/// <summary> /// Adds claims for the currently authenticated user and returns a value indicating whether /// the pipeline should continue processing or not. /// </summary> /// <param name="httpContext">The <see cref="HttpContext"/> for the current request.</param> /// <param name="cancellationToken">A token to monitor for cancellation requests.</param> /// <returns> /// <c>true</c> if the next middleware should run; otherwise, <c>false</c>. /// </returns> public async Task <bool> AddClaimsAsync(HttpContext httpContext, CancellationToken cancellationToken) { if (httpContext == null) { throw new ArgumentNullException(nameof(httpContext)); } try { var claimsPrincipal = httpContext.User as ClaimsPrincipal; if (claimsPrincipal?.Identity?.IsAuthenticated != true) { return(true); } var accessToken = await _tokenAcquisition.GetAccessTokenOnBehalfOfUserAsync(Options.RequestedScopes).ConfigureAwait(false); await AddGroupsClaimsAsync(claimsPrincipal, accessToken, cancellationToken).ConfigureAwait(false); return(true); } catch (MsalUiRequiredException ex) { _tokenAcquisition.ReplyForbiddenWithWwwAuthenticateHeader(Options.RequestedScopes, ex); return(false); } }
public async Task <dynamic> CallGraphApiOnBehalfOfUser(string operation) { string[] scopes = { "User.Read" }; // we use MSAL.NET to get a token to call the API On Behalf Of the current user try { string accessToken = await _tokenAcquisition.GetAccessTokenForUserAsync(scopes); GraphHelper.Initialize(accessToken); User me; switch (operation) { case "getMe": me = await GraphHelper.GetMeAsync(); dynamic getMe = me; return(getMe); default: break; } } catch (MsalUiRequiredException ex) { _tokenAcquisition.ReplyForbiddenWithWwwAuthenticateHeader(scopes, ex); return(null); } return(null); }
public async Task <List <Deals> > GetDealsOnBehalfOfUser() { string[] scopes = { ".default" }; // we use MSAL.NET to get a token to call the API On Behalf Of the current user try { string accessToken = await _tokenAcquisition.GetAccessTokenOnBehalfOfUserAsync(scopes); dynamic me = await GetDealsOnBehalfOfUser(accessToken); return(me); } catch (MsalUiRequiredException ex) { _tokenAcquisition.ReplyForbiddenWithWwwAuthenticateHeader(scopes, ex); return(null); } }
public async Task <UserInfo> CallGraphApiOnBehalfOfUser() { string[] scopes = { "user.read" }; UserInfo ret = null; // we use MSAL.NET to get a token to call the API On Behalf Of the current user try { string accessToken = await _tokenAcquisition.GetAccessTokenForUserAsync(scopes); ret = await CallGraphApiOnBehalfOfUser(accessToken); } catch (MsalUiRequiredException ex) { _tokenAcquisition.ReplyForbiddenWithWwwAuthenticateHeader(scopes, ex); } return(ret); }
public async Task <string> CallGraphApiOnBehalfOfUser() { string[] scopes = { "user.read" }; // we use MSAL.NET to get a token to call the API On Behalf Of the current user try { string accessToken = await _tokenAcquisition.GetAccessTokenOnBehalfOfUser(HttpContext, scopes); dynamic me = await CallGraphApiOnBehalfOfUser(accessToken); return(me.userPrincipalName); } catch (MsalUiRequiredException ex) { _tokenAcquisition.ReplyForbiddenWithWwwAuthenticateHeader(HttpContext, scopes, ex); return(string.Empty); } }
public async Task <List <string> > CallGraphApiOnBehalfOfUser() { string[] scopes = { "user.read.all" }; // we use MSAL.NET to get a token to call the API On Behalf Of the current user try { List <string> userList = new List <string>(); string accessToken = await _tokenAcquisition.GetAccessTokenForUserAsync(scopes); IEnumerable <User> users = await CallGraphApiOnBehalfOfUser(accessToken); userList = users.Select(x => x.UserPrincipalName).ToList(); return(userList); } catch (MsalUiRequiredException ex) { _tokenAcquisition.ReplyForbiddenWithWwwAuthenticateHeader(scopes, ex); throw ex; } }
public async Task <dynamic> CallGraphApiOnBehalfOfUser() { string[] scopes = { "User.Read" }; dynamic response; // we use MSAL.NET to get a token to call the API On Behalf Of the current user try { string accessToken = await _tokenAcquisition.GetAccessTokenForUserAsync(scopes); GraphHelper.Initialize(accessToken); User me = await GraphHelper.GetMeAsync(); response = me; } catch (MsalUiRequiredException ex) { _tokenAcquisition.ReplyForbiddenWithWwwAuthenticateHeader(scopes, ex); return("interaction required"); } return(response); }
public async void Post([FromBody] TodoItem todo) { string owner = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; #if ENABLE_OBO // This is a synchronous call, so that the clients know, when they call Get, that the // call to the downstream API (Microsoft Graph) has completed. try { User user = _graphServiceClient.Me.Request().GetAsync().GetAwaiter().GetResult(); string title = string.IsNullOrWhiteSpace(user.UserPrincipalName) ? todo.Title : $"{todo.Title} ({user.UserPrincipalName})"; TodoStore.Add(new TodoItem { Owner = owner, Title = title }); } catch (MsalException ex) { HttpContext.Response.ContentType = "text/plain"; HttpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized; await HttpContext.Response.WriteAsync("An authentication error occurred while acquiring a token for downstream API\n" + ex.ErrorCode + "\n" + ex.Message); } catch (Exception ex) { if (ex.InnerException is MicrosoftIdentityWebChallengeUserException challengeException) { _tokenAcquisition.ReplyForbiddenWithWwwAuthenticateHeader(_graphOptions.Value.Scopes.Split(' '), challengeException.MsalUiRequiredException); } else { HttpContext.Response.ContentType = "text/plain"; HttpContext.Response.StatusCode = (int)HttpStatusCode.BadRequest; await HttpContext.Response.WriteAsync("An error occurred while calling the downstream API\n" + ex.Message); } } #endif }