Esempio n. 1
0
        static void Main(string[] args)
        {
            Console.WriteLine("SharedTokenCache Browser v0.0.1");
            Console.WriteLine("Shareware");
            Console.WriteLine();

            var credentials = new SharedTokenCacheCredential();

            var accounts = credentials
                           .Get <object>("_client")
                           .Get <object>("_client")
                           .Get <object>("UserTokenCache")
                           .Get <object>("_accessor")                     // This object contains some interesting stuff
                           .Get <IDictionary>("_accountCacheDictionary"); // Like an account dictionary


            try
            {
                // Need to access credentials for it to create the InMemoryTokenCache object
                credentials.GetToken(new TokenRequestContext());
            } catch {} // It will cause an Exception if there is more than one in cache

            Console.WriteLine($"Found {accounts.Count} accounts in cache");
            WriteDictionary(accounts.ToDictionary(x => x.Key.ToString(), x => AccountsCacheEntry.ToCacheEntry(x.Value)));
        }
        public override Task <IAccessToken> Authenticate(AuthenticationParameters parameters, CancellationToken cancellationToken)
        {
            var silentParameters = parameters as SilentParameters;
            var onPremise        = silentParameters.Environment.OnPremise;
            var tenantId         = onPremise ? AdfsTenant :
                                   (string.Equals(parameters.TenantId, OrganizationsTenant, StringComparison.OrdinalIgnoreCase) ? null : parameters.TenantId);
            var resource  = silentParameters.Environment.GetEndpoint(silentParameters.ResourceId) ?? silentParameters.ResourceId;
            var scopes    = AuthenticationHelpers.GetScope(onPremise, resource);
            var authority = silentParameters.Environment.ActiveDirectoryAuthority;

            AzureSession.Instance.TryGetComponent(nameof(PowerShellTokenCache), out PowerShellTokenCache tokenCache);
            var options = new SharedTokenCacheCredentialOptions(tokenCache.TokenCache)
            {
                EnableGuestTenantAuthentication = true,
                ClientId      = AuthenticationHelpers.PowerShellClientId,
                Username      = silentParameters.UserId,
                AuthorityHost = new Uri(authority),
                TenantId      = tenantId,
            };

            var cacheCredential = new SharedTokenCacheCredential(options);
            var requestContext  = new TokenRequestContext(scopes);
            var parametersLog   = $"- TenantId:'{options.TenantId}', Scopes:'{string.Join(",", scopes)}', AuthorityHost:'{options.AuthorityHost}', UserId:'{silentParameters.UserId}'";

            return(MsalAccessToken.GetAccessTokenAsync(
                       nameof(SilentAuthenticator),
                       parametersLog,
                       cacheCredential,
                       requestContext,
                       cancellationToken,
                       silentParameters.TenantId,
                       silentParameters.UserId,
                       silentParameters.HomeAccountId));
        }
        public async Task SilentAuthenticateWithBrokerAsync()
        {
            TokenCachePersistenceOptions persistenceOptions = new TokenCachePersistenceOptions();

            // to fully manually verify the InteractiveBrowserCredential this test should be run both authenticating with a
            // school / organization account as well as a personal live account, i.e. a @outlook.com, @live.com, or @hotmail.com
            var cred = new InteractiveBrowserCredential(new InteractiveBrowserCredentialBrokerOptions {
                TokenCachePersistenceOptions = persistenceOptions
            });

            AccessToken token = await cred.GetTokenAsync(new TokenRequestContext(new string[] { "https://vault.azure.net/.default" })).ConfigureAwait(false);

            Assert.NotNull(token.Token);

            var silentCred = new SharedTokenCacheCredential(new SharedTokenCacheCredentialBrokerOptions());

            // The calls below this should be silent and not require user interaction
            token = await cred.GetTokenAsync(new TokenRequestContext(new string[] { "https://vault.azure.net/.default" })).ConfigureAwait(false);

            Assert.NotNull(token.Token);

            token = await cred.GetTokenAsync(new TokenRequestContext(new string[] { "https://management.core.windows.net//.default" })).ConfigureAwait(false);

            Assert.NotNull(token.Token);
        }
        public void RespectsIsPIILoggingEnabled([Values(true, false)] bool isLoggingPIIEnabled)
        {
            var credential = new SharedTokenCacheCredential(new SharedTokenCacheCredentialOptions {
                IsLoggingPIIEnabled = isLoggingPIIEnabled
            });

            Assert.NotNull(credential.Client);
            Assert.AreEqual(isLoggingPIIEnabled, credential.Client.IsPiiLoggingEnabled);
        }
        public void ValidateClientIdSetOnMsalClient()
        {
            var clientId = Guid.NewGuid().ToString();

            var credential = new SharedTokenCacheCredential(new SharedTokenCacheCredentialOptions {
                ClientId = clientId
            });

            Assert.AreEqual(clientId, credential.Client.ClientId);
        }