/// <summary>
/// Adds claims for the currently authenticated user and returns a value indicating whether
/// the pipeline should continue processing or not.
/// </summary>
/// <param name="httpContext">The <see cref="HttpContext"/> for the current request.</param>
/// <param name="cancellationToken">A token to monitor for cancellation requests.</param>
/// <returns>
/// <c>true</c> if the next middleware should run; otherwise, <c>false</c>.
/// </returns>
public async Task <bool> AddClaimsAsync(HttpContext httpContext, CancellationToken cancellationToken)
{
if (httpContext == null)
{
throw new ArgumentNullException(nameof(httpContext));
}
try
{
var claimsPrincipal = httpContext.User as ClaimsPrincipal;
if (claimsPrincipal?.Identity?.IsAuthenticated != true)
{
return(true);
}
var accessToken = await _tokenAcquisition.GetAccessTokenOnBehalfOfUserAsync(Options.RequestedScopes).ConfigureAwait(false);
await AddGroupsClaimsAsync(claimsPrincipal, accessToken, cancellationToken).ConfigureAwait(false);
return(true);
}
catch (MsalUiRequiredException ex)
{
_tokenAcquisition.ReplyForbiddenWithWwwAuthenticateHeader(Options.RequestedScopes, ex);
return(false);
}
}
public async Task <dynamic> CallGraphApiOnBehalfOfUser(string operation)
{
string[] scopes = { "User.Read" };
// we use MSAL.NET to get a token to call the API On Behalf Of the current user
try
{
string accessToken = await _tokenAcquisition.GetAccessTokenForUserAsync(scopes);
GraphHelper.Initialize(accessToken);
User me;
switch (operation)
{
case "getMe":
me = await GraphHelper.GetMeAsync();
dynamic getMe = me;
return(getMe);
default:
break;
}
}
catch (MsalUiRequiredException ex)
{
_tokenAcquisition.ReplyForbiddenWithWwwAuthenticateHeader(scopes, ex);
return(null);
}
return(null);
}
public async Task <List <Deals> > GetDealsOnBehalfOfUser()
{
string[] scopes = { ".default" };
// we use MSAL.NET to get a token to call the API On Behalf Of the current user
try
{
string accessToken = await _tokenAcquisition.GetAccessTokenOnBehalfOfUserAsync(scopes);
dynamic me = await GetDealsOnBehalfOfUser(accessToken);
return(me);
}
catch (MsalUiRequiredException ex)
{
_tokenAcquisition.ReplyForbiddenWithWwwAuthenticateHeader(scopes, ex);
return(null);
}
}
public async Task <UserInfo> CallGraphApiOnBehalfOfUser()
{
string[] scopes = { "user.read" };
UserInfo ret = null;
// we use MSAL.NET to get a token to call the API On Behalf Of the current user
try
{
string accessToken = await _tokenAcquisition.GetAccessTokenForUserAsync(scopes);
ret = await CallGraphApiOnBehalfOfUser(accessToken);
}
catch (MsalUiRequiredException ex)
{
_tokenAcquisition.ReplyForbiddenWithWwwAuthenticateHeader(scopes, ex);
}
return(ret);
}
public async Task <string> CallGraphApiOnBehalfOfUser()
{
string[] scopes = { "user.read" };
// we use MSAL.NET to get a token to call the API On Behalf Of the current user
try
{
string accessToken = await _tokenAcquisition.GetAccessTokenOnBehalfOfUser(HttpContext, scopes);
dynamic me = await CallGraphApiOnBehalfOfUser(accessToken);
return(me.userPrincipalName);
}
catch (MsalUiRequiredException ex)
{
_tokenAcquisition.ReplyForbiddenWithWwwAuthenticateHeader(HttpContext, scopes, ex);
return(string.Empty);
}
}
public async Task <List <string> > CallGraphApiOnBehalfOfUser()
{
string[] scopes = { "user.read.all" };
// we use MSAL.NET to get a token to call the API On Behalf Of the current user
try
{
List <string> userList = new List <string>();
string accessToken = await _tokenAcquisition.GetAccessTokenForUserAsync(scopes);
IEnumerable <User> users = await CallGraphApiOnBehalfOfUser(accessToken);
userList = users.Select(x => x.UserPrincipalName).ToList();
return(userList);
}
catch (MsalUiRequiredException ex)
{
_tokenAcquisition.ReplyForbiddenWithWwwAuthenticateHeader(scopes, ex);
throw ex;
}
}
public async Task <dynamic> CallGraphApiOnBehalfOfUser()
{
string[] scopes = { "User.Read" };
dynamic response;
// we use MSAL.NET to get a token to call the API On Behalf Of the current user
try
{
string accessToken = await _tokenAcquisition.GetAccessTokenForUserAsync(scopes);
GraphHelper.Initialize(accessToken);
User me = await GraphHelper.GetMeAsync();
response = me;
}
catch (MsalUiRequiredException ex)
{
_tokenAcquisition.ReplyForbiddenWithWwwAuthenticateHeader(scopes, ex);
return("interaction required");
}
return(response);
}
public async void Post([FromBody] TodoItem todo)
{
string owner = User.FindFirst(ClaimTypes.NameIdentifier)?.Value;
#if ENABLE_OBO
// This is a synchronous call, so that the clients know, when they call Get, that the
// call to the downstream API (Microsoft Graph) has completed.
try
{
User user = _graphServiceClient.Me.Request().GetAsync().GetAwaiter().GetResult();
string title = string.IsNullOrWhiteSpace(user.UserPrincipalName) ? todo.Title : $"{todo.Title} ({user.UserPrincipalName})";
TodoStore.Add(new TodoItem {
Owner = owner, Title = title
});
}
catch (MsalException ex)
{
HttpContext.Response.ContentType = "text/plain";
HttpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
await HttpContext.Response.WriteAsync("An authentication error occurred while acquiring a token for downstream API\n" + ex.ErrorCode + "\n" + ex.Message);
}
catch (Exception ex)
{
if (ex.InnerException is MicrosoftIdentityWebChallengeUserException challengeException)
{
_tokenAcquisition.ReplyForbiddenWithWwwAuthenticateHeader(_graphOptions.Value.Scopes.Split(' '),
challengeException.MsalUiRequiredException);
}
else
{
HttpContext.Response.ContentType = "text/plain";
HttpContext.Response.StatusCode = (int)HttpStatusCode.BadRequest;
await HttpContext.Response.WriteAsync("An error occurred while calling the downstream API\n" + ex.Message);
}
}
#endif
}
