public async Task <ActionResult> CreateLocalAccountPost(EducationRegisterViewModel model) { var tenantId = User.GetTenantId(); var activeDirectoryClient = await AuthenticationHelper.GetActiveDirectoryClientAsync(); IGraphClient graphClient = new AADGraphClient(activeDirectoryClient); var user = await graphClient.GetCurrentUserAsync(); var tenant = await graphClient.GetTenantAsync(tenantId); model.Email = user.Mail ?? user.UserPrincipalName; model.FavoriteColors = Constants.FavoriteColors; //if (!ModelState.IsValid) return View(model); // Create a new local user var localUser = new ApplicationUser { Email = model.Email, UserName = model.Email, FavoriteColor = model.FavoriteColor }; var result = await userManager.CreateAsync(localUser); if (!result.Succeeded) { AddErrors(result); return(View(model)); } // Update the local user await applicationService.UpdateLocalUserAsync(localUser, user, tenant); SetCookiesForO365User(user.GivenName + " " + user.Surname, user.Mail); return(RedirectToAction("Index", "Schools")); }
public void ConfigureAADAuth(IAppBuilder app) { app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType); app.UseCookieAuthentication(new CookieAuthenticationOptions { }); app.UseOpenIdConnectAuthentication( new OpenIdConnectAuthenticationOptions { Caption = "Microsoft Work or school account", ClientId = Constants.AADClientId, Authority = Constants.Authority, TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters { // instead of using the default validation (validating against a single issuer value, as we do in line of business apps), // we inject our own multitenant validation logic ValidateIssuer = false, }, Notifications = new OpenIdConnectAuthenticationNotifications() { RedirectToIdentityProvider = (context) => { // This ensures that the address used for sign in and sign out is picked up dynamically from the request // this allows you to deploy your app (to Azure Web Sites, for example)without having to change settings // Remember that the base URL of the address used here must be provisioned in Azure AD beforehand. string appBaseUrl = context.Request.Scheme + "://" + context.Request.Host + context.Request.PathBase; context.ProtocolMessage.RedirectUri = appBaseUrl + "/"; context.ProtocolMessage.PostLogoutRedirectUri = appBaseUrl; return(Task.FromResult(0)); }, AuthorizationCodeReceived = async(context) => { var identity = context.AuthenticationTicket.Identity; // Get token with authorization code var redirectUri = new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)); var credential = new ClientCredential(Constants.AADClientId, Constants.AADClientSecret); var authContext = AuthenticationHelper.GetAuthenticationContext(identity, Permissions.Delegated); var authResult = await authContext.AcquireTokenByAuthorizationCodeAsync(context.Code, redirectUri, credential, Constants.Resources.AADGraph); // Get user's roles and add them to claims var activeDirectoryClient = authResult.CreateActiveDirectoryClient(); var graphClient = new AADGraphClient(activeDirectoryClient); var user = await graphClient.GetCurrentUserAsync(); foreach (var role in user.Roles) { identity.AddClaim(ClaimTypes.Role, role); } }, AuthenticationFailed = (context) => { var redirectUrl = "/Error?message=" + Uri.EscapeDataString(context.Exception.Message); context.OwinContext.Response.Redirect(redirectUrl); context.HandleResponse(); // Suppress the exception return(Task.FromResult(0)); } } }); }
// // GET: /Link/LoginLocal public async Task <ActionResult> LoginLocal(LoginViewModel model) { var activeDirectoryClient = await AuthenticationHelper.GetActiveDirectoryClientAsync(); IGraphClient graphClient = new AADGraphClient(activeDirectoryClient); var user = await graphClient.GetCurrentUserAsync(); var localUser = userManager.FindByEmail(user.Mail); if (localUser == null) { foreach (var modelValue in ModelState.Values) { modelValue.Errors.Clear(); } return(View(model)); } var tenantId = User.GetTenantId(); if (localUser.O365UserId.IsNotNullAndEmpty()) { ModelState.AddModelError("Email", "The local account has already been linked to another Office 365 account."); return(View(model)); } var tenant = await graphClient.GetTenantAsync(tenantId); await applicationService.UpdateLocalUserAsync(localUser, user, tenant); SetCookiesForO365User(user.GivenName + " " + user.Surname, user.Mail); TempData["Message"] = Resources.LinkO365AccountSuccess; TempData[HandleAdalExceptionAttribute.ChallengeImmediatelyTempDataKey] = true; return(RedirectToAction("Index", "Schools")); }
// // GET: /Link/Index public async Task <ActionResult> Index() { var userContext = await applicationService.GetUserContextAsync(); if (userContext.IsO365Account && !userContext.AreAccountsLinked) { var activeDirectoryClient = await AuthenticationHelper.GetActiveDirectoryClientAsync(); var graphClient = new AADGraphClient(activeDirectoryClient); var user = await graphClient.GetCurrentUserAsync(); var email = user.Mail ?? user.UserPrincipalName; if (await userManager.Users.AnyAsync(i => i.Email == email)) { ViewBag.LocalAccountExistedMessage = $"There is a local account: {email} matching your O365 account."; } } return(View(userContext)); }
// // GET: /Admin/ProcessCode public async Task <ActionResult> ProcessCode(string code, string error, string error_description, string resource, string state) { if (TempData[StateKey] as string != state) { TempData["Error"] = "Invalid operation. Please try again"; return(RedirectToAction("Index")); } // Get the tenant var authResult = await AuthenticationHelper.GetAuthenticationResultAsync(code); var activeDirectoryClient = authResult.CreateActiveDirectoryClient(); var graphClient = new AADGraphClient(activeDirectoryClient); var tenant = await graphClient.GetTenantAsync(authResult.TenantId); // Create (or update) an organization, and make it as AdminConsented await applicationService.CreateOrUpdateOrganizationAsync(tenant, true); TempData["Message"] = "You signed up successfully!"; return(RedirectToAction("Index")); }
private async static Task RunFlow() { Console.WriteLine("Press A to run AAD Graph API flow/Press any other key to run MS Graph API flow"); var input = Console.ReadLine(); if (input.Trim().ToUpper() == "A") { Console.WriteLine("Press 1 to run as App mode/Press any other key to run in user mode"); input = Console.ReadLine(); if (input.Trim().ToUpper() == "1") { Console.WriteLine("Getting users using AAD graph api"); AADGraphClient graphClient = new AADGraphClient(); await graphClient.GetAllUsers(); } else { Console.WriteLine("Getting logged in user details using AAD graph api"); AADGraphClient graphClient = new AADGraphClient(true); await graphClient.GetLoggedInUserDetails(); } } else { Console.WriteLine("Press 1 to run as App mode/Press any other key to run in user mode"); input = Console.ReadLine(); if (input.Trim().ToUpper() == "1") { Console.WriteLine("Getting users using MS graph api"); MSGraphClient graphClient = new MSGraphClient(); await graphClient.GetAllUsers(); } else { Console.WriteLine("Getting logged in user details using MS graph api"); MSGraphClient graphClient = new MSGraphClient(true); await graphClient.GetLoggedInUserDetails(); } } }
public async Task <ActionResult> LoginLocalPost(LoginViewModel model) { if (!ModelState.IsValid) { return(View(model)); } var localUser = userManager.FindByEmail(model.Email); if (localUser == null) { ModelState.AddModelError("", "Invalid login attempt."); return(View(model)); } if (localUser.O365UserId.IsNotNullAndEmpty()) { ModelState.AddModelError("Email", "The local account has already been linked to another Office 365 account."); return(View(model)); } if (!await userManager.CheckPasswordAsync(localUser, model.Password)) { ModelState.AddModelError("", "Invalid login attempt."); return(View(model)); } var tenantId = User.GetTenantId(); var activeDirectoryClient = await AuthenticationHelper.GetActiveDirectoryClientAsync(); IGraphClient graphClient = new AADGraphClient(activeDirectoryClient); var user = await graphClient.GetCurrentUserAsync(); var tenant = await graphClient.GetTenantAsync(tenantId); await applicationService.UpdateLocalUserAsync(localUser, user, tenant); SetCookiesForO365User(user.GivenName + " " + user.Surname, user.Mail); return(RedirectToAction("Index", "Schools")); }
public async Task <ActionResult> CreateLocalAccountPost(EducationRegisterViewModel model) { if (!ModelState.IsValid) { return(View(model)); } // Create a new local user var localUser = new ApplicationUser { Email = model.Email, UserName = model.Email, FavoriteColor = model.FavoriteColor }; var result = await userManager.CreateAsync(localUser, model.Password); if (!result.Succeeded) { AddErrors(result); return(View(model)); } // Update the local user var tenantId = User.GetTenantId(); var activeDirectoryClient = await AuthenticationHelper.GetActiveDirectoryClientAsync(); IGraphClient graphClient = new AADGraphClient(activeDirectoryClient); var user = await graphClient.GetCurrentUserAsync(); var tenant = await graphClient.GetTenantAsync(tenantId); user.GivenName = model.FirstName; user.Surname = model.LastName; await applicationService.UpdateLocalUserAsync(localUser, user, tenant); // return(RedirectToAction("Index")); }