Esempio n. 1
0
        /// <inheritdoc/>
        public async Task <HttpResponseMessage> CallWebApiForUserAsync(
            string serviceName,
            string?authenticationScheme = null,
            Action <DownstreamWebApiOptions>?calledDownstreamWebApiOptionsOverride = null,
            ClaimsPrincipal?user  = null,
            StringContent?content = null)
        {
            DownstreamWebApiOptions effectiveOptions = MergeOptions(serviceName, calledDownstreamWebApiOptionsOverride);

            if (string.IsNullOrEmpty(effectiveOptions.Scopes))
            {
                throw new ArgumentException(IDWebErrorMessage.ScopesNotConfiguredInConfigurationOrViaDelegate);
            }

            MicrosoftIdentityOptions microsoftIdentityOptions = _microsoftIdentityOptionsMonitor
                                                                .Get(_tokenAcquisition.GetEffectiveAuthenticationScheme(authenticationScheme));

            string apiUrl = effectiveOptions.GetApiUrl();

            CreateProofOfPossessionConfiguration(effectiveOptions, apiUrl);

            string?userflow;

            if (microsoftIdentityOptions.IsB2C && string.IsNullOrEmpty(effectiveOptions.UserFlow))
            {
                userflow = microsoftIdentityOptions.DefaultUserFlow;
            }
            else
            {
                userflow = effectiveOptions.UserFlow;
            }

            AuthenticationResult authResult = await _tokenAcquisition.GetAuthenticationResultForUserAsync(
                effectiveOptions.GetScopes(),
                authenticationScheme,
                effectiveOptions.Tenant,
                userflow,
                user,
                effectiveOptions.TokenAcquisitionOptions)
                                              .ConfigureAwait(false);

            using (HttpRequestMessage httpRequestMessage = new HttpRequestMessage(
                       effectiveOptions.HttpMethod,
                       apiUrl))
            {
                if (content != null)
                {
                    httpRequestMessage.Content = content;
                }

                httpRequestMessage.Headers.Add(
                    Constants.Authorization,
                    authResult.CreateAuthorizationHeader());
                effectiveOptions.CustomizeHttpRequestMessage?.Invoke(httpRequestMessage);
                return(await _httpClient.SendAsync(httpRequestMessage).ConfigureAwait(false));
            }
        }