static void Main()
{
if (WindowsNativeUtils.IsElevatedUser())
{
WindowsNativeUtils.InitializeProcessSecurity();
}
Application.SetHighDpiMode(HighDpiMode.SystemAware);
Application.EnableVisualStyles();
Application.SetCompatibleTextRenderingDefault(false);
Application.Run(new Form1());
}
private async Task <MsalTokenResponse> AcquireInteractiveWithPickerAsync(
AuthenticationRequestParameters authenticationRequestParameters,
Prompt msalPrompt)
{
bool isMsaPassthrough = _wamOptions.MsaPassthrough;
var accountPicker = _accountPickerFactory.Create(
_parentHandle,
_logger,
_synchronizationContext,
authenticationRequestParameters.Authority,
isMsaPassthrough);
IWamPlugin wamPlugin;
WebTokenRequest webTokenRequest;
try
{
WebAccountProvider accountProvider = await
accountPicker.DetermineAccountInteractivelyAsync().ConfigureAwait(false);
if (accountProvider == null)
{
var errorMessage = "WAM Account Picker did not return an account.";
#if !WINDOWS_APP
if (WindowsNativeUtils.IsElevatedUser())
{
errorMessage = MsalErrorMessage.AuthenticationFailedWamElevatedProcess;
}
#endif
throw new MsalClientException(MsalError.AuthenticationCanceledError, errorMessage);
}
bool isConsumerTenant = _webAccountProviderFactory.IsConsumerProvider(accountProvider);
// WAM returns the tenant here, not the full authority
wamPlugin = (isConsumerTenant && !isMsaPassthrough) ? _msaPlugin : _aadPlugin;
string transferToken = null;
bool isForceLoginPrompt = false;
if (isConsumerTenant && isMsaPassthrough)
{
// Get a transfer token to avoid prompting the user twice
transferToken = await _msaPassthroughHandler.TryFetchTransferTokenAsync(
authenticationRequestParameters,
accountProvider).ConfigureAwait(false);
// If a TT cannot be obtained, force the interactive experience again
isForceLoginPrompt = string.IsNullOrEmpty(transferToken);
// For MSA-PT, the MSA provider will issue v1 token, which cannot be used.
// Only the AAD provider can issue a v2 token
accountProvider = await _webAccountProviderFactory.GetAccountProviderAsync(
authenticationRequestParameters.Authority.TenantId)
.ConfigureAwait(false);
}
webTokenRequest = await wamPlugin.CreateWebTokenRequestAsync(
accountProvider,
authenticationRequestParameters,
isForceLoginPrompt : isForceLoginPrompt,
isInteractive : true,
isAccountInWam : false)
.ConfigureAwait(true);
_msaPassthroughHandler.AddTransferTokenToRequest(webTokenRequest, transferToken);
WamAdapters.AddMsalParamsToRequest(authenticationRequestParameters, webTokenRequest, _logger);
AddPromptToRequest(msalPrompt, isForceLoginPrompt, webTokenRequest);
}
catch (Exception ex) when(!(ex is MsalException))
{
_logger.ErrorPii(ex);
throw new MsalServiceException(
MsalError.WamPickerError,
"Could not get the account provider - account picker. See inner exception for details", ex);
}
IWebTokenRequestResultWrapper wamResult;
try
{
wamResult = await _wamProxy.RequestTokenForWindowAsync(_parentHandle, webTokenRequest).ConfigureAwait(false);
}
catch (Exception ex)
{
_logger.ErrorPii(ex);
throw new MsalServiceException(
MsalError.WamPickerError,
"Could not get the result - account picker. See inner exception for details", ex);
}
return(WamAdapters.CreateMsalResponseFromWamResponse(
wamResult,
wamPlugin,
authenticationRequestParameters.AppConfig.ClientId,
_logger,
isInteractive: true));
}
