private static async Task <AuthenticationParameters> CreateFromResourceUrlCommonAsync(Uri resourceUrl) { if (resourceUrl == null) { throw new ArgumentNullException("resourceUrl"); } AuthenticationParameters authParams; try { HttpClientWrapper request = new HttpClientWrapper(resourceUrl.AbsoluteUri, null); using (await request.GetResponseAsync().ConfigureAwait(false)) { var ex = new MsalException(MsalError.UnauthorizedResponseExpected); PlatformPlugin.Logger.Error(null, ex); throw ex; } } catch (HttpRequestWrapperException ex) { PlatformPlugin.Logger.Error(null, ex); IHttpWebResponse response = ex.WebResponse; if (response == null) { var serviceEx = new MsalServiceException(MsalErrorMessage.UnauthorizedHttpStatusCodeExpected, ex); PlatformPlugin.Logger.Error(null, serviceEx); throw serviceEx; } authParams = CreateFromUnauthorizedResponseCommon(response); } return(authParams); }
/// <summary> /// Process ADAL exception and provide common handlers. /// </summary> /// <param name="serviceUrl"></param> /// <param name="clientCredentials"></param> /// <param name="userCert"></param> /// <param name="clientId"></param> /// <param name="redirectUri"></param> /// <param name="promptBehavior"></param> /// <param name="isOnPrem"></param> /// <param name="authority"></param> /// <param name="logSink"></param> /// <param name="useDefaultCreds"></param> /// <param name="adalEx"></param> /// <param name="msalAuthClient"></param> private async static Task <ExecuteAuthenticationResults> ProcessAdalExecptionAsync(Uri serviceUrl, ClientCredentials clientCredentials, X509Certificate2 userCert, string clientId, Uri redirectUri, PromptBehavior promptBehavior, bool isOnPrem, string authority, object msalAuthClient, CdsTraceLogger logSink, bool useDefaultCreds, Microsoft.Identity.Client.MsalException adalEx) { if (adalEx.ErrorCode.Equals("interaction_required", StringComparison.OrdinalIgnoreCase) || adalEx.ErrorCode.Equals("user_password_expired", StringComparison.OrdinalIgnoreCase) || adalEx.ErrorCode.Equals("password_required_for_managed_user", StringComparison.OrdinalIgnoreCase) || adalEx is Microsoft.Identity.Client.MsalUiRequiredException) { logSink.Log("ERROR REQUESTING TOKEN FROM THE AUTHENTICATION CONTEXT - USER intervention required", TraceEventType.Warning); // ADAL wants the User to do something,, determine if we are able to see a user if (promptBehavior == PromptBehavior.Always || promptBehavior == PromptBehavior.Auto) { // Switch to MFA user mode.. Microsoft.Identity.Client.IAccount user = null; //TODO:UPDATE THIS OR REMOVE AS WE DETERMIN HOW TO SOLVE THIS ISSUE IN MSAL // new Microsoft.Identity.Client.AccountId(); user = null; //user = new UserIdentifier(clientCredentials.UserName.UserName, UserIdentifierType.OptionalDisplayableId); return(await ExecuteAuthenticateServiceProcessAsync(serviceUrl, null, userCert, clientId, redirectUri, promptBehavior, isOnPrem, authority, msalAuthClient, logSink, useDefaultCreds : useDefaultCreds, user : user)); } else { logSink.Log("ERROR REQUESTING TOKEN FROM THE AUTHENTICATION CONTEXT - USER intervention required but not permitted by prompt behavior", TraceEventType.Error, adalEx); throw adalEx; } } else { logSink.Log("ERROR REQUESTING Token FROM THE Authentication context - General ADAL Error", TraceEventType.Error, adalEx); throw adalEx; } }