public async Task <ActionResult> ClearAdalCache() { await AdalTokenCache.ClearUserTokenCacheAsync(); TempData["Message"] = "Login cache cleared successfully!"; return(RedirectToAction("Index")); }
public EnvironmentSetupHelper() { var datastore = new MemoryDataStore(); AzureSession.DataStore = datastore; var profile = new AzureSMProfile(Path.Combine(AzureSession.ProfileDirectory, AzureSession.ProfileFile)); var rmprofile = new AzureRMProfile(Path.Combine(AzureSession.ProfileDirectory, AzureSession.ProfileFile)); rmprofile.Environments.Add("foo", AzureEnvironment.PublicEnvironments.Values.FirstOrDefault()); rmprofile.Context = new AzureContext(new AzureSubscription(), new AzureAccount(), rmprofile.Environments["foo"], new AzureTenant()); rmprofile.Context.Subscription.Environment = "foo"; if (AzureRmProfileProvider.Instance.Profile == null) { AzureRmProfileProvider.Instance.Profile = rmprofile; } AzureSession.DataStore = datastore; ProfileClient = new ProfileClient(profile); // Ignore SSL errors System.Net.ServicePointManager.ServerCertificateValidationCallback += (se, cert, chain, sslerror) => true; AdalTokenCache.ClearCookies(); // Set RunningMocked TestMockSupport.RunningMocked = HttpMockServer.GetCurrentMode() == HttpRecorderMode.Playback; }
public EnvironmentSetupHelper() { TestExecutionHelpers.SetUpSessionAndProfile(); var datastore = new MemoryDataStore(); AzureSession.Instance.DataStore = datastore; var rmprofile = new AzureRmProfile(Path.Combine(AzureSession.Instance.ProfileDirectory, AzureSession.Instance.ProfileFile)); rmprofile.EnvironmentTable.Add("foo", new AzureEnvironment(AzureEnvironment.PublicEnvironments.Values.FirstOrDefault())); rmprofile.DefaultContext = new AzureContext(new AzureSubscription(), new AzureAccount(), rmprofile.EnvironmentTable["foo"], new AzureTenant()); rmprofile.DefaultContext.Subscription.SetEnvironment("foo"); if (AzureRmProfileProvider.Instance.Profile == null) { AzureRmProfileProvider.Instance.Profile = rmprofile; } AzureSession.Instance.DataStore = datastore; // Ignore SSL errors System.Net.ServicePointManager.ServerCertificateValidationCallback += (se, cert, chain, sslerror) => true; #if !NETSTANDARD ServiceManagementProfileProvider.InitializeServiceManagementProfile(); var profile = new AzureSMProfile(Path.Combine(AzureSession.Instance.ProfileDirectory, AzureSession.Instance.ProfileFile)); ProfileClient = new ProfileClient(profile); AdalTokenCache.ClearCookies(); #endif // Set RunningMocked TestMockSupport.RunningMocked = HttpMockServer.GetCurrentMode() == HttpRecorderMode.Playback; if (File.Exists(Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.UserProfile), ".azure", "testcredentials.json"))) { SetEnvironmentVariableFromCredentialFile(); } }
private AuthenticationResult DoAcquireToken( AdalConfiguration config, PromptBehavior promptBehavior, Action <string> promptAction, string userId, SecureString password) { AuthenticationResult result; var context = CreateContext(config); TracingAdapter.Information( Resources.UPNAcquireTokenContextTrace, context.Authority, context.CorrelationId, context.ValidateAuthority); TracingAdapter.Information( Resources.UPNAcquireTokenConfigTrace, config.AdDomain, config.AdEndpoint, config.ClientId, config.ClientRedirectUri); if (string.IsNullOrEmpty(userId)) { if (promptBehavior != PromptBehavior.Never) { AdalTokenCache.ClearCookies(); } result = context.AcquireToken( config.ResourceClientUri, config.ClientId, config.ClientRedirectUri, promptBehavior, UserIdentifier.AnyUser, AdalConfiguration.EnableEbdMagicCookie); } else { if (password == null) { result = context.AcquireToken( config.ResourceClientUri, config.ClientId, config.ClientRedirectUri, promptBehavior, new UserIdentifier(userId, UserIdentifierType.RequiredDisplayableId), AdalConfiguration.EnableEbdMagicCookie); } else { UserCredential credential = new UserCredential(userId, password); result = context.AcquireToken(config.ResourceClientUri, config.ClientId, credential); } } return(result); }
/// <summary> /// Get an instance of AuthenticationContext /// </summary> public static AuthenticationContext GetAuthenticationContext(ClaimsIdentity claimsIdentity, Permissions permissions) { var tenantID = claimsIdentity.GetTenantId(); var userId = claimsIdentity.GetObjectIdentifier(); var signedInUserID = permissions == Permissions.Delegated ? userId : tenantID; var authority = string.Format("{0}{1}", Constants.AADInstance, tenantID); var tokenCache = new AdalTokenCache(signedInUserID); return(new AuthenticationContext(authority, tokenCache)); }
public static void ConfigureAuth(IAppBuilder app) { string commonAuthority = string.Format(Config.Authority, "common"); app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType); app.UseCookieAuthentication(new CookieAuthenticationOptions { ExpireTimeSpan = new TimeSpan(3, 0, 0), SlidingExpiration = true }); app.UseOpenIdConnectAuthentication( new OpenIdConnectAuthenticationOptions { //ProtocolValidator = new Microsoft.IdentityModel.Protocols.OpenIdConnectProtocolValidator() { RequireNonce = false }, ClientId = Config.ClientId, Authority = commonAuthority, UseTokenLifetime = false, TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters { // we inject our own multitenant validation logic ValidateIssuer = false, }, Notifications = new OpenIdConnectAuthenticationNotifications() { RedirectToIdentityProvider = (context) => { if (IsApiRequest(context.Request)) { context.HandleResponse(); context.OwinContext.Response.StatusCode = (int)System.Net.HttpStatusCode.Unauthorized; } else { // This ensures that the address used for sign in and sign out is picked up dynamically from the request // this allows you to deploy your app (to Azure Web Sites, for example) without having to change settings // Remember that the base URL of the address used here must be provisioned in Azure AD beforehand. string appBaseUrl = context.Request.Scheme + "://" + context.Request.Host + context.Request.PathBase; object obj = null; if (context.OwinContext.Environment.TryGetValue("Authority", out obj)) { string authority = obj as string; if (authority != null) { context.ProtocolMessage.IssuerAddress = authority; } } if (context.OwinContext.Environment.TryGetValue("DomainHint", out obj)) { string domainHint = obj as string; if (domainHint != null) { context.ProtocolMessage.SetParameter("domain_hint", domainHint); } } if (context.OwinContext.Environment.TryGetValue("owin.RequestQueryString", out obj)) { var queryString = obj as string; if (queryString.StartsWith("domain=")) { var domain = queryString.Substring(7).Replace(".onmicrosoft.com", null); context.ProtocolMessage.PostLogoutRedirectUri = $"{appBaseUrl}/{domain}"; } else { context.ProtocolMessage.PostLogoutRedirectUri = new UrlHelper(HttpContext.Current.Request.RequestContext).Action( "Index", "Home", null, HttpContext.Current.Request.Url.Scheme ); } } else { context.ProtocolMessage.PostLogoutRedirectUri = new UrlHelper(HttpContext.Current.Request.RequestContext).Action( "Index", "Home", null, HttpContext.Current.Request.Url.Scheme ); } context.ProtocolMessage.RedirectUri = HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path); context.ProtocolMessage.Resource = Config.AzureResourceManagerIdentifier; } return(Task.FromResult(0)); }, AuthorizationCodeReceived = (context) => { ClientCredential credential = new ClientCredential(Config.ClientId, Config.Password); string tenantID = context.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value; string signedInUserUniqueName = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.Name).Value.Split('#')[context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.Name).Value.Split('#').Length - 1]; var tokenCache = new AdalTokenCache(signedInUserUniqueName); tokenCache.Clear(); AuthenticationContext authContext = new AuthenticationContext(string.Format(Config.Authority, tenantID), tokenCache); AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode( context.Code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, Config.GraphAPIIdentifier); return(Task.FromResult(0)); }, SecurityTokenValidated = (context) => { // we use this notification for injecting our custom logic // retriever caller data from the incoming principal string issuer = context.AuthenticationTicket.Identity.FindFirst("iss").Value; if (!issuer.StartsWith("https://sts.windows.net/")) { // the caller is not from a trusted issuer - throw to block the authentication flow throw new System.IdentityModel.Tokens.SecurityTokenValidationException(); } return(Task.FromResult(0)); } //AuthenticationFailed = (context) => //{ // context.OwinContext.Response.Redirect(new UrlHelper(HttpContext.Current.Request.RequestContext). // Action("Index", "Home", null, HttpContext.Current.Request.Url.Scheme)); // context.HandleResponse(); // Suppress the exception // return Task.FromResult(0); //} } }); }
public void ConfigureAuth(IAppBuilder app) { var clientId = Settings.ProvisionerClient; var password = Settings.ProvisionerPassword; var authority = string.Format(Settings.LoginUri, "common"); var azureResourceManagerIdentifier = Settings.ApiEndpointUri; // Set authentication types app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType); app.UseCookieAuthentication(new CookieAuthenticationOptions()); app.UseOpenIdConnectAuthentication( new OpenIdConnectAuthenticationOptions { ClientId = clientId, Authority = authority, TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters { ValidateIssuer = false, }, Notifications = new OpenIdConnectAuthenticationNotifications() { RedirectToIdentityProvider = (context) => { if (!context.Request.Path.ToString().Contains("Account")) { var redirectToSignUp = context.Request.Path.ToString().Contains("SignUp"); context.HandleResponse(); context.Response.Redirect(string.Format("Login?redirectToSignUp={0}", redirectToSignUp)); } else { object obj; if (context.OwinContext.Environment.TryGetValue("Authority", out obj)) { var auth = obj as string; if (auth != null) { context.ProtocolMessage.IssuerAddress = auth; } } if (context.OwinContext.Environment.TryGetValue("DomainHint", out obj)) { var domainHint = obj as string; if (domainHint != null) { context.ProtocolMessage.SetParameter("domain_hint", domainHint); } } context.ProtocolMessage.RedirectUri = HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path); context.ProtocolMessage.PostLogoutRedirectUri = new UrlHelper(HttpContext.Current.Request.RequestContext).Action("Index", "Home", null, HttpContext.Current.Request.Url.Scheme); context.ProtocolMessage.Resource = azureResourceManagerIdentifier; } return(Task.FromResult(0)); }, AuthorizationCodeReceived = (context) => { var credential = new ClientCredential(clientId, password); var tenantId = context.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value; var signedInUserUniqueName = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.Name).Value.Split('#').Last(); var tokenCache = new AdalTokenCache(signedInUserUniqueName); tokenCache.Clear(); var authContext = new AuthenticationContext(string.Format("https://login.windows.net/{0}", tenantId), tokenCache); var result = authContext.AcquireTokenByAuthorizationCode(context.Code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential); return(Task.FromResult(0)); }, SecurityTokenValidated = (context) => { var issuer = context.AuthenticationTicket.Identity.FindFirst("iss").Value; if (!issuer.StartsWith("https://sts.windows.net/")) { throw new System.IdentityModel.Tokens.SecurityTokenValidationException(); } return(Task.FromResult(0)); } } }); }
public EnvironmentSetupHelper() { var module = GetModuleManifest(RmDirectory, "AzureRM.Accounts"); if (string.IsNullOrWhiteSpace(module)) { throw new InvalidOperationException("Could not find Accounts module"); } LogIfNotNull($"Accounts Module path: {module}"); RMProfileModule = module; module = GetModuleManifest(RmDirectory, "AzureRM.Resources"); LogIfNotNull($"Resources Module path: {module}"); RMResourceModule = module; module = GetModuleManifest(RmDirectory, "AzureRM.Insights"); LogIfNotNull($"Insights Module path: {module}"); RMInsightsModule = module; module = GetModuleManifest(RmDirectory, "AzureRM.Storage"); LogIfNotNull($"Storage Management Module path: {module}"); RMStorageModule = module; module = GetModuleManifest(StorageDirectory, "Azure.Storage"); LogIfNotNull($"Storage Data Plane Module path: {module}"); RMStorageDataPlaneModule = module; module = GetModuleManifest(RmDirectory, "AzureRM.OperationalInsights"); LogIfNotNull($"Storage Data Plane Module path: {module}"); RMOperationalInsightsModule = module; module = GetModuleManifest(RmDirectory, "AzureRM.Network"); LogIfNotNull($"Network Module path: {module}"); RMNetworkModule = module; module = GetModuleManifest(StackRmDirectory, "AzureRM.Accounts"); LogIfNotNull($"Stack Accounts Module path: {module}"); StackRMProfileModule = module; module = GetModuleManifest(StackRmDirectory, "AzureRM.Resources"); LogIfNotNull($"Stack Resources Module path: {module}"); StackRMResourceModule = module; module = GetModuleManifest(StackRmDirectory, "AzureRM.Storage"); LogIfNotNull($"Stack Storage Management Plane Module path: {module}"); StackRMStorageModule = module; module = GetModuleManifest(StackStorageDirectory, "Azure.Storage"); LogIfNotNull($"Stack Storage Data Plane Module path: {module}"); StackRMStorageDataPlaneModule = module; TestExecutionHelpers.SetUpSessionAndProfile(); IDataStore datastore = new MemoryDataStore(); if (AzureSession.Instance.DataStore != null && (AzureSession.Instance.DataStore is MemoryDataStore)) { datastore = AzureSession.Instance.DataStore; } AzureSession.Instance.DataStore = datastore; var rmprofile = new AzureRmProfile(Path.Combine(AzureSession.Instance.ProfileDirectory, AzureSession.Instance.ProfileFile)); rmprofile.EnvironmentTable.Add("foo", new AzureEnvironment(AzureEnvironment.PublicEnvironments.Values.FirstOrDefault())); rmprofile.DefaultContext = new AzureContext(new AzureSubscription(), new AzureAccount(), rmprofile.EnvironmentTable["foo"], new AzureTenant()); rmprofile.DefaultContext.Subscription.SetEnvironment("foo"); if (AzureRmProfileProvider.Instance.Profile == null) { AzureRmProfileProvider.Instance.Profile = rmprofile; } AzureSession.Instance.DataStore = datastore; // Ignore SSL errors System.Net.ServicePointManager.ServerCertificateValidationCallback += (se, cert, chain, sslerror) => true; #if !NETSTANDARD ServiceManagementProfileProvider.InitializeServiceManagementProfile(); var profile = new AzureSMProfile(Path.Combine(AzureSession.Instance.ProfileDirectory, AzureSession.Instance.ProfileFile)); ProfileClient = new ProfileClient(profile); AdalTokenCache.ClearCookies(); #endif // Set RunningMocked TestMockSupport.RunningMocked = HttpMockServer.GetCurrentMode() == HttpRecorderMode.Playback; if (File.Exists(Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.UserProfile), ".azure", "testcredentials.json"))) { SetEnvironmentVariableFromCredentialFile(); } }
public void ConfigureAuth(IAppBuilder app) { app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType); app.UseCookieAuthentication(new CookieAuthenticationOptions { }); app.UseOpenIdConnectAuthentication( new OpenIdConnectAuthenticationOptions { ClientId = ClientId, Authority = Authority, TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters { // we inject our own multitenant validation logic ValidateIssuer = false, }, Notifications = new OpenIdConnectAuthenticationNotifications() { RedirectToIdentityProvider = (context) => { // This ensures that the address used for sign in and sign out is picked up dynamically from the request // this allows you to deploy your app (to Azure Web Sites, for example) without having to change settings // Remember that the base URL of the address used here must be provisioned in Azure AD beforehand. //string appBaseUrl = context.Request.Scheme + "://" + context.Request.Host + context.Request.PathBase; object obj = null; if (context.OwinContext.Environment.TryGetValue("Authority", out obj)) { string authority = obj as string; if (authority != null) { context.ProtocolMessage.IssuerAddress = authority; } } if (context.OwinContext.Environment.TryGetValue("DomainHint", out obj)) { string domainHint = obj as string; if (domainHint != null) { context.ProtocolMessage.SetParameter("domain_hint", domainHint); } } context.ProtocolMessage.RedirectUri = HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path); context.ProtocolMessage.PostLogoutRedirectUri = new UrlHelper(HttpContext.Current.Request.RequestContext).Action("Index", "Home", null, HttpContext.Current.Request.Url.Scheme); context.ProtocolMessage.Resource = GraphApiIdentifier; return(Task.FromResult(0)); }, AuthorizationCodeReceived = (context) => { ClientCredential credential = new ClientCredential(ClientId, Password); string tenantID = context.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value; string signedInUserUniqueName = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.Name).Value.Split('#')[context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.Name).Value.Split('#').Length - 1]; AdalTokenCache cache = new AdalTokenCache(signedInUserUniqueName); cache.Clear(); AuthenticationContext authContext = new AuthenticationContext( String.Format("https://login.microsoftonline.com/{0}", tenantID), new AdalTokenCache(signedInUserUniqueName)); var items = authContext.TokenCache.ReadItems().ToList(); AuthenticationResult result1 = authContext.AcquireTokenByAuthorizationCodeAsync( context.Code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential).GetAwaiter().GetResult(); items = authContext.TokenCache.ReadItems().ToList(); AuthenticationResult result2 = authContext.AcquireTokenSilentAsync( AzureResourceManagerIdentifier, credential, new UserIdentifier(signedInUserUniqueName, UserIdentifierType.RequiredDisplayableId)).GetAwaiter().GetResult(); items = authContext.TokenCache.ReadItems().ToList(); return(Task.FromResult(0)); }, // we use this notification for injecting our custom logic SecurityTokenValidated = (context) => { // retriever caller data from the incoming principal string issuer = context.AuthenticationTicket.Identity.FindFirst("iss").Value; if (!issuer.StartsWith("https://sts.windows.net/")) { // the caller is not from a trusted issuer - throw to block the authentication flow throw new System.IdentityModel.Tokens.SecurityTokenValidationException(); } return(Task.FromResult(0)); }, AuthenticationFailed = (context) => { context.OwinContext.Response.Redirect(new UrlHelper(HttpContext.Current.Request.RequestContext). Action("Error", "Home", new { ExceptionDetails = context.Exception.Message }, HttpContext.Current.Request.Url.Scheme)); context.HandleResponse(); // Suppress the exception return(Task.FromResult(0)); } } }); }