public async Task <Microsoft.Identity.Client.AuthenticationResult> GetAuthTokenAsync(
string clientid,
string tenantid,
string[] scopes,
string tokenfile,
bool govcloud = false)
{
app = govcloud ? Microsoft.Identity.Client.PublicClientApplicationBuilder.Create(clientid)
.WithAuthority(
Microsoft.Identity.Client.AzureCloudInstance.AzureUsGovernment,
tenantid)
.Build()
: Microsoft.Identity.Client.PublicClientApplicationBuilder.Create(clientid)
.WithTenantId(tenantid)
.Build();
SetSerialization(
app.UserTokenCache,
tokenfile);
Microsoft.Identity.Client.AuthenticationResult result = await GetAuthTokenAsync(scopes);
if ((result == null) && (govcloud))
{
app = Microsoft.Identity.Client.PublicClientApplicationBuilder.Create(clientid)
.WithTenantId(tenantid)
.Build();
SetSerialization(
app.UserTokenCache,
tokenfile);
result = await GetAuthTokenAsync(scopes);
}
return(result);
}
/// <summary>
/// Clears the authentication objects and cache data.
/// </summary>
public static void SignOut()
{
SoftmakeAll.SDK.Fluent.GeneralCacheHelper.Clear();
SoftmakeAll.SDK.Fluent.SDKContext.ClientWebSocket.DisposeAsync().ConfigureAwait(false);
SoftmakeAll.SDK.Fluent.SDKContext.InMemoryCredentials = null;
SoftmakeAll.SDK.Fluent.SDKContext.AuthenticationResult = null;
SoftmakeAll.SDK.Fluent.SDKContext.PublicClientApplication = null;
}
public XboxAuthentication(AuthenticationSettings authSettings, Microsoft.Identity.Client.AuthenticationResult microsoftAccount)
{
AuthSettings = authSettings;
XboxLive = XboxLiveAuthenticate(microsoftAccount.AccessToken);
XboxSecurityTokenService = XSTSAuthenticate(XboxLive.Token);
}
public static AuthResult FromMSALAuthenticationResult(Microsoft.Identity.Client.AuthenticationResult authResult, Microsoft.Identity.Client.TokenCache tokenCache)
{
var result = new AuthResult
{
AccessToken = authResult.Token,
UserName = $"{authResult.User.Name}",
UserUniqueId = authResult.User.UniqueId,
ExpiresOnUtcTicks = authResult.ExpiresOn.UtcTicks,
TokenCache = tokenCache.Serialize()
};
return(result);
}
public static TokenResponse ConvertAuthenticationResultToTokenResponse(Microsoft.Identity.Client.AuthenticationResult value)
{
return(new TokenResponse
{
token_type = "",
expires_in = "",
scope = string.Join(",", value.Scopes),
expires_on = value.ExpiresOn.ToString(),
not_before = "",
resource = "",
access_token = value.AccessToken,
// refresh_token = value.RefreshToken,
id_token = value.IdToken
});
}
public static AuthResult FromMSALAuthenticationResult(Microsoft.Identity.Client.AuthenticationResult authResult, Microsoft.Identity.Client.TokenCache tokenCache)
{
var TokenClaim = new System.IdentityModel.Tokens.JwtSecurityToken(authResult.IdToken);
var alias = TokenClaim.Claims.FirstOrDefault(m => m.Type == "preferred_username").Value;
var result = new AuthResult
{
AccessToken = authResult.Token,
IdToken = authResult.IdToken,
UserName = $"{authResult.User.Name}",
UserUniqueId = authResult.User.UniqueId,
ExpiresOnUtcTicks = authResult.ExpiresOn.UtcTicks,
TokenCache = tokenCache.Serialize(),
Alias = alias
};
return result;
}
private void RefreshToken()
{
Microsoft.Identity.Client.AuthenticationResult authResult =
msal.GetAuthTokenAsync(clientId,
tenantId,
accessScopes,
tokenFile
).GetAwaiter()
.GetResult();
if (authResult != null)
{
httpClient.DefaultRequestHeaders.Authorization =
new System.Net.Http.Headers.AuthenticationHeaderValue(
"Bearer",
authResult.AccessToken);
accessToken = authResult.AccessToken;
accessTokenCreated = DateTime.UtcNow;
}
}
private async Task <Microsoft.Identity.Client.AuthenticationResult> GetAuthTokenAsync(
IEnumerable <string> scopes)
{
Microsoft.Identity.Client.AuthenticationResult result = null;
var accounts = await app.GetAccountsAsync();
if (accounts.Any())
{
try
{
result = await app.AcquireTokenSilent(
scopes,
accounts.FirstOrDefault()
).ExecuteAsync();
}
catch (Exception ex)
{
throw ex;
}
}
if (result == null)
{
try
{
result = await app.AcquireTokenWithDeviceCode(
scopes,
deviceCodeResultCallback =>
{
Console.WriteLine(deviceCodeResultCallback.Message);
return(Task.FromResult(0));
}).ExecuteAsync();
}
catch (Exception ex)
{
throw ex;
}
}
return(result);
}
public Microsoft.SharePoint.Client.ClientContext GetClientContext(
string clientid,
string tenantid,
string url,
string[] scopes,
string tokenfile)
{
try
{
Microsoft.Identity.Client.AuthenticationResult authResult =
msal.GetAuthTokenAsync(clientid,
tenantid,
scopes,
tokenfile
).GetAwaiter()
.GetResult();
return(GetClientContext(GetValidAccessToken(), url));
}
catch (Exception ex)
{
throw ex;
}
}
/// <summary>
/// Authenticate user/application using Credentials.
/// </summary>
/// <param name="Credentials">Credentials to use during authentication process.</param>
public static async System.Threading.Tasks.Task AuthenticateAsync(SoftmakeAll.SDK.Fluent.Authentication.ICredentials Credentials)
{
if (Credentials != null)
{
SoftmakeAll.SDK.Fluent.SDKContext.SignOut();
SoftmakeAll.SDK.Fluent.SDKContext.InMemoryCredentials = Credentials;
// From AccessKey
if (Credentials.AuthenticationType == SoftmakeAll.SDK.Fluent.Authentication.AuthenticationTypes.Application)
{
SoftmakeAll.SDK.Fluent.SDKContext.InMemoryCredentials.Authorization = $"Basic {System.Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes($"{Credentials.ClientID}@{Credentials.ContextIdentifier.ToString().ToLower()}:{Credentials.ClientSecret}"))}";
SoftmakeAll.SDK.Fluent.SDKContext.InMemoryCredentials.Store();
await SoftmakeAll.SDK.Fluent.SDKContext.ClientWebSocket.ConfigureAsync(SoftmakeAll.SDK.Fluent.SDKContext.InMemoryCredentials.Authorization);
return;
}
}
else if (SoftmakeAll.SDK.Fluent.SDKContext.InMemoryCredentials == null)
{
try
{
System.Text.Json.JsonElement CacheData = SoftmakeAll.SDK.Fluent.GeneralCacheHelper.ReadString().ToJsonElement();
if (!(CacheData.IsValid()))
{
throw new System.Exception();
}
// From AccessKey
if (CacheData.GetInt32("AuthType") == (int)SoftmakeAll.SDK.Fluent.Authentication.AuthenticationTypes.Application)
{
SoftmakeAll.SDK.Fluent.SDKContext.InMemoryCredentials = new SoftmakeAll.SDK.Fluent.Authentication.Credentials(CacheData.GetGuid("ContextIdentifier"), CacheData.GetString("ClientID"), null, (SoftmakeAll.SDK.Fluent.Authentication.AuthenticationTypes)CacheData.GetInt32("AuthType"));
SoftmakeAll.SDK.Fluent.SDKContext.InMemoryCredentials.Authorization = CacheData.GetString("Authorization");
if (System.String.IsNullOrWhiteSpace(SoftmakeAll.SDK.Fluent.SDKContext.InMemoryCredentials.Authorization))
{
throw new System.Exception();
}
await SoftmakeAll.SDK.Fluent.SDKContext.ClientWebSocket.ConfigureAsync(SoftmakeAll.SDK.Fluent.SDKContext.InMemoryCredentials.Authorization);
return;
}
else
{
SoftmakeAll.SDK.Fluent.SDKContext.InMemoryCredentials = new SoftmakeAll.SDK.Fluent.Authentication.Credentials(CacheData.GetJsonElement("AppMetadata").EnumerateObject().First().Value.GetGuid("client_id"));
SoftmakeAll.SDK.Fluent.SDKContext.InMemoryCredentials.AuthenticationType = SoftmakeAll.SDK.Fluent.Authentication.AuthenticationTypes.Interactive;
}
}
catch { }
}
if (SoftmakeAll.SDK.Fluent.SDKContext.InMemoryCredentials == null)
{
SoftmakeAll.SDK.Fluent.SDKContext.SignOut();
throw new System.Exception("Invalid Credentials from cache.");
}
// From AccessKey
if (SoftmakeAll.SDK.Fluent.SDKContext.InMemoryCredentials.AuthenticationType == SoftmakeAll.SDK.Fluent.Authentication.AuthenticationTypes.Application)
{
return;
}
// From Public Client Application
if ((SoftmakeAll.SDK.Fluent.SDKContext.AuthenticationResult == null) || (SoftmakeAll.SDK.Fluent.SDKContext.AuthenticationResult.ExpiresOn.Subtract(System.DateTimeOffset.UtcNow).TotalMinutes <= 5.0D))
{
System.String[] Scopes = new System.String[] { "openid", "https://softmakeb2c.onmicrosoft.com/48512da7-b030-4e62-be61-9e19b2c52d8a/user_impersonation" };
if (SoftmakeAll.SDK.Fluent.SDKContext.PublicClientApplication == null)
{
if (SoftmakeAll.SDK.Fluent.SDKContext.InMemoryCredentials.AuthenticationType == SoftmakeAll.SDK.Fluent.Authentication.AuthenticationTypes.Interactive) // From Interactive
{
SoftmakeAll.SDK.Fluent.SDKContext.PublicClientApplication = SoftmakeAll.SDK.Fluent.SDKContext.CreatePublicClientApplication(SoftmakeAll.SDK.Fluent.SDKContext.InMemoryCredentials.ContextIdentifier, "A_signup_signin", "http://localhost:1435");
}
else if (SoftmakeAll.SDK.Fluent.SDKContext.InMemoryCredentials.AuthenticationType == SoftmakeAll.SDK.Fluent.Authentication.AuthenticationTypes.Credentials) // From Username and Password
{
SoftmakeAll.SDK.Fluent.SDKContext.PublicClientApplication = SoftmakeAll.SDK.Fluent.SDKContext.CreatePublicClientApplication(SoftmakeAll.SDK.Fluent.SDKContext.InMemoryCredentials.ContextIdentifier, "_ROPC");
}
else
{
throw new System.Exception("Invalid authentication type.");
}
}
// Getting existing Account in cache
try
{
System.Collections.Generic.IEnumerable <Microsoft.Identity.Client.IAccount> Accounts = await SoftmakeAll.SDK.Fluent.SDKContext.PublicClientApplication.GetAccountsAsync();
if (Accounts.Any())
{
SoftmakeAll.SDK.Fluent.SDKContext.AuthenticationResult = await SoftmakeAll.SDK.Fluent.SDKContext.PublicClientApplication.AcquireTokenSilent(Scopes, Accounts.FirstOrDefault()).ExecuteAsync();
if (SoftmakeAll.SDK.Fluent.SDKContext.AuthenticationResult != null)
{
SoftmakeAll.SDK.Fluent.SDKContext.InMemoryCredentials.Authorization = $"Bearer {SoftmakeAll.SDK.Fluent.SDKContext.AuthenticationResult.AccessToken}";
await SoftmakeAll.SDK.Fluent.SDKContext.ClientWebSocket.ConfigureAsync(SoftmakeAll.SDK.Fluent.SDKContext.AuthenticationResult.AccessToken);
return;
}
}
}
catch
{
SoftmakeAll.SDK.Fluent.GeneralCacheHelper.Clear();
}
if (SoftmakeAll.SDK.Fluent.SDKContext.InMemoryCredentials.AuthenticationType == SoftmakeAll.SDK.Fluent.Authentication.AuthenticationTypes.Interactive) // From Interactive
{
try
{
SoftmakeAll.SDK.Fluent.SDKContext.AuthenticationResult = await SoftmakeAll.SDK.Fluent.SDKContext.PublicClientApplication.AcquireTokenInteractive(Scopes).WithPrompt(Microsoft.Identity.Client.Prompt.ForceLogin).ExecuteAsync();
}
catch { }
}
else if (SoftmakeAll.SDK.Fluent.SDKContext.InMemoryCredentials.AuthenticationType == SoftmakeAll.SDK.Fluent.Authentication.AuthenticationTypes.Credentials) // From Username and Password
{
if (System.String.IsNullOrWhiteSpace(SoftmakeAll.SDK.Fluent.SDKContext.InMemoryCredentials.ClientSecret))
{
SoftmakeAll.SDK.Fluent.SDKContext.SignOut();
throw new System.Exception("Authentication aborted. Please, re-enter credentials.");
}
System.Security.SecureString Password = new System.Security.SecureString();
foreach (System.Char Char in SoftmakeAll.SDK.Fluent.SDKContext.InMemoryCredentials.ClientSecret)
{
Password.AppendChar(Char);
}
Password.MakeReadOnly();
try
{
SoftmakeAll.SDK.Fluent.SDKContext.AuthenticationResult = await SoftmakeAll.SDK.Fluent.SDKContext.PublicClientApplication.AcquireTokenByUsernamePassword(Scopes, SoftmakeAll.SDK.Fluent.SDKContext.InMemoryCredentials.ClientID, Password).ExecuteAsync();
Password.Dispose();
}
catch
{
Password.Dispose();
SoftmakeAll.SDK.Fluent.SDKContext.SignOut();
throw new System.Exception("Invalid username or password.");
}
}
if (SoftmakeAll.SDK.Fluent.SDKContext.AuthenticationResult == null)
{
SoftmakeAll.SDK.Fluent.SDKContext.SignOut();
throw new System.Exception("Authentication aborted.");
}
SoftmakeAll.SDK.Fluent.SDKContext.InMemoryCredentials.Authorization = $"Bearer {SoftmakeAll.SDK.Fluent.SDKContext.AuthenticationResult.AccessToken}";
await SoftmakeAll.SDK.Fluent.SDKContext.ClientWebSocket.ConfigureAsync(SoftmakeAll.SDK.Fluent.SDKContext.AuthenticationResult.AccessToken);
return;
}
}
public void Configure(string name, OpenIdConnectOptions options)
{
options.ClientId = azureOptions.ClientId;
options.Authority = $"{azureOptions.Instance}{azureOptions.TenantId}/v2.0";
options.UseTokenLifetime = true;
options.CallbackPath = azureOptions.CallbackPath;
options.RequireHttpsMetadata = env.IsProduction();
options.TokenValidationParameters.NameClaimType = "preferred_username";
options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
options.Prompt = "select_account";
options.Scope.Add("openid");
options.Scope.Add("profile");
options.Scope.Add("email");
options.Scope.Add("offline_access");
// sometimes need admin approval: options.Scope.Add("user.read");
if (azureOptions.DefaultScopes != null && azureOptions.DefaultScopes.Length > 0)
{
foreach (var scope in azureOptions.DefaultScopes)
{
options.Scope.Add(scope);
}
}
if (azureOptions.ValidIssuers != null && azureOptions.ValidIssuers.Length > 0)
{
options.TokenValidationParameters.ValidIssuers = azureOptions.ValidIssuers;
}
options.Events = new OpenIdConnectEvents
{
OnUserInformationReceived = context =>
{
return(Task.CompletedTask);
},
OnTicketReceived = context =>
{
// If your authentication logic is based on users then add your logic here
return(Task.CompletedTask);
},
OnAuthenticationFailed = context =>
{
logger.LogError("OnAuthenticationFailed", context.Exception);
context.Response.Redirect("/Home/Error");
context.HandleResponse(); // Suppress the exception
return(Task.CompletedTask);
},
OnRedirectToIdentityProviderForSignOut = context =>
{
System.Security.Claims.ClaimsPrincipal user = context.HttpContext.User;
context.ProtocolMessage.LoginHint = user.GetLoginHint();
context.ProtocolMessage.DomainHint = user.GetDomainHint();
tokenService.RemoveAccount(user);
return(Task.FromResult(true));
},
OnRedirectToIdentityProvider = context =>
{
System.Collections.Generic.IDictionary <string, object> properties =
context.Properties.Parameters;
if (properties.ContainsKey("scopes"))
{
var scopes = properties["scopes"] as string[];
if (scopes.Length > 0)
{
var encoded = string.Join(" ", scopes);
context.ProtocolMessage.Scope = context.ProtocolMessage.Scope + " " + encoded;
}
}
return(Task.CompletedTask);
},
OnAuthorizationCodeReceived = async(context) =>
{
// As AcquireTokenByAuthorizationCode is asynchronous we want to tell ASP.NET core
// that we are handing the code even if it's not done yet, so that it does
// not concurrently call the Token endpoint.
context.HandleCodeRedemption();
var code = context.ProtocolMessage.Code;
Microsoft.Identity.Client.AuthenticationResult result =
await tokenService.GetAccessTokenByAuthorizationCodeAsync(context.Principal, code);
// Do not share the access token with ASP.NET Core otherwise ASP.NET will cache it
// and will not send the OAuth 2.0 request in case a further call to
// AcquireTokenByAuthorizationCode in the future for incremental consent
// (getting a code requesting more scopes)
// Share the ID Token so that the identity of the user is known in the application (in
// HttpContext.User)
context.HandleCodeRedemption(null, result.IdToken);
}
};
}
public void Configure(string name, OpenIdConnectOptions options)
{
// Set the application id
options.ClientId = _azureOptions.ClientId;
// the authority {Instance}/{Tenant}/v2.0
// ASP.NET uses v1.0 by default
options.Authority = $"{_azureOptions.Instance}{_azureOptions.TenantId}/v2.0";
options.UseTokenLifetime = true;
// the redirect Uri: constructed from host:port/signin-oidc
options.CallbackPath = _azureOptions.CallbackPath;
// we are in development environment, don't do this in production
options.RequireHttpsMetadata = false;
// set name of user name claim
options.TokenValidationParameters.NameClaimType = "preferred_username";
// We ask ASP.NET to request a Code and an Id Token
options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
//options.Scope.Add("https://graph.microsoft.com/User.Read");
//options.Scope.Add("https://graph.microsoft.com/Mail.ReadWrite");
//options.Scope.Add("https://graph.microsoft.com/Tasks.ReadWrite.Shared");
options.Scope.Add("offline_access");
options.Events = new OpenIdConnectEvents
{
OnTicketReceived = context =>
{
// If your authentication logic is based on users then add your logic here
return(Task.CompletedTask);
},
OnAuthenticationFailed = context =>
{
context.Response.Redirect("/Home/Error");
context.HandleResponse(); // Suppress the exception
return(Task.CompletedTask);
},
OnRedirectToIdentityProviderForSignOut = context =>
{
System.Security.Claims.ClaimsPrincipal user = context.HttpContext.User;
context.ProtocolMessage.LoginHint = user.GetLoginHint();
context.ProtocolMessage.DomainHint = user.GetDomainHint();
_tokenService.RemoveAccount(user);
return(Task.FromResult(true));
},
OnAuthorizationCodeReceived = async(context) =>
{
// As AcquireTokenByAuthorizationCode is asynchronous we want to tell ASP.NET core
// that we are handing the code even if it's not done yet, so that it does
// not concurrently call the Token endpoint.
context.HandleCodeRedemption();
string code = context.ProtocolMessage.Code;
Microsoft.Identity.Client.AuthenticationResult result = await _tokenService.GetAccessTokenByAuthorizationCodeAsync(context.Principal, code);
// Do not share the access token with ASP.NET Core otherwise ASP.NET will cache it
// and will not send the OAuth 2.0 request in case a further call to
// AcquireTokenByAuthorizationCode in the future for incremental consent
// (getting a code requesting more scopes)
// Share the ID Token so that the identity of the user is known in the application (in
// HttpContext.User)
context.HandleCodeRedemption(null, result.IdToken);
}
};
}
//async void GetMovies(object sender, EventArgs args)
//{
// //var dataService = new CosmosService();
// //var reviews = await dataService.GetReviewsForMovie("b404bb8f-f9c9-4389-9fa6-26aca20104fe");
// //var sb = new StringBuilder();
// //foreach (var item in reviews)
// //{
// // sb.AppendLine(item.reviewText);
// //}
// //theMovies.Text = sb.ToString();
//}
async void Login(object sender, EventArgs args)
{
authResult = await authService.Login();
}
