a WAM account for the selected user {acquireTokenSilentParameters.Account.Username}");
}
using (NativeInterop.AuthResult result = await core.AcquireTokenSilentlyAsync(
authParams,
authenticationRequestParameters.CorrelationId.ToString("D"),
account,
cancellationToken).ConfigureAwait(false))
{
if (result.IsSuccess)
{
msalTokenResponse = WamAdapters.ParseRuntimeResponse(result, authenticationRequestParameters, _logger);
}
else
{
WamAdapters.ThrowExceptionFromWamError(result, authenticationRequestParameters, _logger);
}
}
}
}
return(msalTokenResponse);
}
/// <summary>
/// Parse Native Interop AuthResult Response to MSAL Token Response
/// </summary>
/// <param name="authResult"></param>
/// <param name="authenticationRequestParameters"></param>
/// <param name="logger"></param>
/// <exception cref="MsalServiceException"></exception>
public static MsalTokenResponse ParseRuntimeResponse(
NativeInterop.AuthResult authResult,
AuthenticationRequestParameters authenticationRequestParameters,
ICoreLogger logger)
{
try
{
string expiresOn = authResult.ExpiresOn.ToString();
string correlationId = authenticationRequestParameters.CorrelationId.ToString("D");
if (string.IsNullOrWhiteSpace(correlationId))
{
logger.Warning("No correlation ID in response");
correlationId = null;
}
//parsing Pop token from auth header if pop was performed. Otherwise use access token field.
var token = authResult.IsPopAuthorization ? authResult.AuthorizationHeader.Split(' ')[1] : authResult.AccessToken;
MsalTokenResponse msalTokenResponse = new MsalTokenResponse()
{
AccessToken = token,
IdToken = authResult.RawIdToken,
CorrelationId = correlationId,
Scope = authResult.GrantedScopes,
ExpiresIn = DateTimeHelpers.GetDurationFromWindowsTimestamp(expiresOn, logger),
ClientInfo = authResult.Account.ClientInfo.ToString(),
TokenType = authResult.IsPopAuthorization ? Constants.PoPAuthHeaderPrefix : BrokerResponseConst.Bearer,
WamAccountId = authResult.Account.Id,
TokenSource = TokenSource.Broker
};
logger.Info("WAM response status success");
return(msalTokenResponse);
}
catch (NativeInterop.MsalRuntimeException ex)
{
throw new MsalServiceException("wam_failed", $"Could not acquire token using WAM. {ex.Message}");
}
}
/// <summary>
/// Create WAM Error Response
/// </summary>
/// <param name="authResult"></param>
/// <param name="authenticationRequestParameters"></param>
/// <param name="logger"></param>
/// <exception cref="MsalClientException"></exception>
/// <exception cref="MsalUiRequiredException"></exception>
/// <exception cref="MsalServiceException"></exception>
internal static void ThrowExceptionFromWamError(
NativeInterop.AuthResult authResult,
AuthenticationRequestParameters authenticationRequestParameters,
ICoreLogger logger)
{
MsalServiceException serviceException = null;
string internalErrorCode = authResult.Error.Tag.ToString(CultureInfo.InvariantCulture);
int errorCode = authResult.Error.ErrorCode;
string errorMessage;
switch ((ResponseStatus)authResult.Error.Status)
{
case ResponseStatus.UserCanceled:
logger.Error($"[WamBroker] {MsalError.AuthenticationCanceledError} {MsalErrorMessage.AuthenticationCanceled}");
throw new MsalClientException(MsalError.AuthenticationCanceledError, MsalErrorMessage.AuthenticationCanceled);
case ResponseStatus.InteractionRequired:
case ResponseStatus.AccountUnusable:
errorMessage =
$"{WamErrorPrefix} \n" +
$" Error Code: {errorCode} \n" +
$" Error Message: {authResult.Error.Context} \n" +
$" Internal Error Code: {internalErrorCode} \n";
logger.Error($"[WamBroker] {MsalError.FailedToAcquireTokenSilentlyFromBroker} {errorMessage}");
throw new MsalUiRequiredException(MsalError.FailedToAcquireTokenSilentlyFromBroker, errorMessage);
case ResponseStatus.IncorrectConfiguration:
case ResponseStatus.ApiContractViolation:
errorMessage =
$"{WamErrorPrefix} \n" +
$" Error Code: {errorCode} \n" +
$" Error Message: {authResult.Error.Status} \n" +
$" WAM Error Message: {authResult.Error.Context} \n" +
$" Internal Error Code: {internalErrorCode} \n" +
$" Is Retryable: false \n" +
$" Possible causes: \n" +
$"- Invalid redirect uri - ensure you have configured the following url in the AAD portal App Registration: " +
$"{WamAdapters.GetExpectedRedirectUri(authenticationRequestParameters.AppConfig.ClientId)} \n" +
$"- No Internet connection \n" +
$"Please see https://aka.ms/msal-net-wam for details about Windows Broker integration";
logger.Error($"[WamBroker] WAM_provider_error_{errorCode} {errorMessage}");
serviceException = new MsalServiceException($"WAM_provider_error_{errorCode}", errorMessage);
serviceException.IsRetryable = false;
throw serviceException;
case ResponseStatus.NetworkTemporarilyUnavailable:
case ResponseStatus.NoNetwork:
case ResponseStatus.ServerTemporarilyUnavailable:
errorMessage =
$"{WamErrorPrefix} \n" +
$" Error Code: {errorCode} \n" +
$" Error Message: {authResult.Error.Status} \n" +
$" WAM Error Message: {authResult.Error.Context} \n" +
$" Internal Error Code: {internalErrorCode} \n" +
$" Is Retryable: true";
logger.Error($"[WamBroker] WAM_network_error_{errorCode} {errorMessage}");
serviceException = new MsalServiceException(errorCode.ToString(), errorMessage);
serviceException.IsRetryable = true;
throw serviceException;
default:
errorMessage = $"Unknown {authResult.Error} (error code {errorCode}) (internal error code {internalErrorCode})";
logger.Verbose($"[WamBroker] {MsalError.UnknownBrokerError} {errorMessage}");
throw new MsalServiceException(MsalError.UnknownBrokerError, errorMessage);
}
}