private static async Task<string> GetAccessToken() { string token = null; //first try to get the token silently WebAccountProvider aadAccountProvider = await WebAuthenticationCoreManager.FindAccountProviderAsync("https://login.windows.net"); WebTokenRequest webTokenRequest = new WebTokenRequest(aadAccountProvider, String.Empty, App.Current.Resources["ida:ClientID"].ToString(), WebTokenRequestPromptType.Default); webTokenRequest.Properties.Add("authority", "https://login.windows.net"); webTokenRequest.Properties.Add("resource", "https://outlook.office365.com/"); WebTokenRequestResult webTokenRequestResult = await WebAuthenticationCoreManager.GetTokenSilentlyAsync(webTokenRequest); if (webTokenRequestResult.ResponseStatus == WebTokenRequestStatus.Success) { WebTokenResponse webTokenResponse = webTokenRequestResult.ResponseData[0]; token = webTokenResponse.Token; } else if (webTokenRequestResult.ResponseStatus == WebTokenRequestStatus.UserInteractionRequired) { //get token through prompt webTokenRequest = new WebTokenRequest(aadAccountProvider, String.Empty, App.Current.Resources["ida:ClientID"].ToString(), WebTokenRequestPromptType.ForceAuthentication); webTokenRequest.Properties.Add("authority", "https://login.windows.net"); webTokenRequest.Properties.Add("resource", "https://outlook.office365.com/"); webTokenRequestResult = await WebAuthenticationCoreManager.RequestTokenAsync(webTokenRequest); if (webTokenRequestResult.ResponseStatus == WebTokenRequestStatus.Success) { WebTokenResponse webTokenResponse = webTokenRequestResult.ResponseData[0]; token = webTokenResponse.Token; } } return token; }
public async Task ATI_WithPicker_MsaPt_NoTransferToken_Async() { string homeAccId = $"{TestConstants.Uid}.{TestConstants.Utid}"; // Arrange using (var harness = CreateTestHarness()) { var requestParams = harness.CreateAuthenticationRequestParameters( TestConstants.AuthorityHomeTenant); // msa-pt scenario requestParams.AppConfig.IsMsaPassthrough = true; var accountPicker = Substitute.For <IAccountPicker>(); _accountPickerFactory.Create(Arg.Any <IntPtr>(), null, null, null, false).ReturnsForAnyArgs(accountPicker); var msaProvider = new WebAccountProvider("msa", "*****@*****.**", null); accountPicker.DetermineAccountInteractivelyAsync().Returns(Task.FromResult(msaProvider)); // AAD plugin + consumer provider = Guest MSA-PT scenario _webAccountProviderFactory.IsConsumerProvider(msaProvider).Returns(true); _msaPassthroughHandler.TryFetchTransferTokenAsync(requestParams, msaProvider) .Returns(Task.FromResult <string>(null)); var aadProvider = new WebAccountProvider("aad", "*****@*****.**", null); _webAccountProviderFactory.GetAccountProviderAsync("home").Returns(aadProvider); // make sure the final request is done with the AAD provider var webTokenRequest = new WebTokenRequest(aadProvider); _aadPlugin.CreateWebTokenRequestAsync( aadProvider, requestParams, isForceLoginPrompt: true, // it is important to force prompt if a transfer token was not obtained isInteractive: true, isAccountInWam: false) .Returns(Task.FromResult(webTokenRequest)); var webTokenResponseWrapper = Substitute.For <IWebTokenRequestResultWrapper>(); webTokenResponseWrapper.ResponseStatus.Returns(WebTokenRequestStatus.Success); var webTokenResponse = new WebTokenResponse(); webTokenResponseWrapper.ResponseData.Returns(new List <WebTokenResponse>() { webTokenResponse }); _wamProxy.RequestTokenForWindowAsync(Arg.Any <IntPtr>(), webTokenRequest). Returns(Task.FromResult(webTokenResponseWrapper)); _aadPlugin.ParseSuccessfullWamResponse(webTokenResponse, out _).Returns(_msalTokenResponse); var atiParams = new AcquireTokenInteractiveParameters(); atiParams.Prompt = Prompt.SelectAccount; // Act var result = await _wamBroker.AcquireTokenInteractiveAsync(requestParams, atiParams) .ConfigureAwait(false); // Assert Assert.AreSame(_msalTokenResponse, result); Assert.AreEqual("select_account", webTokenRequest.Properties["prompt"]); _msaPassthroughHandler.Received(1).AddTransferTokenToRequest(webTokenRequest, null); } }
async public void acquireTokenSilentAsync( String authority, bool validateAuthority, String resourceUrl, String clientId, String userId, IPromise promise) { WebAccountProvider authContext; try { authContext = await getOrCreateContext(authority); } catch (Exception ex) { promise.Reject(ex); return; } try { WebAccount account = await TryGetUserAccount(authContext); WebTokenRequest wtr = new WebTokenRequest(authContext, "", clientId, WebTokenRequestPromptType.Default); wtr.Properties.Add("resource", resourceUrl); WebTokenRequestResult wtrr; if (account != null) { wtrr = await WebAuthenticationCoreManager.GetTokenSilentlyAsync(wtr, account); } else { wtrr = await WebAuthenticationCoreManager.GetTokenSilentlyAsync(wtr); } if (wtrr.ResponseStatus == WebTokenRequestStatus.Success) { WebTokenResponse response = wtrr.ResponseData[0]; // use case insensitive prop names as keys (i.e. upn = UPN) var props = new Dictionary <string, string>(response.Properties, StringComparer.OrdinalIgnoreCase); AuthenticationResult result = new AuthenticationResult(response.Token, props); promise.Resolve(result); } else { promise.Reject($"{wtrr.ResponseError.ErrorCode}", new Exception(wtrr.ResponseError.ErrorMessage)); } } catch (Exception ex) { promise.Reject(ex); return; } }
internal static void AddMsalParamsToRequest( AuthenticationRequestParameters authenticationRequestParameters, WebTokenRequest webTokenRequest) { AddExtraParamsToRequest(webTokenRequest, authenticationRequestParameters.ExtraQueryParameters); AddAuthorityParamToRequest(authenticationRequestParameters, webTokenRequest); AddPOPParamsToRequest(webTokenRequest); }
public async Task <WebTokenRequest> CreateWebTokenRequestAsync( WebAccountProvider provider, AuthenticationRequestParameters authenticationRequestParameters, bool isForceLoginPrompt, bool isInteractive, bool isAccountInWam) { bool setLoginHint = false; bool addNewAccount = false; string loginHint = authenticationRequestParameters.LoginHint ?? authenticationRequestParameters.Account?.Username; if (isInteractive && !isAccountInWam) { if (!string.IsNullOrEmpty(loginHint)) { setLoginHint = true; } else { addNewAccount = !(await _webAccountProviderFactory.IsDefaultAccountMsaAsync().ConfigureAwait(false)); } } var promptType = (setLoginHint || addNewAccount || (isForceLoginPrompt && isInteractive)) ? WebTokenRequestPromptType.ForceAuthentication : WebTokenRequestPromptType.Default; string scopes = ScopeHelper.GetMsalScopes(authenticationRequestParameters.Scope).AsSingleString(); WebTokenRequest request = new WebTokenRequest( provider, scopes, authenticationRequestParameters.AppConfig.ClientId, promptType); if (addNewAccount || setLoginHint) { request.Properties.Add("Client_uiflow", "new_account"); // launch add account flow if (setLoginHint) { request.Properties.Add("LoginHint", loginHint); // prefill username } } AddV2Properties(request); if (ApiInformation.IsPropertyPresent("Windows.Security.Authentication.Web.Core.WebTokenRequest", "CorrelationId")) { request.CorrelationId = authenticationRequestParameters.CorrelationId.ToString(); } else { _logger.Warning("[WAM MSA Plugin] Could not add the correlation ID to the request."); } return(request); }
public async void AuthenticateWithRequestToken( String WebAccountProviderID, String Authority, String Scope, String ClientID, String TokenBindingTarget, String RequestProperties) { try { // //create webTokenRequest with ProviderID, Scope, ClientId // DebugPrint("creating the webAccountProviderID"); WebAccountProvider provider = null; if (String.IsNullOrEmpty(Authority)) { DebugPrint("calling FindAccountProviderAsync..."); provider = await WebAuthenticationCoreManager.FindAccountProviderAsync(WebAccountProviderID); } else { DebugPrint("calling FindAccountProviderWithAuthorityAsync..."); provider = await WebAuthenticationCoreManager.FindAccountProviderAsync( WebAccountProviderID, Authority); } DebugPrint("Provider Id: " + provider.Id); DebugPrint("Provider DisplayName: " + provider.DisplayName); WebTokenRequestPromptType prompt = ForceUiCheckBox.IsChecked.Value ? WebTokenRequestPromptType.ForceAuthentication : WebTokenRequestPromptType.Default; WebTokenRequest webTokenRequest = new WebTokenRequest( provider, Scope, ClientID, prompt); // // add properties to the tokenrequest if the IDP plugin requires // AddRequestProperties(RequestProperties, webTokenRequest); DebugPrint("Call RequestTokenAsync"); WebTokenRequestResult webTokenRequestResult = await WebAuthenticationCoreManager.RequestTokenAsync(webTokenRequest); HandleResult(webTokenRequestResult); } catch (Exception ex) { DebugPrint("RequestToken failed: " + ex.Message); } }
private async Task <IWebTokenRequestResultWrapper> AcquireInteractiveWithoutPickerAsync( AuthenticationRequestParameters authenticationRequestParameters, Prompt prompt, IWamPlugin wamPlugin, WebAccountProvider provider, WebAccount wamAccount) { bool isForceLoginPrompt = IsForceLoginPrompt(prompt); WebTokenRequest webTokenRequest = await wamPlugin.CreateWebTokenRequestAsync( provider, authenticationRequestParameters, isForceLoginPrompt : isForceLoginPrompt, isInteractive : true, isAccountInWam : true) .ConfigureAwait(false); if (isForceLoginPrompt && ApiInformation.IsApiContractPresent("Windows.Foundation.UniversalApiContract", 6)) { // this feature works correctly since windows RS4, aka 1803 with the AAD plugin only! webTokenRequest.Properties["prompt"] = prompt.PromptValue; } AddCommonParamsToRequest(authenticationRequestParameters, webTokenRequest); try { #if WINDOWS_APP // UWP requires being on the UI thread await _synchronizationContext; #endif IWebTokenRequestResultWrapper wamResult; if (wamAccount != null) { wamResult = await _wamProxy.RequestTokenForWindowAsync( _parentHandle, webTokenRequest, wamAccount).ConfigureAwait(false); } else { // default user wamResult = await _wamProxy.RequestTokenForWindowAsync( _parentHandle, webTokenRequest).ConfigureAwait(false); } return(wamResult); } catch (Exception ex) { _logger.ErrorPii(ex); throw new MsalServiceException( MsalError.WamInteractiveError, "AcquireTokenInteractive without picker failed. See inner exception for details. ", ex); } }
public async Task <MsalTokenResponse> AcquireTokenSilentAsync( AuthenticationRequestParameters authenticationRequestParameters, AcquireTokenSilentParameters acquireTokenSilentParameters) { using (_logger.LogMethodDuration()) { // Important: MSAL will have already resolved the authority by now, // so we are not expecting "common" or "organizations" but a tenanted authority bool isMsa = IsMsaRequest( authenticationRequestParameters.Authority, null, IsMsaPassthrough(authenticationRequestParameters)); IWamPlugin wamPlugin = isMsa ? _msaPlugin : _aadPlugin; WebAccountProvider provider; if (isMsa) { provider = await _webAccountProviderFactory.GetAccountProviderAsync("consumers").ConfigureAwait(false); } else { provider = await _webAccountProviderFactory.GetAccountProviderAsync(authenticationRequestParameters.Authority.AuthorityInfo.CanonicalAuthority) .ConfigureAwait(false); } WebAccount webAccount = await FindWamAccountForMsalAccountAsync( provider, wamPlugin, authenticationRequestParameters.Account, null, // ATS requires an account object, login_hint is not supported on its own authenticationRequestParameters.ClientId).ConfigureAwait(false); if (webAccount == null) { throw new MsalUiRequiredException( MsalError.InteractionRequired, "Could not find a WAM account for the silent request."); } WebTokenRequest webTokenRequest = await wamPlugin.CreateWebTokenRequestAsync( provider, authenticationRequestParameters, isForceLoginPrompt : false, isAccountInWam : true, isInteractive : false) .ConfigureAwait(false); AddCommonParamsToRequest(authenticationRequestParameters, webTokenRequest); var wamResult = await _wamProxy.GetTokenSilentlyAsync(webAccount, webTokenRequest).ConfigureAwait(false); return(CreateMsalTokenResponse(wamResult, wamPlugin, isInteractive: false)); } }
public async Task ATS_AccountMatchingInWAM_MatchingHomeAccId_Async() { string homeAccId = $"{TestConstants.Uid}.{TestConstants.Utid}"; // Arrange using (var harness = CreateTestHarness()) { var wamAccountProvider = new WebAccountProvider("id", "*****@*****.**", null); var requestParams = harness.CreateAuthenticationRequestParameters(TestConstants.AuthorityConsumerTidTenant); // MSA var webAccount = new WebAccount(wamAccountProvider, "*****@*****.**", WebAccountState.Connected); IReadOnlyList <WebAccount> webAccounts = new List <WebAccount>() { webAccount }; var webTokenRequest = new WebTokenRequest(wamAccountProvider); var webTokenResponseWrapper = Substitute.For <IWebTokenRequestResultWrapper>(); webTokenResponseWrapper.ResponseStatus.Returns(WebTokenRequestStatus.Success); var webTokenResponse = new WebTokenResponse(); webTokenResponseWrapper.ResponseData.Returns(new List <WebTokenResponse>() { webTokenResponse }); _wamProxy.FindAllWebAccountsAsync(wamAccountProvider, TestConstants.ClientId).Returns(Task.FromResult(webAccounts)); // WAM can give MSAL the home account ID of a Wam account, which MSAL matches to a WAM account _msaPlugin.GetHomeAccountIdOrNull(webAccount).Returns(homeAccId); _msaPlugin.CreateWebTokenRequestAsync( wamAccountProvider, requestParams, isForceLoginPrompt: false, isAccountInWam: true, isInteractive: false) .Returns(Task.FromResult(webTokenRequest)); requestParams.Account = new Account( homeAccId, // matching in on home acc id "*****@*****.**", // matching is not on UPN null); // account does not have wam_id, might be coming directly from WAM var atsParams = new AcquireTokenSilentParameters(); _webAccountProviderFactory.GetAccountProviderAsync(null).ReturnsForAnyArgs(Task.FromResult(wamAccountProvider)); _wamProxy.GetTokenSilentlyAsync(webAccount, webTokenRequest). Returns(Task.FromResult(webTokenResponseWrapper)); _msaPlugin.ParseSuccesfullWamResponse(webTokenResponse).Returns(_msalTokenResponse); // Act var result = await _wamBroker.AcquireTokenSilentAsync(requestParams, atsParams).ConfigureAwait(false); // Assert Assert.AreSame(_msalTokenResponse, result); } }
public void TestWebAuthenticationCoreManager() { WebAccountProvider provider = new WebAccountProvider("id", "name", null); WebTokenRequest webTokenRequest = new WebTokenRequest(provider); Assert.Throws <ArgumentException>(() => WebAuthenticationCoreManagerInterop.RequestTokenForWindowAsync(new IntPtr(0), webTokenRequest)); var webAccount = new WebAccount(provider, "user name", 0); Assert.Throws <ArgumentException>(() => WebAuthenticationCoreManagerInterop.RequestTokenWithWebAccountForWindowAsync(new IntPtr(0), webTokenRequest, webAccount)); }
private static async Task AuthenticateWithRequestToken(WebAccountProvider provider, string scope, string clientId) { var tokenRequest = new WebTokenRequest(provider, scope, clientId, WebTokenRequestPromptType.ForceAuthentication); var result = await WebAuthenticationCoreManager.RequestTokenAsync(tokenRequest); if (result.ResponseStatus == WebTokenRequestStatus.Success) { DumpResponse(result.ResponseData[0]); } }
private async void GetMsaTokenAsync(WebAccountProviderCommand command) { WebTokenRequest request = new WebTokenRequest(command.WebAccountProvider, "wl.basic"); WebTokenRequestResult result = await WebAuthenticationCoreManager.RequestTokenAsync(request); if (result.ResponseStatus == WebTokenRequestStatus.Success) { string token = result.ResponseData[0].Token; } }
public async Task ATI_WithPicker_Async() { string homeAccId = $"{TestConstants.Uid}.{TestConstants.Utid}"; // Arrange using (var harness = CreateTestHarness()) { var requestParams = harness.CreateAuthenticationRequestParameters(TestConstants.AuthorityHomeTenant); // AAD requestParams.Account = new Account( $"{TestConstants.Uid}.{TestConstants.Utid}", TestConstants.DisplayableId, null, new Dictionary <string, string>() { { TestConstants.ClientId, "wam_id_1" } }); // account has wam_id! var accountPicker = Substitute.For <IAccountPicker>(); _accountPickerFactory.Create(Arg.Any <IntPtr>(), null, null, null, false).ReturnsForAnyArgs(accountPicker); var wamAccountProvider = new WebAccountProvider("id", "*****@*****.**", null); accountPicker.DetermineAccountInteractivelyAsync().Returns(Task.FromResult(wamAccountProvider)); var webTokenRequest = new WebTokenRequest(wamAccountProvider); _aadPlugin.CreateWebTokenRequestAsync( wamAccountProvider, requestParams, isForceLoginPrompt: true, isInteractive: true, isAccountInWam: false) .Returns(Task.FromResult(webTokenRequest)); var webTokenResponseWrapper = Substitute.For <IWebTokenRequestResultWrapper>(); webTokenResponseWrapper.ResponseStatus.Returns(WebTokenRequestStatus.Success); var webTokenResponse = new WebTokenResponse(); webTokenResponseWrapper.ResponseData.Returns(new List <WebTokenResponse>() { webTokenResponse }); _wamProxy.RequestTokenForWindowAsync(Arg.Any <IntPtr>(), webTokenRequest). Returns(Task.FromResult(webTokenResponseWrapper)); _aadPlugin.ParseSuccesfullWamResponse(webTokenResponse).Returns(_msalTokenResponse); var atiParams = new AcquireTokenInteractiveParameters(); // Act var result = await _wamBroker.AcquireTokenInteractiveAsync(requestParams, atiParams) .ConfigureAwait(false); // Assert Assert.AreSame(_msalTokenResponse, result); } }
async public void acquireTokenAsync( string authority, bool validateAuthority, string resourceUrl, string clientId, string redirectUrl, string userId, string extraQueryParams, IPromise promise) { WebAccountProvider authContext; try { authContext = await getOrCreateContext(authority); } catch (Exception ex) { promise.Reject(ex); return; } RunOnDispatcher(async() => { try { WebTokenRequest wtr = new WebTokenRequest(authContext, "", clientId, WebTokenRequestPromptType.Default); wtr.Properties.Add("resource", resourceUrl); WebTokenRequestResult wtrr = await WebAuthenticationCoreManager.RequestTokenAsync(wtr); // WebAccount userAccount; if (wtrr.ResponseStatus == WebTokenRequestStatus.Success) { WebTokenResponse response = wtrr.ResponseData[0]; var props = new Dictionary <string, string>(response.Properties); AuthenticationResult result = new AuthenticationResult(response.Token, props); promise.Resolve(result); } else { promise.Reject($"{wtrr.ResponseError.ErrorCode}", new Exception(wtrr.ResponseError.ErrorMessage)); } } catch (Exception ex) { promise.Reject(ex); return; } }); }
public Task <WebTokenRequest> CreateWebTokenRequestAsync(WebAccountProvider provider, string clientId, string scopes) { WebTokenRequest request = new WebTokenRequest( provider, scopes, clientId); request.Properties.Add("wam_compat", "2.0"); return(Task.FromResult(request)); }
internal static void AddMsalParamsToRequest( AuthenticationRequestParameters authenticationRequestParameters, WebTokenRequest webTokenRequest, string overridentAuthority = null) { AddExtraParamsToRequest(webTokenRequest, authenticationRequestParameters.ExtraQueryParameters); string authority = overridentAuthority ?? authenticationRequestParameters.UserConfiguredAuthority.AuthorityInfo.CanonicalAuthority; bool validate = authenticationRequestParameters.AuthorityInfo.ValidateAuthority; AddAuthorityParamToRequest(authority, validate, webTokenRequest);; }
private async Task <IWebTokenRequestResultWrapper> AcquireInteractiveWithWamAccountAsync( AuthenticationRequestParameters authenticationRequestParameters, Prompt msalPrompt, IWamPlugin wamPlugin, WebAccountProvider provider, WebAccount wamAccount) { WebTokenRequest webTokenRequest = await wamPlugin.CreateWebTokenRequestAsync( provider, authenticationRequestParameters, isForceLoginPrompt : false, isInteractive : true, isAccountInWam : true) .ConfigureAwait(false); // because of https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/2476 string differentAuthority = null; if (string.Equals(wamAccount?.WebAccountProvider?.Authority, Constants.OrganizationsTenant) && string.Equals(authenticationRequestParameters.Authority.TenantId, Constants.OrganizationsTenant)) { differentAuthority = authenticationRequestParameters.Authority.GetTenantedAuthority("common"); } WamAdapters.AddMsalParamsToRequest(authenticationRequestParameters, webTokenRequest, differentAuthority); try { IWebTokenRequestResultWrapper wamResult; if (wamAccount != null) { wamResult = await _wamProxy.RequestTokenForWindowAsync( _parentHandle, webTokenRequest, wamAccount).ConfigureAwait(false); } else { // default user wamResult = await _wamProxy.RequestTokenForWindowAsync( _parentHandle, webTokenRequest).ConfigureAwait(false); } return(wamResult); } catch (Exception ex) { _logger.ErrorPii(ex); throw new MsalServiceException( MsalError.WamInteractiveError, "AcquireTokenInteractive without picker failed. See inner exception for details. ", ex); } }
public Task <WebTokenRequest> CreateWebTokenRequestAsync(WebAccountProvider provider, string clientId, string scopes) { WebTokenRequest request = new WebTokenRequest( provider, scopes, clientId, WebTokenRequestPromptType.Default); AddV2Properties(request); return(Task.FromResult(request)); }
private static void AddTelemetryPropertiesToRequest(WebTokenRequest request, ICoreLogger logger) { if (s_telemetryHeaders == null) { s_telemetryHeaders = MsalIdHelper.GetMsalIdParameters(logger); } foreach (var kvp in s_telemetryHeaders) { request.Properties.Add(kvp); } }
public async Task <IWebTokenRequestResultWrapper> RequestTokenForWindowAsync( IntPtr _parentHandle, WebTokenRequest webTokenRequest) { #if WINDOWS_APP WebTokenRequestResult wamResult = await WebAuthenticationCoreManager.RequestTokenAsync(webTokenRequest); #else var wamResult = await WebAuthenticationCoreManagerInterop.RequestTokenForWindowAsync( _parentHandle, webTokenRequest); #endif return(new WebTokenRequestResultWrapper(wamResult)); }
private async void GetMsaTokenAsync(WebAccountProviderCommand command) { var request = new WebTokenRequest(command.WebAccountProvider, "wl.basic"); var result = await WebAuthenticationCoreManager.RequestTokenAsync(request); if (result.ResponseStatus == WebTokenRequestStatus.Success) { await DocumentManager.SetAccountAsync(result.ResponseData[0].WebAccount); await DocumentManager.LoadItemsAsync(); } }
private async Task <TokenAndSignatureResult> InternalGetTokenAndSignatureHelperAsync(string httpMethod, string url, string headers, byte[] body, bool promptForCredentialsIfNeeded, bool forceRefresh) { if (this.provider == null) { throw new Exception("Xbox Live identity provider is not initialized"); } var request = new WebTokenRequest(this.provider); request.Properties.Add("HttpMethod", httpMethod); request.Properties.Add("Url", url); if (!string.IsNullOrEmpty(headers)) { request.Properties.Add("RequestHeaders", headers); } if (forceRefresh) { request.Properties.Add("ForceRefresh", "true"); } if (body != null && body.Length > 0) { request.Properties.Add("RequestBody", Encoding.UTF8.GetString(body)); } request.Properties.Add("Target", this.AuthConfig.RPSTicketService); request.Properties.Add("Policy", this.AuthConfig.RPSTicketPolicy); if (promptForCredentialsIfNeeded) { string pfn = Windows.ApplicationModel.Package.Current.Id.FamilyName; request.Properties.Add("PackageFamilyName", pfn); } TokenAndSignatureResult tokenAndSignatureReturnResult = null; var tokenResult = await RequestTokenFromIdpAsync(promptForCredentialsIfNeeded, request); try { tokenAndSignatureReturnResult = this.ConvertWebTokenRequestResult(tokenResult); if (tokenAndSignatureReturnResult != null && this.IsSignedIn && tokenAndSignatureReturnResult.XboxUserId != this.XboxUserId) { this.UserSignedOut(); throw new Exception("User has switched"); // todo: auth_user_switched } } catch (Exception) { // log } return(tokenAndSignatureReturnResult); }
public async Task <MsalTokenResponse> AcquireTokenSilentDefaultUserAsync( AuthenticationRequestParameters authenticationRequestParameters, AcquireTokenSilentParameters acquireTokenSilentParameters) { using (_logger.LogMethodDuration()) { var defaultAccountProvider = await _webAccountProviderFactory.GetDefaultProviderAsync().ConfigureAwait(false); if (defaultAccountProvider == null) { throw new MsalUiRequiredException( MsalError.InteractionRequired, "A default account was not found"); } // special case: passthrough + default MSA account. Need to use the transfer token protocol. if (_wamOptions.MsaPassthrough && _webAccountProviderFactory.IsConsumerProvider(defaultAccountProvider)) { return(await AcquireTokenSilentDefaultUserPassthroughAsync(authenticationRequestParameters, defaultAccountProvider).ConfigureAwait(false)); } bool isMsa = await IsMsaRequestAsync( authenticationRequestParameters.Authority, null, _wamOptions.MsaPassthrough).ConfigureAwait(false); IWamPlugin wamPlugin = isMsa ? _msaPlugin : _aadPlugin; WebAccountProvider provider = await GetProviderAsync( authenticationRequestParameters.Authority.AuthorityInfo.CanonicalAuthority, isMsa).ConfigureAwait(false); WebTokenRequest webTokenRequest = await wamPlugin.CreateWebTokenRequestAsync( provider, authenticationRequestParameters, isForceLoginPrompt : false, isAccountInWam : false, isInteractive : false) .ConfigureAwait(false); WamAdapters.AddMsalParamsToRequest(authenticationRequestParameters, webTokenRequest, _logger); var wamResult = await _wamProxy.GetTokenSilentlyForDefaultAccountAsync(webTokenRequest).ConfigureAwait(false); return(WamAdapters.CreateMsalResponseFromWamResponse( wamResult, wamPlugin, authenticationRequestParameters.AppConfig.ClientId, _logger, isInteractive: false)); } }
private async Task <WebTokenRequestResult> SignInAsync(string resource) { var taskCompletionSource = new TaskCompletionSource <WebTokenRequestResult>(); TypedEventHandler <AccountsSettingsPane, AccountsSettingsPaneCommandsRequestedEventArgs> AccountCommandsRequestedHandler = null; AccountCommandsRequestedHandler = async(s, e) => { Debug.WriteLine("AccountCommandsRequestedHandler"); AccountsSettingsPane.GetForCurrentView().AccountCommandsRequested -= AccountCommandsRequestedHandler; // In order to make async calls within this callback, the deferral object is needed AccountsSettingsPaneEventDeferral deferral = e.GetDeferral(); if (deferral != null) { // The Microsoft account provider is always present in Windows 10 devices, even IoT Core, as is the Azure AD plugin. var providerCommand = new WebAccountProviderCommand(await GetProvider(), async(command) => { Debug.WriteLine("WebAccountProviderCommandInvokedHandler"); try { WebTokenRequest wtr = new WebTokenRequest(command.WebAccountProvider, _scope, _clientId); if (resource != null) { wtr.Properties.Add("resource", resource); } var wtrr = await RequestTokenWithTimeout(wtr); SaveToken(wtrr, resource); taskCompletionSource.SetResult(wtrr); } catch (Exception ex) { ServiceUtil.LogService.Write("Web Token Request Error: " + ex.Message, LoggingLevel.Error); taskCompletionSource.SetResult(null); } }); e.WebAccountProviderCommands.Add(providerCommand); deferral.Complete(); } }; AccountsSettingsPane.GetForCurrentView().AccountCommandsRequested += AccountCommandsRequestedHandler; await AccountsSettingsPane.ShowAddAccountAsync(); return(await taskCompletionSource.Task); }
public void AddTransferTokenToRequest() { // Arrange const string TransferToken = "transfer_token"; var provider = new WebAccountProvider("id", "*****@*****.**", null); WebTokenRequest request = new WebTokenRequest(provider, "scope", "client_id"); // Act _msaPassthroughHandler.AddTransferTokenToRequest(request, TransferToken); // Assert Assert.AreEqual(TransferToken, request.Properties["SamlAssertion"]); Assert.AreEqual("SAMLV1", request.Properties["SamlAssertionType"]); }
private async Task <WebTokenRequestResult> RequestTokenWithTimeout(WebTokenRequest request) { // The WebTokenRequest will time out if the user does not complete in time. // This is because there is currently no 'close' button on IoT Core, so it // will prevent users from getting stuck on the sign-in page forever. var requestOperation = WebAuthenticationCoreManager.RequestTokenAsync(request); var delay = Task.Delay(TimeSpan.FromSeconds(DialogTimeoutSeconds)); ServiceUtil.LogService.Write("Calling WebAuthenticationCoreManager.RequestTokenAsync()..."); var taskResult = await Task.WhenAny(delay, requestOperation.AsTask()); if (requestOperation.Status == AsyncStatus.Started) { requestOperation.Cancel(); } ServiceUtil.LogService.Write("WebTokenRequestAsync.Status: " + Enum.GetName(typeof(AsyncStatus), requestOperation.Status)); if (taskResult == delay) { ServiceUtil.LogService.Write("MSA dialog timeout"); return(null); } var tokenResult = requestOperation.GetResults(); ServiceUtil.LogService.Write("WebTokenRequestResult: " + Enum.GetName(typeof(WebTokenRequestStatus), tokenResult.ResponseStatus)); if (tokenResult != null) { switch (tokenResult.ResponseStatus) { case WebTokenRequestStatus.Success: ServiceUtil.LogService.Write("Successfully signed in! " + tokenResult.ResponseData[0].WebAccount.UserName); _appSettings.Values[_userIdKey] = tokenResult.ResponseData[0].WebAccount.Id; break; default: ServiceUtil.LogService.Write("ResponseStatus: " + Enum.GetName(typeof(WebTokenRequestStatus), tokenResult.ResponseStatus), LoggingLevel.Error); if (tokenResult.ResponseError != null) { ServiceUtil.LogService.Write("Error code: " + tokenResult.ResponseError.ErrorCode, LoggingLevel.Error); ServiceUtil.LogService.Write("Error message: " + tokenResult.ResponseError.ErrorMessage, LoggingLevel.Error); } break; } } return(tokenResult); }
public Task <WebTokenRequest> CreateWebTokenRequestAsync( WebAccountProvider provider, AuthenticationRequestParameters authenticationRequestParameters, bool isForceLoginPrompt, bool isInteractive, bool isAccountInWam, string scopeOverride = null) { string loginHint = !string.IsNullOrEmpty(authenticationRequestParameters.LoginHint) ? authenticationRequestParameters.LoginHint : authenticationRequestParameters.Account?.Username; bool setLoginHint = isInteractive && !isAccountInWam && !string.IsNullOrEmpty(loginHint); var wamPrompt = setLoginHint || (isInteractive && isForceLoginPrompt) ? WebTokenRequestPromptType.ForceAuthentication : WebTokenRequestPromptType.Default; WebTokenRequest request = new WebTokenRequest( provider, scopeOverride ?? ScopeHelper.GetMsalScopes(authenticationRequestParameters.Scope).AsSingleString(), authenticationRequestParameters.AppConfig.ClientId, wamPrompt); if (setLoginHint) { request.Properties.Add("LoginHint", authenticationRequestParameters.LoginHint); } request.Properties.Add("wam_compat", "2.0"); if (ApiInformation.IsPropertyPresent("Windows.Security.Authentication.Web.Core.WebTokenRequest", "CorrelationId")) { LegacyOsWamProxy.SetCorrelationId(request, authenticationRequestParameters.CorrelationId.ToString()); } else { request.Properties.Add("correlationId", authenticationRequestParameters.CorrelationId.ToString()); } if (!string.IsNullOrEmpty(authenticationRequestParameters.ClaimsAndClientCapabilities)) { request.Properties.Add("claims", authenticationRequestParameters.ClaimsAndClientCapabilities); } return(Task.FromResult(request)); }
/// <summary> /// Purges token cache. Can be useful if user revoked consent (on https://account.live.com/consent/Manage) /// and cached tickets get rejected by the Groove API. /// </summary> public async Task PurgeTokenCache() { WebAccount currentAccount = await GetCurrentAccountAsync(); if (currentAccount != null) { foreach (string scope in new[] { ProfileScope, GrooveApiScope, $"{ProfileScope} {GrooveApiScope}" }) { WebTokenRequest request = new WebTokenRequest(currentAccount.WebAccountProvider, scope); WebTokenRequestResult result = await WebAuthenticationCoreManager.GetTokenSilentlyAsync(request, currentAccount); await result.InvalidateCacheAsync(); } } }
internal static void AddMsalParamsToRequest( AuthenticationRequestParameters authenticationRequestParameters, WebTokenRequest webTokenRequest, ICoreLogger logger, string overridenAuthority = null) { AddExtraParamsToRequest(webTokenRequest, authenticationRequestParameters.ExtraQueryParameters); string authority = overridenAuthority ?? authenticationRequestParameters.AuthorityManager.OriginalAuthority.AuthorityInfo.CanonicalAuthority; bool validate = authenticationRequestParameters.AuthorityInfo.ValidateAuthority; AddAuthorityParamToRequest(authority, validate, webTokenRequest); AddTelemetryPropertiesToRequest(webTokenRequest, logger); }
private async Task <IWebTokenRequestResultWrapper> AcquireInteractiveWithoutPickerAsync( AuthenticationRequestParameters authenticationRequestParameters, Prompt msalPrompt, IWamPlugin wamPlugin, WebAccountProvider provider, WebAccount wamAccount) { bool isForceLoginPrompt = IsForceLoginPrompt(msalPrompt); WebTokenRequest webTokenRequest = await wamPlugin.CreateWebTokenRequestAsync( provider, authenticationRequestParameters, isForceLoginPrompt : isForceLoginPrompt, isInteractive : true, isAccountInWam : true) .ConfigureAwait(false); AddPromptToRequest(msalPrompt, isForceLoginPrompt, webTokenRequest); WamAdapters.AddMsalParamsToRequest(authenticationRequestParameters, webTokenRequest); try { IWebTokenRequestResultWrapper wamResult; if (wamAccount != null) { wamResult = await _wamProxy.RequestTokenForWindowAsync( _parentHandle, webTokenRequest, wamAccount).ConfigureAwait(false); } else { // default user wamResult = await _wamProxy.RequestTokenForWindowAsync( _parentHandle, webTokenRequest).ConfigureAwait(false); } return(wamResult); } catch (Exception ex) { _logger.ErrorPii(ex); throw new MsalServiceException( MsalError.WamInteractiveError, "AcquireTokenInteractive without picker failed. See inner exception for details. ", ex); } }
/// <summary> /// Gets an auth token for the user, which can be used to call the Microsoft Graph API. /// </summary> private async Task <string> GetTokenAsync() { var provider = await GetAadProviderAsync(); var request = new WebTokenRequest(provider, "User.Read", AccountClientId); request.Properties.Add("resource", "https://graph.microsoft.com"); var result = await WebAuthenticationCoreManager.GetTokenSilentlyAsync(request); if (result.ResponseStatus != WebTokenRequestStatus.Success) { result = await WebAuthenticationCoreManager.RequestTokenAsync(request); } return(result.ResponseStatus == WebTokenRequestStatus.Success ? result.ResponseData[0].Token : null); }
public async Task<string> GetTokenAsync() { var webAccount = await GetWebAccount(); if (webAccount == null) { return null; } var request = new WebTokenRequest(webAccount.WebAccountProvider, tokenScope); var result = await WebAuthenticationCoreManager.GetTokenSilentlyAsync(request, webAccount); if (result.ResponseStatus == WebTokenRequestStatus.Success) { return result.ResponseData[0].Token; } return null; }
/// <summary> /// Restituisce l'access Token per le Graph APIs /// </summary> public static async Task<string> GetTokenAsync() { WebAccount userAccount = null; WebAccountProvider aadAccountProvider = await WebAuthenticationCoreManager.FindAccountProviderAsync("https://login.microsoft.com", authority); WebTokenRequest webTokenRequest = new WebTokenRequest(aadAccountProvider, string.Empty, clientId, WebTokenRequestPromptType.ForceAuthentication); webTokenRequest.Properties.Add("resource", ResourceUrl); WebTokenRequestResult webTokenRequestResult = await WebAuthenticationCoreManager.RequestTokenAsync(webTokenRequest); if (webTokenRequestResult.ResponseStatus == WebTokenRequestStatus.Success) { WebTokenResponse webTokenResponse = webTokenRequestResult.ResponseData[0]; userAccount = webTokenResponse.WebAccount; return webTokenResponse.Token; } return null; }
private async void MainPage_OnLoaded(object sender, RoutedEventArgs e) { //var redirect = GetAppRedirectURI(); try { WebAccountProvider wap = await WebAuthenticationCoreManager.FindAccountProviderAsync("https://login.microsoft.com", _authority); WebTokenRequest wtr = new WebTokenRequest(wap, string.Empty, _clientId); wtr.Properties.Add("resource", _resource); WebTokenRequestResult wtrr = await WebAuthenticationCoreManager.RequestTokenAsync(wtr); if (wtrr.ResponseStatus == WebTokenRequestStatus.Success) _accessToken = wtrr.ResponseData[0].Token; } catch (Exception ex) { ShowException(ex); } }
public static async Task<string> GetAccessToken() { string token = null; //first try to get the token silently WebAccountProvider aadAccountProvider = await WebAuthenticationCoreManager.FindAccountProviderAsync("https://login.windows.net"); WebTokenRequest webTokenRequest = new WebTokenRequest(aadAccountProvider, String.Empty, clientId, WebTokenRequestPromptType.Default); webTokenRequest.Properties.Add("authority", "https://login.windows.net"); webTokenRequest.Properties.Add("resource", ResourceUrl); WebTokenRequestResult webTokenRequestResult = await WebAuthenticationCoreManager.GetTokenSilentlyAsync(webTokenRequest); //if (webTokenRequestResult.ResponseStatus == WebTokenRequestStatus.Success) //{ // WebTokenResponse webTokenResponse = webTokenRequestResult.ResponseData[0]; // userAccount = webTokenResponse.WebAccount; // token = webTokenResponse.Token; //} // else if (webTokenRequestResult.ResponseStatus == WebTokenRequestStatus.UserInteractionRequired) // { //get token through prompt webTokenRequest = new WebTokenRequest(aadAccountProvider, String.Empty, clientId, WebTokenRequestPromptType.ForceAuthentication); webTokenRequest.Properties.Add("authority", "https://login.windows.net"); webTokenRequest.Properties.Add("resource", ResourceUrl); webTokenRequestResult = await WebAuthenticationCoreManager.RequestTokenAsync(webTokenRequest); if (webTokenRequestResult.ResponseStatus == WebTokenRequestStatus.Success) { WebTokenResponse webTokenResponse = webTokenRequestResult.ResponseData[0]; token = webTokenResponse.Token; userAccount = webTokenResponse.WebAccount; } // } if (userAccount != null) { // save user ID in local storage _settings.Values["userID"] = userAccount.Id; _settings.Values["userEmail"] = userAccount.UserName; _settings.Values["userName"] = userAccount.Properties["DisplayName"]; } return token; }
// Get an access token for the given context and resourceId. An attempt is first made to // acquire the token silently. If that fails, then we try to acquire the token by prompting the user. public static async Task<string> GetTokenHelperAsync(WebAccountProvider accountProvider, string resourceId) { string token = null; WebAccountProvider aadAccountProvider; if (accountProvider != null) { aadAccountProvider = accountProvider; } else { aadAccountProvider = await WebAuthenticationCoreManager.FindAccountProviderAsync( AccountProviderId, Authority); } // Check if there's a record of the last account used with the app. var userID = settings.Values["userID"]; WebTokenRequest webTokenRequest = new WebTokenRequest(aadAccountProvider, string.Empty, clientId); webTokenRequest.Properties.Add("resource", resourceId); WebTokenRequestResult webTokenRequestResult; if (userID != null) { // Get an account object for the user. userAccount = await WebAuthenticationCoreManager.FindAccountAsync(aadAccountProvider, (string)userID); // Ensure that the saved account works for getting the token we need. webTokenRequestResult = await WebAuthenticationCoreManager.GetTokenSilentlyAsync(webTokenRequest, userAccount); } else { webTokenRequestResult = await WebAuthenticationCoreManager.RequestTokenAsync(webTokenRequest); } if (webTokenRequestResult.ResponseStatus == WebTokenRequestStatus.Success || webTokenRequestResult.ResponseStatus == WebTokenRequestStatus.AccountSwitch) { WebTokenResponse webTokenResponse = webTokenRequestResult.ResponseData[0]; userAccount = webTokenResponse.WebAccount; token = webTokenResponse.Token; // We succeeded in getting a valid user. if (userAccount != null) { // Save user ID in local storage. settings.Values["userID"] = userAccount.Id; settings.Values["userEmail"] = userAccount.UserName; settings.Values["userName"] = userAccount.Properties["DisplayName"]; } return token; } else if (webTokenRequestResult.ResponseStatus == WebTokenRequestStatus.UserInteractionRequired) { webTokenRequest = new WebTokenRequest(aadAccountProvider, string.Empty, clientId, WebTokenRequestPromptType.ForceAuthentication); webTokenRequest.Properties.Add("resource", resourceId); //get token through prompt if (userID != null) { // Ensure that the saved account works for getting the token we need. webTokenRequestResult = await WebAuthenticationCoreManager.RequestTokenAsync(webTokenRequest, userAccount); } else { webTokenRequestResult = await WebAuthenticationCoreManager.RequestTokenAsync(webTokenRequest); } if (webTokenRequestResult.ResponseStatus == WebTokenRequestStatus.Success) { WebTokenResponse webTokenResponse = webTokenRequestResult.ResponseData[0]; userAccount = webTokenResponse.WebAccount; currentToken = webTokenResponse.Token; if (userAccount != null) { // Save user ID in local storage. settings.Values["userID"] = userAccount.Id; settings.Values["userEmail"] = userAccount.UserName; settings.Values["userName"] = userAccount.Properties["DisplayName"]; } return token; } else { // The saved account could not be used for getting a token. // Make sure that the UX is ready for a new sign in. await SignOutAsync(); return null; } } else { // The saved account could not be used for getting a token. // Make sure that the UX is ready for a new sign in. await SignOutAsync(); return null; } }
// Get an access token for the given context and resourceId. An attempt is first made to // acquire the token silently. If that fails, then we try to acquire the token by prompting the user. public static async Task<string> GetTokenHelperAsync() { string token = null; aadAccountProvider = await WebAuthenticationCoreManager.FindAccountProviderAsync("https://login.microsoft.com", authority); // Check if there's a record of the last account used with the app. var userID = _settings.Values["userID"]; if (userID != null) { WebTokenRequest webTokenRequest = new WebTokenRequest(aadAccountProvider, string.Empty, clientId); webTokenRequest.Properties.Add("resource", ResourceUrl); // Get an account object for the user. userAccount = await WebAuthenticationCoreManager.FindAccountAsync(aadAccountProvider, (string)userID); // Ensure that the saved account works for getting the token we need. WebTokenRequestResult webTokenRequestResult = await WebAuthenticationCoreManager.RequestTokenAsync(webTokenRequest, userAccount); if (webTokenRequestResult.ResponseStatus == WebTokenRequestStatus.Success || webTokenRequestResult.ResponseStatus == WebTokenRequestStatus.AccountSwitch) { WebTokenResponse webTokenResponse = webTokenRequestResult.ResponseData[0]; userAccount = webTokenResponse.WebAccount; token = webTokenResponse.Token; } else { // The saved account could not be used for getting a token. // Make sure that the UX is ready for a new sign in. SignOut(); } } else { // There is no recorded user. Start a sign-in flow without imposing a specific account. WebTokenRequest webTokenRequest = new WebTokenRequest(aadAccountProvider, string.Empty, clientId, WebTokenRequestPromptType.ForceAuthentication); webTokenRequest.Properties.Add("resource", ResourceUrl); WebTokenRequestResult webTokenRequestResult = await WebAuthenticationCoreManager.RequestTokenAsync(webTokenRequest); if (webTokenRequestResult.ResponseStatus == WebTokenRequestStatus.Success) { WebTokenResponse webTokenResponse = webTokenRequestResult.ResponseData[0]; userAccount = webTokenResponse.WebAccount; token = webTokenResponse.Token; } } // We succeeded in getting a valid user. if (userAccount != null) { // Save user ID in local storage. _settings.Values["userID"] = userAccount.Id; _settings.Values["userEmail"] = userAccount.UserName; _settings.Values["userName"] = userAccount.Properties["DisplayName"]; return token; } // We didn't succeed in getting a valid user. Clear the app settings so that another user can sign in. else { SignOut(); return null; } }
private async Task RequestTokenAndSaveAccount(WebAccountProvider Provider, String Scope, String ClientID) { try { WebTokenRequest webTokenRequest = new WebTokenRequest(Provider, Scope, ClientID); rootPage.NotifyUser("Requesting Web Token", NotifyType.StatusMessage); // If the user selected a specific account, RequestTokenAsync will return a token for that account. // The user may be prompted for credentials or to authorize using that account with your app // If the user selected a provider, the user will be prompted for credentials to login to a new account WebTokenRequestResult webTokenRequestResult = await WebAuthenticationCoreManager.RequestTokenAsync(webTokenRequest); // If a token was successfully returned, then store the WebAccount Id into local app data // This Id can be used to retrieve the account whenever needed. To later get a token with that account // First retrieve the account with FindAccountAsync, and include that webaccount // as a parameter to RequestTokenAsync or RequestTokenSilentlyAsync if (webTokenRequestResult.ResponseStatus == WebTokenRequestStatus.Success) { ApplicationData.Current.LocalSettings.Values.Remove(StoredAccountKey); ApplicationData.Current.LocalSettings.Values[StoredAccountKey] = webTokenRequestResult.ResponseData[0].WebAccount.Id; } OutputTokenResult(webTokenRequestResult); } catch (Exception ex) { rootPage.NotifyUser("Web Token request failed: " + ex.Message, NotifyType.ErrorMessage); } }
public static async Task<string> TryAuthenticateSilentlyAsync() { try { var redir = GetAppRedirectURI(); var aadAccountProvider = await WebAuthenticationCoreManager.FindAccountProviderAsync( AccountProviderId, Authority); // Check if there's a record of the last account used with the app. var userID = settings.Values["userID"]; WebTokenRequest webTokenRequest = new WebTokenRequest(aadAccountProvider, string.Empty, clientId); webTokenRequest.Properties.Add("resource", GraphResourceId); WebTokenRequestResult webTokenRequestResult; if (userID != null) { // Get an account object for the user. userAccount = await WebAuthenticationCoreManager.FindAccountAsync( aadAccountProvider, (string)userID); // Ensure that the saved account works for getting the token we need. webTokenRequestResult = await WebAuthenticationCoreManager.GetTokenSilentlyAsync(webTokenRequest, userAccount); } else { webTokenRequestResult = await WebAuthenticationCoreManager.GetTokenSilentlyAsync(webTokenRequest); } if (webTokenRequestResult.ResponseStatus == WebTokenRequestStatus.Success || webTokenRequestResult.ResponseStatus == WebTokenRequestStatus.AccountSwitch) { WebTokenResponse webTokenResponse = webTokenRequestResult.ResponseData[0]; userAccount = webTokenResponse.WebAccount; currentToken = webTokenResponse.Token; if (userAccount != null) { // Save user ID in local storage. settings.Values["userID"] = userAccount.Id; settings.Values["userEmail"] = userAccount.UserName; settings.Values["userName"] = userAccount.Properties["DisplayName"]; } return currentToken; } else // Dont want to log during launch !! //if (webTokenRequestResult.ResponseStatus == WebTokenRequestStatus.UserInteractionRequired) //{ // webTokenRequest = new WebTokenRequest(aadAccountProvider, string.Empty, clientId, WebTokenRequestPromptType.ForceAuthentication); // webTokenRequest.Properties.Add("resource", GraphResourceId); // //get token through prompt // if (userID != null) // { // // Ensure that the saved account works for getting the token we need. // webTokenRequestResult = await WebAuthenticationCoreManager.RequestTokenAsync(webTokenRequest, userAccount); // } // else // { // webTokenRequestResult = await WebAuthenticationCoreManager.RequestTokenAsync(webTokenRequest); // } // if (webTokenRequestResult.ResponseStatus == WebTokenRequestStatus.Success) // { // WebTokenResponse webTokenResponse = webTokenRequestResult.ResponseData[0]; // userAccount = webTokenResponse.WebAccount; // currentToken = webTokenResponse.Token; // if (userAccount != null) // { // // Save user ID in local storage. // settings.Values["userID"] = userAccount.Id; // settings.Values["userEmail"] = userAccount.UserName; // settings.Values["userName"] = userAccount.Properties["DisplayName"]; // } // return true; // } // else // { // // The saved account could not be used for getting a token. // // Make sure that the UX is ready for a new sign in. // await SignOutAsync(); // return false; // } //} { // The saved account could not be used for getting a token. // Make sure that the UX is ready for a new sign in. await SignOutAsync(); return null; } } catch (Exception) { await SignOutAsync(); return null; } }
private async void OnLoaded(object sender, RoutedEventArgs e) { try { #if ADAL // Ok, to use async () here as ctor takes a Func<Task<string>> _client = new ActiveDirectoryClient(new Uri($"{Resource}/{tenant}"), async () => { var auth = await GetAuthAsync(); return auth.AccessToken; }); #else ViewModel.IsBusy = true; _client = new ActiveDirectoryClient(new Uri($"{Resource}/{tenant}"), () => { var tcs = new TaskCompletionSource<string>(); #pragma warning disable CS4014 // Because this call is not awaited, execution of the current method continues before the call is completed Dispatcher.RunAsync(Windows.UI.Core.CoreDispatcherPriority.Normal, async () => #pragma warning restore CS4014 // Because this call is not awaited, execution of the current method continues before the call is completed { try { // replace 'organizations' with 'consumers' to use MSA string authority = $"https://login.microsoftonline.com/{tenant}"; //string authority = "organizations"; var wap = await WebAuthenticationCoreManager.FindAccountProviderAsync("https://login.microsoft.com", authority); WebTokenRequest wtr = new WebTokenRequest(wap, string.Empty, ClientId); wtr.Properties.Add("resource", Resource); WebTokenRequestResult wtrr = await WebAuthenticationCoreManager.RequestTokenAsync(wtr); if (wtrr.ResponseStatus == WebTokenRequestStatus.Success) tcs.SetResult(wtrr.ResponseData[0].Token); } catch (Exception ex) { tcs.SetException(ex); } finally { await Dispatcher.RunAsync(Windows.UI.Core.CoreDispatcherPriority.Normal, () => { ViewModel.IsBusy = false; }); } }); return tcs.Task; }); #endif // put first page into obs collection for now... var users = await _client.Users.ExecuteAsync(); ViewModel.Users = new ObservableCollection<IUser>(users.CurrentPage); } catch (Exception ex) { MessageDialog mg = new MessageDialog(ex.Message); await mg.ShowAsync(); } }
public async void AuthenticateWithRequestToken(WebAccountProvider Provider, String Scope, String ClientID) { try { WebTokenRequest webTokenRequest = new WebTokenRequest(Provider, Scope, ClientID); // Azure Active Directory requires a resource to return a token if(Provider.Id == "https://login.microsoft.com" && Provider.Authority == "organizations") { webTokenRequest.Properties.Add("resource", "https://graph.windows.net"); } // If the user selected a specific account, RequestTokenAsync will return a token for that account. // The user may be prompted for credentials or to authorize using that account with your app // If the user selected a provider, the user will be prompted for credentials to login to a new account WebTokenRequestResult webTokenRequestResult = await WebAuthenticationCoreManager.RequestTokenAsync(webTokenRequest); if (webTokenRequestResult.ResponseStatus == WebTokenRequestStatus.Success) { defaultAccount = webTokenRequestResult.ResponseData[0].WebAccount; button_GetTokenSilently.IsEnabled = true; textblock_SignedInStatus.Text = "Signed in with:"; textblock_SignedInStatus.Foreground = new SolidColorBrush(Windows.UI.Colors.Green); listview_SignedInAccounts.Items.Clear(); listview_SignedInAccounts.Items.Add(defaultAccount.Id); } OutputTokenResult(webTokenRequestResult); } catch (Exception ex) { rootPage.NotifyUser("Web Token request failed: " + ex, NotifyType.ErrorMessage); } }
public async void AuthenticateWithRequestToken(WebAccountProvider Provider, String Scope, String ClientID) { try { WebTokenRequest webTokenRequest = new WebTokenRequest(Provider, Scope, ClientID); // Azure Active Directory requires a resource to return a token if(Provider.Id == "https://login.microsoft.com" && Provider.Authority == "organizations") { webTokenRequest.Properties.Add("resource", "https://graph.windows.net"); } // If the user selected a specific account, RequestTokenAsync will return a token for that account. // The user may be prompted for credentials or to authorize using that account with your app // If the user selected a provider, the user will be prompted for credentials to login to a new account WebTokenRequestResult webTokenRequestResult = await WebAuthenticationCoreManager.RequestTokenAsync(webTokenRequest); if (webTokenRequestResult.ResponseStatus == WebTokenRequestStatus.Success) { StoreNewAccountDataLocally(webTokenRequestResult.ResponseData[0].WebAccount); } OutputTokenResult(webTokenRequestResult); } catch (Exception ex) { rootPage.NotifyUser("Web Token request failed: " + ex, NotifyType.ErrorMessage); } }
protected async override void OnNavigatedTo(NavigationEventArgs e) { wap = await WebAuthenticationCoreManager.FindAccountProviderAsync("https://login.microsoft.com", authority); appSettings = ApplicationData.Current.RoamingSettings; WebTokenRequest wtr = new WebTokenRequest(wap, string.Empty, clientId); wtr.Properties.Add("resource", resource); // Check if there's a record of the last account used with the app var userID = appSettings.Values["userID"]; if (userID != null) { // Get an account object for the user userAccount = await WebAuthenticationCoreManager.FindAccountAsync(wap, (string)userID); if (userAccount != null) { // Ensure that the saved account works for getting the token we need WebTokenRequestResult wtrr = await WebAuthenticationCoreManager.RequestTokenAsync(wtr, userAccount); if (wtrr.ResponseStatus == WebTokenRequestStatus.Success) { userAccount = wtrr.ResponseData[0].WebAccount; } else { // The saved account could not be used for getitng a token MessageDialog messageDialog = new MessageDialog("We tried to sign you in with the last account you used with this app, but it didn't work out. Please sign in as a different user."); await messageDialog.ShowAsync(); // Make sure that the UX is ready for a new sign in UpdateUXonSignOut(); } } else { // The WebAccount object is no longer available. Let's attempt a sign in with the saved username wtr.Properties.Add("LoginHint", appSettings.Values["login_hint"].ToString()); WebTokenRequestResult wtrr = await WebAuthenticationCoreManager.RequestTokenAsync(wtr); if (wtrr.ResponseStatus == WebTokenRequestStatus.Success) { userAccount = wtrr.ResponseData[0].WebAccount; } } } else { // There is no recorded user. Let's start a sign in flow without imposing a specific account. WebTokenRequestResult wtrr = await WebAuthenticationCoreManager.RequestTokenAsync(wtr); if (wtrr.ResponseStatus == WebTokenRequestStatus.Success) { userAccount = wtrr.ResponseData[0].WebAccount; } } if (userAccount != null) // we succeeded in obtaining a valid user { // save user ID in local storage UpdateUXonSignIn(); } else { // nothing we tried worked. Ensure that the UX reflects that there is no user currently signed in. UpdateUXonSignOut(); MessageDialog messageDialog = new MessageDialog("We could not sign you in. Please try again."); await messageDialog.ShowAsync(); } }
// Change the currently signed in user private async void btnSignInOut_Click(object sender, RoutedEventArgs e) { // prepare a request with 'WebTokenRequestPromptType.ForceAuthentication', // which guarantees that the user will be able to enter an account of their choosing // regardless of what accounts are already present on the system WebTokenRequest wtr = new WebTokenRequest(wap, string.Empty, clientId, WebTokenRequestPromptType.ForceAuthentication); wtr.Properties.Add("resource", resource); WebTokenRequestResult wtrr = await WebAuthenticationCoreManager.RequestTokenAsync(wtr); if (wtrr.ResponseStatus == WebTokenRequestStatus.Success) { userAccount = wtrr.ResponseData[0].WebAccount; UpdateUXonSignIn(); } else { UpdateUXonSignOut(); MessageDialog messageDialog = new MessageDialog("We could not sign you in. Please try again."); await messageDialog.ShowAsync(); } }
protected async override void OnNavigatedTo(NavigationEventArgs e) { wap = await WebAuthenticationCoreManager.FindAccountProviderAsync("https://login.microsoft.com", authority); appSettings = ApplicationData.Current.RoamingSettings; WebTokenRequest wtr = new WebTokenRequest(wap, String.Empty, clientId); wtr.Properties.Add("resource", resource); var userID = appSettings.Values["userID"]; if(userID != null) { userAccount = await WebAuthenticationCoreManager.FindAccountAsync(wap, (string)userID); if(userAccount != null) { //Use saved account to get token WebTokenRequestResult wtrResult = await WebAuthenticationCoreManager.RequestTokenAsync(wtr, userAccount); if (wtrResult.ResponseStatus == WebTokenRequestStatus.Success) { userAccount = wtrResult.ResponseData[0].WebAccount; } else { MessageDialog messageDialog = new MessageDialog("We tried to sign you in with the last account you used with this app," + "but it didn't work out. Please sign in as a different user."); await messageDialog.ShowAsync(); UpdateUXonSignOut(); } } else { // the WebAccount Object is no longer available wtr.Properties.Add("LoginHint", appSettings.Values["login_hint"].ToString()); WebTokenRequestResult wtrResult = await WebAuthenticationCoreManager.RequestTokenAsync(wtr); if (wtrResult.ResponseStatus == WebTokenRequestStatus.Success) { userAccount = wtrResult.ResponseData[0].WebAccount; } } } else { //there is no recorded user so start sign-flow from start WebTokenRequestResult wtrResult = await WebAuthenticationCoreManager.RequestTokenAsync(wtr); if(wtrResult.ResponseStatus == WebTokenRequestStatus.Success) { userAccount = wtrResult.ResponseData[0].WebAccount; } } if(userAccount != null) { UpdateUXonSignIn(); } else { //it totally failed UpdateUXonSignOut(); MessageDialog messageDialog = new MessageDialog("We could not sign you in. Please try again."); await messageDialog.ShowAsync(); } }
private async Task<WebTokenRequestResult> GetToken(WebAccountProvider provider, bool isSilent) { WebTokenRequestResult result = null; try { var request = new WebTokenRequest(provider, "public_profile", "1043253362376121"); // We need to add the redirect uri so that the facebook app knows it's actually us. // This will use the store id you assigned in your facebook developer portal request.Properties.Add("redirect_uri", "msft-2f5fb048-0fd0-43e4-ad74-a9fc71e4b53d:/Authorise"); if (isSilent) { result = await WebAuthenticationCoreManager.GetTokenSilentlyAsync(request); } else { result = await WebAuthenticationCoreManager.RequestTokenAsync(request); } } catch (Exception ex) { var i = 1; } return result; }
private async Task<UserAccount> GetMsaTokenAsync(WebAccountProviderCommand command) { var request = new WebTokenRequest(command.WebAccountProvider, tokenScope); var result = await WebAuthenticationCoreManager.RequestTokenAsync(request); if (result.ResponseStatus == WebTokenRequestStatus.Success) { UpdateWebAccount(result.ResponseData[0].WebAccount); CurrentAccount = await CreateUserAccount(result.ResponseData[0].Token); return CurrentAccount; } else { throw new InvalidOperationException("WebAuthentication Response: " + result.ResponseStatus); } }
private async Task GetTokenSilent(WebAccountProvider Provider, WebAccount Account) { // Set the clientID and scope based on the authority. The authority tells us if the account is a Microsoft account or an Azure AD. String scope = defaultProvider.Authority == MicrosoftAccountAuthority ? MicrosoftAccountScopeRequested : AzureActiveDirectoryScopeRequested; String clientID = defaultProvider.Authority == MicrosoftAccountAuthority ? MicrosoftAccountClientId : AzureActiveDirectoryClientId; WebTokenRequest webTokenRequest = new WebTokenRequest(Provider, scope, clientID); // Azure Active Directory requires a resource to return a token if (Provider.Authority == "organizations") { webTokenRequest.Properties.Add("resource", "https://graph.windows.net"); } WebTokenRequestResult webTokenRequestResult = await WebAuthenticationCoreManager.GetTokenSilentlyAsync(webTokenRequest, Account); if (webTokenRequestResult.ResponseStatus == WebTokenRequestStatus.Success) { rootPage.NotifyUser("Silent request successful for user:"******"Cannot retrieve token silently because user interaction is required to complete this request.", NotifyType.ErrorMessage); } else { rootPage.NotifyUser("Web Token request error: " + webTokenRequestResult.ResponseStatus + " Code: " + webTokenRequestResult.ResponseError.ErrorMessage, NotifyType.StatusMessage); } }
// perform a user search by alias against the directory Graph of the currently signed in user private async void btnSearch_Click(object sender, RoutedEventArgs e) { // craft the token request for the Graph api WebTokenRequest wtr = new WebTokenRequest(wap, string.Empty, clientId); wtr.Properties.Add("resource", resource); // perform the token request without showing any UX WebTokenRequestResult wtrr = await WebAuthenticationCoreManager.GetTokenSilentlyAsync(wtr, userAccount); if (wtrr.ResponseStatus == WebTokenRequestStatus.Success) { string accessToken = wtrr.ResponseData[0].Token; try { SearchResults.ItemsSource = await DirectorySearcher.SearchByAlias(SearchTermText.Text, accessToken, userAccount.Properties["TenantId"]); } catch (Exception ee) { MessageDialog messageDialog = new MessageDialog("The Graph query didn't work. Error: "+ee.Message); await messageDialog.ShowAsync(); } } else { MessageDialog messageDialog = new MessageDialog("We tried to get a token for the Graph as the account you are currently signed in, but it didn't work out. Please sign in as a different user."); await messageDialog.ShowAsync(); } }
private async void CallApiButton_Click(object sender, RoutedEventArgs e) { WebTokenRequest wtr = new WebTokenRequest(wap, string.Empty, clientId); wtr.Properties.Add("resource", resource); // perform the token request without showing any UX WebTokenRequestResult wtrr = await WebAuthenticationCoreManager.GetTokenSilentlyAsync(wtr, userAccount); if (wtrr.ResponseStatus == WebTokenRequestStatus.Success) { this.accessToken = wtrr.ResponseData[0].Token; // HttpClient client = new HttpClient(); // client.DefaultRequestHeaders.Authorization = new Windows.Web.Http.Headers.HttpCredentialsHeaderValue("Bearer", accessToken); // HttpResponseMessage response = await client.GetAsync(new Uri("https://api.powerbi.com/beta/myorg/reports")); // response.EnsureSuccessStatusCode(); //string data = await response.Content.ReadAsStringAsync(); // dataTextBlock.Text = data; // textSignedIn.Text = accessToken; //List<string> args = new List<string>(); //args.Add(@"{ action: 'loadReport', accessToken: '" + this.accessToken + "'}"); //args.Add(@"*"); // var test = await this.MyWebView.InvokeScriptAsync("postMessage", args.ToArray<string>()); // dataTextBlock.Text = test.ToString(); } }
public async Task AuthenticateWithRequestToken(WebAccountProvider Provider, String Scope, String ClientID) { try { WebTokenRequest webTokenRequest = new WebTokenRequest(Provider, Scope, ClientID); // If the user selected a specific account, RequestTokenAsync will return a token for that account. // The user may be prompted for credentials or to authorize using that account with your app // If the user selected a provider, the user will be prompted for credentials to login to a new account WebTokenRequestResult webTokenRequestResult = await WebAuthenticationCoreManager.RequestTokenAsync(webTokenRequest); if (webTokenRequestResult.ResponseStatus == WebTokenRequestStatus.Success) { StoreNewAccountDataLocally(webTokenRequestResult.ResponseData[0].WebAccount); } OutputTokenResult(webTokenRequestResult); } catch (Exception ex) { rootPage.NotifyUser("Web Token request failed: " + ex, NotifyType.ErrorMessage); } }
private async void OnWebAccountProviderRequested(WebAccountProviderCommand cmd) { // Retrieve the provider info instance for the requestd provider var pi = Platform.Current.WebAccountManager.GetProviderInfo(cmd.WebAccountProvider.Id); if (pi == null) throw new ArgumentNullException(nameof(pi)); try { WebTokenRequest request = new WebTokenRequest(cmd.WebAccountProvider, pi.Scope, pi.ClientID); // Add any properties for this request from the provider info if (pi.RequestProperties != null) foreach (var prop in pi.RequestProperties) request.Properties.Add(prop); // If the user selected a specific account, RequestTokenAsync will return a token for that account. // The user may be prompted for credentials or to authorize using that account with your app // If the user selected a provider, the user will be prompted for credentials to login to a new account WebTokenRequestResult result = await WebAuthenticationCoreManager.RequestTokenAsync(request); if (result.ResponseStatus == WebTokenRequestStatus.Success) { var webTokenResponse = result.ResponseData[0]; var webAccount = webTokenResponse.WebAccount; // Wrapper the web account data WebAccountInfo wi = new WebAccountInfo(); wi.Type = pi.WebAccountType; wi.ProviderID = webAccount.WebAccountProvider.Id; wi.AccountID = !string.IsNullOrEmpty(webAccount.Id) ? webAccount.Id : webAccount.UserName; wi.Authority = webAccount.WebAccountProvider.Authority != null ? webAccount.WebAccountProvider.Authority : ""; wi.Token = webTokenResponse.Token; this.SaveWebAccountInfo(wi); Platform.Current.Logger.Log(LogLevels.Information, string.Format("Web Token request successful for AccountID: {0}", wi.AccountID)); // Success Callback _successHandler(pi, wi, result); } else { Platform.Current.Logger.Log(LogLevels.Information, "Web Token request error: " + result.ResponseStatus + " Code: " + result.ResponseError.ErrorMessage); // Failed Callback _failedHandler(pi, result); } } catch (Exception ex) { Platform.Current.Logger.LogError(ex, "Web Token request failed"); _failedHandler(pi, null); } finally { this.Cleanup(); } }
private async void MyWebView_Loaded(object sender, RoutedEventArgs e) { WebTokenRequest wtr = new WebTokenRequest(wap, string.Empty, clientId); wtr.Properties.Add("resource", resource); // perform the token request without showing any UX WebTokenRequestResult wtrr = await WebAuthenticationCoreManager.GetTokenSilentlyAsync(wtr, userAccount); if (wtrr.ResponseStatus == WebTokenRequestStatus.Success) { this.accessToken = wtrr.ResponseData[0].Token; List<string> args = new List<string>(); args.Add(this.accessToken); var test = await MyWebView.InvokeScriptAsync("updateIframe", args.ToArray<string>()); } }