private Graph::GraphServiceClient GetGraphServiceClient(string[] scopes, string tenantId)
{
return(GraphServiceClientFactory.GetAuthenticatedGraphClient(async() =>
{
string result = await _tokenAcquisition.GetAccessTokenOnBehalfOfUserAsync(scopes);
return result;
}, _webOptions.GraphApiUrl));
}
public async Task <IActionResult> Profile()
{
var accessToken =
await tokenAcquisition.GetAccessTokenOnBehalfOfUserAsync(new[] { Constants.ScopeUserRead });
var me = await graphApiOperations.GetUserInformation(accessToken);
var photo = await graphApiOperations.GetPhotoAsBase64Async(accessToken);
ViewData["Me"] = me;
ViewData["Photo"] = photo;
return(View());
}
public async Task <IActionResult> Index()
{
// Using group ids/names in the IsInRole method
// var isinrole = User.IsInRole("8873daa2-17af-4e72-973e-930c94ef7549");
string accessToken = await tokenAcquisition.GetAccessTokenOnBehalfOfUserAsync(new[] { Constants.ScopeUserRead, Constants.ScopeDirectoryReadAll });
User me = await graphService.GetMeAsync(accessToken);
ViewData["Me"] = me;
try
{
var photo = await graphService.GetMyPhotoAsync(accessToken);
ViewData["Photo"] = photo;
}
catch
{
//swallow
}
IList <Group> groups = await graphService.GetMyMemberOfGroupsAsync(accessToken);
ViewData["Groups"] = groups;
return(View());
}
/// <summary>
/// Adds claims for the currently authenticated user and returns a value indicating whether
/// the pipeline should continue processing or not.
/// </summary>
/// <param name="httpContext">The <see cref="HttpContext"/> for the current request.</param>
/// <param name="cancellationToken">A token to monitor for cancellation requests.</param>
/// <returns>
/// <c>true</c> if the next middleware should run; otherwise, <c>false</c>.
/// </returns>
public async Task <bool> AddClaimsAsync(HttpContext httpContext, CancellationToken cancellationToken)
{
if (httpContext == null)
{
throw new ArgumentNullException(nameof(httpContext));
}
try
{
var claimsPrincipal = httpContext.User as ClaimsPrincipal;
if (claimsPrincipal?.Identity?.IsAuthenticated != true)
{
return(true);
}
var accessToken = await _tokenAcquisition.GetAccessTokenOnBehalfOfUserAsync(Options.RequestedScopes).ConfigureAwait(false);
await AddGroupsClaimsAsync(claimsPrincipal, accessToken, cancellationToken).ConfigureAwait(false);
return(true);
}
catch (MsalUiRequiredException ex)
{
_tokenAcquisition.ReplyForbiddenWithWwwAuthenticateHeader(Options.RequestedScopes, ex);
return(false);
}
}
public async Task <IActionResult> Index()
{
// Using group ids/names in the IsInRole method
// var isinrole = User.IsInRole("a9cccbf0-6fb5-41ec-a45b-e76e57fd241a");
ViewData["User"] = HttpContext.User;
string accessToken = await tokenAcquisition.GetAccessTokenOnBehalfOfUserAsync(new[] { Constants.ScopeUserRead, Constants.ScopeDirectoryReadAll });
User me = await graphService.GetMeAsync(accessToken);
ViewData["Me"] = me;
try
{
var photo = await graphService.GetMyPhotoAsync(accessToken);
ViewData["Photo"] = photo;
}
catch
{
//swallow
}
IList <Group> groups = await graphService.GetMyMemberOfGroupsAsync(accessToken);
ViewData["Groups"] = groups;
return(View());
}
private Graph::GraphServiceClient GetGraphServiceClient(string[] scopes)
{
return(GraphServiceClientFactory.GetAuthenticatedGraphClient(async() =>
{
string result = await tokenAcquisition.GetAccessTokenOnBehalfOfUserAsync(scopes);
return result;
}, "https://graph.microsoft.com/beta"));
}
private GraphServiceClient GetGraphServiceClient()
{
return(GraphServiceClientFactory.GetAuthenticatedGraphClient(async() =>
{
string result = await _tokenAcquisition.GetAccessTokenOnBehalfOfUserAsync(_azureAdOptions.GraphScopes.Split(' '));
return result;
}, _azureAdOptions.GraphApiUrl));
}
public async Task OnGet()
{
//var accessToken = HttpContext.GetTokenAsync(AzureADDefaults.AuthenticationScheme, "access_token").Result;
//var idToken = HttpContext.GetTokenAsync(AzureADDefaults.AuthenticationScheme, "id_token").Result;
//var claimsToken = User.Claims.FirstOrDefault(c => c.Type == "token")?.Value;
//Redirect($"https://localhost:/#id_token={claimsToken}");
AccessToken = await _tokenAcquisition.GetAccessTokenOnBehalfOfUserAsync(new[] { "api://a1378021-3598-476b-bfc6-80fdd56275c9/Weather.Read" });
}
public async Task <Subscription> GetSubscriptionAsync(Guid tenantId)
{
var token = _tokenAcquisition.GetAccessTokenOnBehalfOfUserAsync(_configuration["SaaSWebApi:Scopes"].Split(' '));
using var requestMessage = new HttpRequestMessage(HttpMethod.Get,
$"{_configuration["SaaSWebApi:BaseAddress"]}/api/Subscriptions");
requestMessage.Headers.Authorization = new AuthenticationHeaderValue("Bearer", await token);
var httpClient = _httpClientFactory.CreateClient();
var response = await httpClient.SendAsync(requestMessage);
var json = await response.Content.ReadAsStringAsync();
var subscription = JsonConvert.DeserializeObject <List <Subscription> >(json)
.Where(subscription => subscription.TenantId == tenantId).FirstOrDefault();
return(subscription);
}
public async Task <List <Deals> > GetDealsOnBehalfOfUser()
{
string[] scopes = { ".default" };
// we use MSAL.NET to get a token to call the API On Behalf Of the current user
try
{
string accessToken = await _tokenAcquisition.GetAccessTokenOnBehalfOfUserAsync(scopes);
dynamic me = await GetDealsOnBehalfOfUser(accessToken);
return(me);
}
catch (MsalUiRequiredException ex)
{
_tokenAcquisition.ReplyForbiddenWithWwwAuthenticateHeader(scopes, ex);
return(null);
}
}
public async Task <IActionResult> Groups()
{
string[] scopes = new[] { GraphScopes.DirectoryReadAll };
GraphServiceClient graphServiceClient = GraphServiceClientFactory.GetAuthenticatedGraphClient(async() =>
{
string result = await tokenAcquisition.GetAccessTokenOnBehalfOfUserAsync(scopes);
return(result);
}, webOptions.GraphApiUrl);
var groups = await graphServiceClient.Me.MemberOf.Request().GetAsync();
ViewData["Groups"] = groups.CurrentPage;
return(View());
}
public async Task <IActionResult> Index()
{
string accessToken = await tokenAcquisition.GetAccessTokenOnBehalfOfUserAsync(new[] { Constants.ScopeUserRead, Constants.ScopeDirectoryReadAll });
User me = await graphService.GetMeAsync(accessToken);
var photo = await graphService.GetMyPhotoAsync(accessToken);
IList <Group> groups = await graphService.GetMyMemberOfGroupsAsync(accessToken);
ViewData["Me"] = me;
ViewData["Photo"] = photo;
ViewData["Groups"] = groups;
return(View());
}
public async Task <string> CallGraphApiOnBehalfOfUser()
{
string[] scopes = { "user.read" };
// we use MSAL.NET to get a token to call the API On Behalf Of the current user
try
{
string accessToken = await _tokenAcquisition.GetAccessTokenOnBehalfOfUserAsync(scopes);
dynamic me = await CallGraphApiOnBehalfOfUser(accessToken);
return(me.userPrincipalName);
}
catch (MsalUiRequiredException ex)
{
_tokenAcquisition.ReplyForbiddenWithWwwAuthenticateHeader(scopes, ex);
return(string.Empty);
}
}
public async Task <List <IEFObject> > SetupAsync(string domainId, bool readOnly)
{
using (_logger.BeginScope("SetupAsync: {0} - Read only: {1}", domainId, readOnly))
{
_readOnly = readOnly;
try
{
var token = await _tokenAcquisition.GetAccessTokenOnBehalfOfUserAsync(
readOnly?Constants.ReadOnlyScopes : Constants.ReadWriteScopes,
domainId);
_http = new HttpClient();
_http.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", token);
_actions = new List <IEFObject>();
await SetupIEFAppsAsync(domainId);
await SetupKeysAsync();
var extAppId = await GetAppIdAsync("b2c-extensions-app");
_actions.Add(new IEFObject()
{
Name = "Extensions app: appId",
Id = extAppId,
Status = String.IsNullOrEmpty(extAppId) ? IEFObject.S.NotFound : IEFObject.S.Existing
});
extAppId = await GetAppIdAsync("b2c-extensions-app", true);
_actions.Add(new IEFObject()
{
Name = "Extensions app: objectId",
Id = extAppId,
Status = String.IsNullOrEmpty(extAppId) ? IEFObject.S.NotFound : IEFObject.S.Existing
});
} catch (Exception ex)
{
_logger.LogError(ex, "SetupAsync failed");
}
}
return(_actions);
}
public async Task <IActionResult> Edit(int id)
{
TodoItem todoItem = await _todoItemService.Get(id, User);
if (todoItem == null)
{
TempData["ErrorMessage"] = "Item not found";
return(RedirectToAction("Error", "Home"));
}
var userTenant = User.GetTenantId();
// Acquiring token for graph in the signed-in users tenant, so it can be used to retrieve all the users from their tenant
var graphAccessToken = await _tokenAcquisition.GetAccessTokenOnBehalfOfUserAsync(new string[] { GraphScope.UserReadAll }, userTenant);
TempData["UsersDropDown"] = (await _msGraphService.GetUsersAsync(graphAccessToken))
.Select(u => new SelectListItem
{
Text = u.UserPrincipalName,
Value = u.Id
}).ToList();
return(View(todoItem));
}
public async Task <IActionResult> OnGet()
{
if (!User.Identity.IsAuthenticated)
{
return(Redirect("/"));
}
foreach (Claim claim in User.Claims)
{
if (claim.Type.Contains("objectidentifier") || claim.Type.Contains("oid"))
{
oid = claim.Value;
}
if (claim.Type.Contains("tenant") || claim.Type.Contains("tid"))
{
tenantId = claim.Value;
}
if (claim.Type == "name")
{
name = claim.Value;
}
if (claim.Type == "preferred_username")
{
preferredUsername = claim.Value;
}
//Console.WriteLine("### Claim: " + claim.Type + " == " + claim.Value);
}
username = User.Identity.Name;
// Graph stuff
// Acquire the access token
try {
string[] scopes = new string[] { "user.read" };
string accessToken = await _tokenAcquisition.GetAccessTokenOnBehalfOfUserAsync(scopes);
// Create a client
var graphClient = new GraphServiceClient(
new DelegateAuthenticationProvider(
(requestMessage) =>
{
requestMessage.Headers.Authorization = new AuthenticationHeaderValue("bearer", accessToken);
return(Task.FromResult(0));
}));
// Fetch user details
var user = await graphClient.Me
.Request()
.GetAsync();
graphData.Add("UPN", user.UserPrincipalName);
graphData.Add("Given Name", user.GivenName);
graphData.Add("Display Name", user.DisplayName);
graphData.Add("Office", user.OfficeLocation);
graphData.Add("Mobile", user.MobilePhone);
graphData.Add("Other Phone", user.BusinessPhones.Count() > 0 ? user.BusinessPhones.First() : "");
graphData.Add("Job Title", user.JobTitle);
// Fetch user photo
try {
Stream pictureStream = await graphClient
.Me
.Photos["432x432"]
.Content
.Request()
.GetAsync();
// Convert to bytes
graphPhoto = ToByteArray(pictureStream);
} catch (Exception e) {
_logger.LogWarning(e.ToString());
}
} catch (Exception) {
return(Redirect("/"));
}
return(Page());
}
/// <summary>
/// Gets a new access token on behalf of the user
/// </summary>
/// <returns>JWT in string format</returns>
public async Task <string> GetAccessToken()
{
return(await tokenAcquisition.GetAccessTokenOnBehalfOfUserAsync(new[] { this.backendScope }));
}
public async Task <List <IEFObject> > SetupAsync(string domainId, bool removeFb, string dirDomainName, bool initialisePhoneSignInJourneys, string PolicySample)
{
using (_logger.BeginScope("SetupAsync: {0} - Read only: {1}", domainId, removeFb))
{
_actions = new List <IEFObject>();
if (PolicySample != "null")
{
var token = await _tokenAcquisition.GetAccessTokenOnBehalfOfUserAsync(
Constants.ReadWriteScopes,
domainId);
_http = new HttpClient();
_http.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", token);
HttpClient _httpToRepoAPI = new HttpClient();
string urlToFetchPolices = "https://-/api/FetchRepo?policyname=" + PolicySample;
var json = await _httpToRepoAPI.GetStringAsync(urlToFetchPolices);
var value = JArray.Parse(json);
var rawPolicyFileNames = new List <string>();
foreach (string url in value)
{
rawPolicyFileNames.Add(url);
}
//if we found ext file, move to top
var regexExtensions = @"\w*Extensions\w*";
var indexExtensions = -1;
indexExtensions = rawPolicyFileNames.FindIndex(d => regexExtensions.Any(s => Regex.IsMatch(d.ToString(), regexExtensions)));
if (indexExtensions > -1)
{
rawPolicyFileNames.Insert(0, rawPolicyFileNames[indexExtensions]);
rawPolicyFileNames.RemoveAt(indexExtensions + 1);
}
//if we found base file, move to top
var regexBase = @"\w*Base\w*";
var indexBase = -1;
indexBase = rawPolicyFileNames.FindIndex(d => regexBase.Any(s => Regex.IsMatch(d.ToString(), regexBase)));
if (indexBase > -1)
{
rawPolicyFileNames.Insert(0, rawPolicyFileNames[indexBase]);
rawPolicyFileNames.RemoveAt(indexBase + 1);
}
var policyFileList = new List <string>();
foreach (string url in rawPolicyFileNames)
{
policyFileList.Add(new WebClient().DownloadString(url));
}
for (int i = 0; i < policyFileList.Count; i++)
{
policyFileList[i] = policyFileList[i].Replace("yourtenant.onmicrosoft.com", dirDomainName + ".onmicrosoft.com");
}
//build k-v pair list of policyId:policyFilen
var policyList = buildPolicyListByPolicyId(policyFileList);
await UploadPolicyFiles(policyList);
return(_actions);
}
if (PolicySample == "null")
{
_removeFb = removeFb;
try
{
var token = await _tokenAcquisition.GetAccessTokenOnBehalfOfUserAsync(
Constants.ReadWriteScopes,
domainId);
_http = new HttpClient();
_http.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", token);
await SetupIEFAppsAsync(domainId);
await SetupKeysAsync();
var extAppId = await GetAppIdAsync("b2c-extensions-app");
_actions.Add(new IEFObject()
{
Name = "Extensions app: appId",
Id = extAppId,
Status = String.IsNullOrEmpty(extAppId) ? IEFObject.S.NotFound : IEFObject.S.Exists
});
extAppId = await GetAppIdAsync("b2c-extensions-app", true);
_actions.Add(new IEFObject()
{
Name = "Extensions app: objectId",
Id = extAppId,
Status = String.IsNullOrEmpty(extAppId) ? IEFObject.S.NotFound : IEFObject.S.Exists
});
} catch (Exception ex)
{
_logger.LogError(ex, "SetupAsync failed");
}
//actions structure
//ief app 0
//proxyief app 1
//extension appid 4
//extension objectId 5
//download localAndSocialStarterPack
// returns list policyId: policyXML
var policyList = GetPolicyFiles(removeFb, dirDomainName, initialisePhoneSignInJourneys);
// Strip UJs from SocialLocalMFA base file
// Take UJs from Local base file and put it in Extensions file
if (removeFb)
{
// Remove default social and local and mfa user journeys
XmlDocument socialAndLocalBase = new XmlDocument();
socialAndLocalBase.LoadXml(policyList.First(kvp => kvp.Key == "B2C_1A_TrustFrameworkBase").Value);
var nsmgr = new XmlNamespaceManager(socialAndLocalBase.NameTable);
nsmgr.AddNamespace("xsl", "http://schemas.microsoft.com/online/cpim/schemas/2013/06");
XmlNode socialAndMFAJourneys = socialAndLocalBase.SelectSingleNode("/xsl:TrustFrameworkPolicy/xsl:UserJourneys", nsmgr);
socialAndMFAJourneys.RemoveAll();
XmlNode parentSocialAndMFAJourneys = socialAndMFAJourneys.ParentNode;
parentSocialAndMFAJourneys.RemoveChild(socialAndMFAJourneys);
XmlNode facebookTP = socialAndLocalBase.SelectSingleNode("/xsl:TrustFrameworkPolicy/xsl:ClaimsProviders/xsl:ClaimsProvider[1]", nsmgr);
facebookTP.RemoveAll();
XmlNode parentfacebookTP = facebookTP.ParentNode;
parentfacebookTP.RemoveChild(facebookTP);
//policyList.RemoveAll(kvp => kvp.Key == "B2C_1A_TrustFrameworkBase");
policyList["B2C_1A_TrustFrameworkBase"] = socialAndLocalBase.OuterXml;
//policyList.Add(new KeyValuePair<string, string>("B2C_1A_TrustFrameworkBase", socialAndLocalBase.OuterXml));
// Insert user journeys from LocalAccounts base file into Ext file.
XmlDocument localBase = new XmlDocument();
string baseFileLocal = new WebClient().DownloadString("https://raw.githubusercontent.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/master/LocalAccounts/TrustFrameworkBase.xml");
localBase.LoadXml(baseFileLocal);
XmlNode localBaseJourneys = localBase.SelectSingleNode("/xsl:TrustFrameworkPolicy/xsl:UserJourneys", nsmgr);
string localJourneysString = localBaseJourneys.OuterXml;
localJourneysString.Replace("<UserJourneys xmlns=\"http://schemas.microsoft.com/online/cpim/schemas/2013/06\">", "<UserJourneys>");
string extFile = policyList.First(kvp => kvp.Key == "B2C_1A_TrustFrameworkExtensions").Value;
extFile = extFile.Replace("</TrustFrameworkPolicy>", localJourneysString + "</TrustFrameworkPolicy>");
extFile.Replace("yourtenant.onmicrosoft.com", dirDomainName + ".onmicrosoft.com");
//policyList.RemoveAll(kvp => kvp.Key == "B2C_1A_TrustFrameworkExtensions");
//policyList.Add(new KeyValuePair<string, string>("B2C_1A_TrustFrameworkExtensions", extFile));
policyList["B2C_1A_TrustFrameworkExtensions"] = extFile;
}
// setup login-noninteractive and ext attribute support
policyList = SetupAADCommon(policyList, initialisePhoneSignInJourneys);
if (!removeFb)
{
await SetupDummyFacebookSecret(removeFb);
}
else
{
_actions.Add(new IEFObject()
{
Name = "Facebook secret",
Id = "B2C_FacebookSecret",
Status = IEFObject.S.Skipped
});
}
await UploadPolicyFiles(policyList);
await CreateJwtMsTestApp();
}
}
return(_actions);
}
public async Task <IActionResult> Get()
{
var accessToken = await _tokenAcquisition.GetAccessTokenOnBehalfOfUserAsync(new[] { "api://a1378021-3598-476b-bfc6-80fdd56275c9/Weather.Read" });
return(Ok(new { token = accessToken }));
}
public async Task <IActionResult> GetSaaSWebApiAccessToken()
{
return(Ok(await _tokenAcquisition
.GetAccessTokenOnBehalfOfUserAsync(_saaSWebApiOptions.Scopes.Split(' '))));
}
