public async Task <ActionResult> CreateLocalAccountPost(EducationRegisterViewModel model)
{
var tenantId = User.GetTenantId();
var activeDirectoryClient = await AuthenticationHelper.GetActiveDirectoryClientAsync();
IGraphClient graphClient = new AADGraphClient(activeDirectoryClient);
var user = await graphClient.GetCurrentUserAsync();
var tenant = await graphClient.GetTenantAsync(tenantId);
model.Email = user.Mail ?? user.UserPrincipalName;
model.FavoriteColors = Constants.FavoriteColors;
//if (!ModelState.IsValid) return View(model);
// Create a new local user
var localUser = new ApplicationUser
{
Email = model.Email,
UserName = model.Email,
FavoriteColor = model.FavoriteColor
};
var result = await userManager.CreateAsync(localUser);
if (!result.Succeeded)
{
AddErrors(result);
return(View(model));
}
// Update the local user
await applicationService.UpdateLocalUserAsync(localUser, user, tenant);
SetCookiesForO365User(user.GivenName + " " + user.Surname, user.Mail);
return(RedirectToAction("Index", "Schools"));
}
public void ConfigureAADAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions {
});
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
Caption = "Microsoft Work or school account",
ClientId = Constants.AADClientId,
Authority = Constants.Authority,
TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters
{
// instead of using the default validation (validating against a single issuer value, as we do in line of business apps),
// we inject our own multitenant validation logic
ValidateIssuer = false,
},
Notifications = new OpenIdConnectAuthenticationNotifications()
{
RedirectToIdentityProvider = (context) =>
{
// This ensures that the address used for sign in and sign out is picked up dynamically from the request
// this allows you to deploy your app (to Azure Web Sites, for example)without having to change settings
// Remember that the base URL of the address used here must be provisioned in Azure AD beforehand.
string appBaseUrl = context.Request.Scheme + "://" + context.Request.Host + context.Request.PathBase;
context.ProtocolMessage.RedirectUri = appBaseUrl + "/";
context.ProtocolMessage.PostLogoutRedirectUri = appBaseUrl;
return(Task.FromResult(0));
},
AuthorizationCodeReceived = async(context) =>
{
var identity = context.AuthenticationTicket.Identity;
// Get token with authorization code
var redirectUri = new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path));
var credential = new ClientCredential(Constants.AADClientId, Constants.AADClientSecret);
var authContext = AuthenticationHelper.GetAuthenticationContext(identity, Permissions.Delegated);
var authResult = await authContext.AcquireTokenByAuthorizationCodeAsync(context.Code, redirectUri, credential, Constants.Resources.AADGraph);
// Get user's roles and add them to claims
var activeDirectoryClient = authResult.CreateActiveDirectoryClient();
var graphClient = new AADGraphClient(activeDirectoryClient);
var user = await graphClient.GetCurrentUserAsync();
foreach (var role in user.Roles)
{
identity.AddClaim(ClaimTypes.Role, role);
}
},
AuthenticationFailed = (context) =>
{
var redirectUrl = "/Error?message=" + Uri.EscapeDataString(context.Exception.Message);
context.OwinContext.Response.Redirect(redirectUrl);
context.HandleResponse(); // Suppress the exception
return(Task.FromResult(0));
}
}
});
}
//
// GET: /Link/LoginLocal
public async Task <ActionResult> LoginLocal(LoginViewModel model)
{
var activeDirectoryClient = await AuthenticationHelper.GetActiveDirectoryClientAsync();
IGraphClient graphClient = new AADGraphClient(activeDirectoryClient);
var user = await graphClient.GetCurrentUserAsync();
var localUser = userManager.FindByEmail(user.Mail);
if (localUser == null)
{
foreach (var modelValue in ModelState.Values)
{
modelValue.Errors.Clear();
}
return(View(model));
}
var tenantId = User.GetTenantId();
if (localUser.O365UserId.IsNotNullAndEmpty())
{
ModelState.AddModelError("Email", "The local account has already been linked to another Office 365 account.");
return(View(model));
}
var tenant = await graphClient.GetTenantAsync(tenantId);
await applicationService.UpdateLocalUserAsync(localUser, user, tenant);
SetCookiesForO365User(user.GivenName + " " + user.Surname, user.Mail);
TempData["Message"] = Resources.LinkO365AccountSuccess;
TempData[HandleAdalExceptionAttribute.ChallengeImmediatelyTempDataKey] = true;
return(RedirectToAction("Index", "Schools"));
}
//
// GET: /Link/Index
public async Task <ActionResult> Index()
{
var userContext = await applicationService.GetUserContextAsync();
if (userContext.IsO365Account && !userContext.AreAccountsLinked)
{
var activeDirectoryClient = await AuthenticationHelper.GetActiveDirectoryClientAsync();
var graphClient = new AADGraphClient(activeDirectoryClient);
var user = await graphClient.GetCurrentUserAsync();
var email = user.Mail ?? user.UserPrincipalName;
if (await userManager.Users.AnyAsync(i => i.Email == email))
{
ViewBag.LocalAccountExistedMessage = $"There is a local account: {email} matching your O365 account.";
}
}
return(View(userContext));
}
//
// GET: /Admin/ProcessCode
public async Task <ActionResult> ProcessCode(string code, string error, string error_description, string resource, string state)
{
if (TempData[StateKey] as string != state)
{
TempData["Error"] = "Invalid operation. Please try again";
return(RedirectToAction("Index"));
}
// Get the tenant
var authResult = await AuthenticationHelper.GetAuthenticationResultAsync(code);
var activeDirectoryClient = authResult.CreateActiveDirectoryClient();
var graphClient = new AADGraphClient(activeDirectoryClient);
var tenant = await graphClient.GetTenantAsync(authResult.TenantId);
// Create (or update) an organization, and make it as AdminConsented
await applicationService.CreateOrUpdateOrganizationAsync(tenant, true);
TempData["Message"] = "You signed up successfully!";
return(RedirectToAction("Index"));
}
private async static Task RunFlow()
{
Console.WriteLine("Press A to run AAD Graph API flow/Press any other key to run MS Graph API flow");
var input = Console.ReadLine();
if (input.Trim().ToUpper() == "A")
{
Console.WriteLine("Press 1 to run as App mode/Press any other key to run in user mode");
input = Console.ReadLine();
if (input.Trim().ToUpper() == "1")
{
Console.WriteLine("Getting users using AAD graph api");
AADGraphClient graphClient = new AADGraphClient();
await graphClient.GetAllUsers();
}
else
{
Console.WriteLine("Getting logged in user details using AAD graph api");
AADGraphClient graphClient = new AADGraphClient(true);
await graphClient.GetLoggedInUserDetails();
}
}
else
{
Console.WriteLine("Press 1 to run as App mode/Press any other key to run in user mode");
input = Console.ReadLine();
if (input.Trim().ToUpper() == "1")
{
Console.WriteLine("Getting users using MS graph api");
MSGraphClient graphClient = new MSGraphClient();
await graphClient.GetAllUsers();
}
else
{
Console.WriteLine("Getting logged in user details using MS graph api");
MSGraphClient graphClient = new MSGraphClient(true);
await graphClient.GetLoggedInUserDetails();
}
}
}
public async Task <ActionResult> LoginLocalPost(LoginViewModel model)
{
if (!ModelState.IsValid)
{
return(View(model));
}
var localUser = userManager.FindByEmail(model.Email);
if (localUser == null)
{
ModelState.AddModelError("", "Invalid login attempt.");
return(View(model));
}
if (localUser.O365UserId.IsNotNullAndEmpty())
{
ModelState.AddModelError("Email", "The local account has already been linked to another Office 365 account.");
return(View(model));
}
if (!await userManager.CheckPasswordAsync(localUser, model.Password))
{
ModelState.AddModelError("", "Invalid login attempt.");
return(View(model));
}
var tenantId = User.GetTenantId();
var activeDirectoryClient = await AuthenticationHelper.GetActiveDirectoryClientAsync();
IGraphClient graphClient = new AADGraphClient(activeDirectoryClient);
var user = await graphClient.GetCurrentUserAsync();
var tenant = await graphClient.GetTenantAsync(tenantId);
await applicationService.UpdateLocalUserAsync(localUser, user, tenant);
SetCookiesForO365User(user.GivenName + " " + user.Surname, user.Mail);
return(RedirectToAction("Index", "Schools"));
}
public async Task <ActionResult> CreateLocalAccountPost(EducationRegisterViewModel model)
{
if (!ModelState.IsValid)
{
return(View(model));
}
// Create a new local user
var localUser = new ApplicationUser
{
Email = model.Email,
UserName = model.Email,
FavoriteColor = model.FavoriteColor
};
var result = await userManager.CreateAsync(localUser, model.Password);
if (!result.Succeeded)
{
AddErrors(result);
return(View(model));
}
// Update the local user
var tenantId = User.GetTenantId();
var activeDirectoryClient = await AuthenticationHelper.GetActiveDirectoryClientAsync();
IGraphClient graphClient = new AADGraphClient(activeDirectoryClient);
var user = await graphClient.GetCurrentUserAsync();
var tenant = await graphClient.GetTenantAsync(tenantId);
user.GivenName = model.FirstName;
user.Surname = model.LastName;
await applicationService.UpdateLocalUserAsync(localUser, user, tenant);
//
return(RedirectToAction("Index"));
}
