public static bool MakeMeAvailable(HttpClient httpClient, AuthenticationResult ucwaAuthenticationResult, String ucwaMakeMeAvailableRootUri,
UcwaMakeMeAvailableObject ucwaMyPresenceObject)
{
string makeMeAvailableResults = string.Empty;
Console.WriteLine("URI is " + ucwaMakeMeAvailableRootUri);
httpClient.DefaultRequestHeaders.Clear();
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", ucwaAuthenticationResult.AccessToken);
httpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
var makeMeAvailablePostData = JsonConvert.SerializeObject(ucwaMyPresenceObject);
Console.WriteLine("MakeMeAvailable POST data is " + makeMeAvailablePostData);
var httpResponseMessage =
httpClient.PostAsync(ucwaMakeMeAvailableRootUri, new StringContent(makeMeAvailablePostData, Encoding.UTF8,
"application/json")).Result;
Console.WriteLine("MakeMeAvailable response is " + httpResponseMessage.Content.ReadAsStringAsync().Result);
Console.WriteLine("MakeMeAvailable response should be empty");
if (httpResponseMessage.Content.ReadAsStringAsync().Result == String.Empty)
{
Console.WriteLine("MakeMeAvailable call succeeded");
return true;
}
Console.WriteLine("MakeMeAvailable call failed");
return false;
}
public static async Task<string> GetDrivesApiCallForSelectedFile( this SharePointOnlineUri fileHandlerFileGetOrPutUri, Guid FileHandlerFileId, AuthenticationResult SharepointAdalAuthResult )
{
using ( var context = new ClientContext( fileHandlerFileGetOrPutUri.GetSharePointWebUrlFromFileHandlerGetPutUri() ) )
{
context.ExecutingWebRequest += ( sender, e ) =>
{
e.WebRequestExecutor.RequestHeaders.Add( "Authorization", SharepointAdalAuthResult.CreateAuthorizationHeader() );
};
var webRequestUrl = await Task.Run( () =>
{
return GetSharePointMetaData( context, FileHandlerFileId );
} );
JObject oneDriveResult = await Task.Run( async () =>
{
string result = string.Empty;
using ( var request = new WebClient() )
{
request.Headers.Add( "Authorization", SharepointAdalAuthResult.CreateAuthorizationHeader() );
result = await request.DownloadStringTaskAsync( webRequestUrl );
}
return JObject.Parse( result );
} );
var driveId = oneDriveResult["parentReference"]["driveId"].ToString();
var itemId = oneDriveResult["id"].ToString();
return $"drives/{driveId}/items/{itemId}";
}
}
public TokenCacheInfo(string tenantId, string appId, string appKey, string resource, AuthenticationResult result)
: this(resource, result)
{
AppId = appId;
AppKey = appKey;
TenantId = tenantId;
}
public async void Authenticate()
{
BuildAuthority();
if(WeHaveEnoughInfo())
{
Context = new AuthenticationContext(Authority);
if (Context.TokenCache.ReadItems().Count() > 0)
Context = new AuthenticationContext(Context.TokenCache.ReadItems().First().Authority);
try
{
Result = await Context.AcquireTokenAsync(GraphResourceUri, ClientId, ReturnUri);
Log.WritetoLog("Authentication successful");
Log.WritetoLog("Signed in as: " + Result.UserInfo.GivenName + " " + Result.UserInfo.FamilyName);
Log.WritetoLog("Token type: " + Result.AccessTokenType);
Log.WritetoLog("Identity provider: " + Result.UserInfo.IdentityProvider);
}
catch (Exception ex)
{
SetErrorMessage(ex.Message);
ShowError();
}
}
else
{
SetErrorMessage("Looks like we're missing some info from you." );
ShowError();
}
}
public ServicePrincipalAccessToken(AdalConfiguration configuration, AuthenticationResult authResult, ServicePrincipalTokenProvider tokenProvider, string appId)
{
Configuration = configuration;
AuthResult = authResult;
this.tokenProvider = tokenProvider;
this.appId = appId;
}
public async Task <IAdalResult> AcquireTokenAsync(
string authorityHostUrl,
string resource,
string clientId)
{
if (authorityHostUrl is null)
{
throw new ArgumentNullException(nameof(authorityHostUrl));
}
if (resource is null)
{
throw new ArgumentNullException(nameof(resource));
}
if (clientId is null)
{
throw new ArgumentNullException(nameof(clientId));
}
try
{
var authenticationContext = new ActiveDirectory.AuthenticationContext(authorityHostUrl, _cache);
var userCredential = new ActiveDirectory.UserCredential();
ActiveDirectory.AuthenticationResult result = await AdalExtentions.AcquireTokenAsync(authenticationContext,
resource,
clientId,
userCredential);
return(new Result(result));
}
catch (ActiveDirectory.AdalException exception)
{
throw new AuthenticationException(exception);
}
}
public async Task<bool> AuthenticateAsync()
{
await GetConfigAsync();
// prompts the user for authentication
_AuthenticationResult = await _Authenticator.Authenticate(_TenantAuthority, _ResourceUri, _AzureAuthenticationClientId, _ReturnUri);
var accessToken = await GetTokenAsync();
// instantiate an ActiveDirectoryClient to query the Graph API
var activeDirectoryGraphApiClient = new ActiveDirectoryClient(
new Uri(new Uri(_ResourceUri), _AzureGraphApiClientId),
() => Task.FromResult<string>(accessToken)
);
// query the Azure Graph API for some detailed user information about the logged in user
var userFetcher = activeDirectoryGraphApiClient.Me.ToUser();
var user = await userFetcher.ExecuteAsync();
// record some info about the logged in user with Xamarin Insights
Insights.Identify(
_AuthenticationResult.UserInfo.UniqueId,
new Dictionary<string, string>
{
{ Insights.Traits.Email, user.UserPrincipalName },
{ Insights.Traits.FirstName, user.GivenName },
{ Insights.Traits.LastName, user.Surname },
{ "Preferred Language", user.PreferredLanguage }
}
);
return true;
}
internal static JObject JSONResponse( string url, HttpMethod method, AuthenticationResult authResult, string apiPayload = "" )
{
HttpWebRequest webClientRequest;
webClientRequest = WebRequest.CreateHttp( new Uri( url ) );
webClientRequest.Method = method.ToString();
webClientRequest.Headers.Add( "Authorization", authResult.CreateAuthorizationHeader() );
if ( method != HttpMethod.Get )
{
using ( var writer = new StreamWriter( webClientRequest.GetRequestStream() ) )
{
writer.Write( apiPayload );
}
}
WebResponse response;
JObject jsonResponse = null;
try
{
response = webClientRequest.GetResponse();
}
catch ( WebException webEx )
{
response = webEx.Response;
}
using ( var reader = new StreamReader( response.GetResponseStream() ) )
{
jsonResponse = JObject.Parse( reader.ReadToEnd() );
}
return jsonResponse;
}
private static async Task SaveAuthToken(AuthState authState, AuthenticationResult authResult)
{
var idToken = SessionToken.ParseJwtToken(authResult.IdToken);
string username = null;
var userNameClaim = idToken.Claims.FirstOrDefault(x => x.Type == "upn");
if (userNameClaim != null)
username = userNameClaim.Value;
using (var db = new AddInContext())
{
var existingToken =
await
db.SessionTokens.FirstOrDefaultAsync(
t => t.Provider == Settings.AzureADAuthority && t.Id == authState.stateKey);
if (existingToken != null)
{
db.SessionTokens.Remove(existingToken);
}
var token = new SessionToken()
{
Id = authState.stateKey,
CreatedOn = DateTime.Now,
AccessToken = authResult.AccessToken,
Provider = Settings.AzureADAuthority,
Username = username
};
db.SessionTokens.Add(token);
await db.SaveChangesAsync();
}
}
private async Task <string> AuthorizationHeaderADAL()
{
if (!string.IsNullOrEmpty(_authorizationHeader) &&
(DateTime.UtcNow.AddSeconds(60) < AuthenticationResultADAL.ExpiresOn))
{
return(_authorizationHeader);
}
var uri = new UriBuilder(_settings.AzureAuthEndpoint)
{
Path = _settings.AadTenant
};
var aosUriAuthUri = new Uri(_settings.AosUri);
string aosUriAuth = aosUriAuthUri.GetLeftPart(UriPartial.Authority);
var authenticationContext = new AuthenticationContext(uri.ToString(), validateAuthority: false);
if (_settings.UseServiceAuthentication)
{
var credentials = new Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential(_settings.AadClientId.ToString(), _settings.AadClientSecret);
AuthenticationResultADAL = await authenticationContext.AcquireTokenAsync(aosUriAuth, credentials);
}
else
{
var credentials = new UserPasswordCredential(_settings.UserName, _settings.UserPassword);
AuthenticationResultADAL = await authenticationContext.AcquireTokenAsync(aosUriAuth, _settings.AadClientId.ToString(), credentials);
}
return(_authorizationHeader = AuthenticationResultADAL.CreateAuthorizationHeader());
}
public async Task <string> AuthenticatePowerBIUser(LoginModel loginModel)
{
try
{
//The client id that Azure AD created when you registered your client app.
string clientID = System.Configuration.ConfigurationManager.AppSettings["powerBIClientId"];
//RedirectUri you used when you register your app.
//For a client app, a redirect uri gives Azure AD more details on the application that it will authenticate.
// You can use this redirect uri for your client app
//string redirectUri = "urn:ietf:wg:oauth:2.0:oob";
//Resource Uri for Power BI API
string resourceUri = System.Configuration.ConfigurationManager.AppSettings["powerBIresourceUri"];
//OAuth2 authority Uri
string authorityUri = System.Configuration.ConfigurationManager.AppSettings["powerBIauthorityUri"];
string username = loginModel.UserName;
string password = loginModel.Password;
//Get access token:
// To call a Power BI REST operation, create an instance of AuthenticationContext and call AcquireToken
// AcquireToken will acquire an Azure access token
// Call AcquireToken to get an Azure token from Azure Active Directory token issuance endpoint
AuthenticationContext authContext = new AuthenticationContext(authorityUri);
var credential = new UserPasswordCredential(username, password);
Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationResult res = authContext.AcquireTokenAsync(resourceUri, clientID, credential).Result;
return(res.AccessToken);
}
catch (Exception ex)
{
return("PowerBI Authentication failed");
}
}
public async Task<bool> AuthenticateAsync()
{
await GetConfigAsync();
// prompts the user for authentication
_AuthenticationResult = await _Authenticator.Authenticate(_TenantAuthority, _ResourceUri, _AzureAuthenticationClientId, _ReturnUri);
var accessToken = await GetTokenAsync();
// instantiate an ActiveDirectoryClient to query the Graph API
var activeDirectoryGraphApiClient = new ActiveDirectoryClient(
new Uri(new Uri(_ResourceUri), _AzureGraphApiClientId),
() => Task.FromResult<string>(accessToken)
);
// query the Azure Graph API for some detailed user information about the logged in user
//This is done differently based on platform because if this is not awaited in iOS, it crashes
//the app. Android is done this way to correct login issues that were previously occurring.
if (Xamarin.Forms.Device.OS == TargetPlatform.Android)
{
Task.Run(() =>
{
LogUserInfo(activeDirectoryGraphApiClient);
});
}
else
{
await Task.Run(async () =>
{
LogUserInfo(activeDirectoryGraphApiClient);
});
}
return true;
}
public static async Task <HttpResponseMessage> CrmWebApiRequest(string apiRequest, HttpContent requestContent, string requestType, IConfiguration ConfigurationManager)
{
AuthenticationContext authContext = new AuthenticationContext(ConfigurationManager["AdOath2AuthEndpoint"], false);
UserCredential credentials = new UserCredential(ConfigurationManager["CrmUsername"]);
Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationResult tokenResult = await authContext.AcquireTokenAsync(ConfigurationManager["CrmServerUrl"],
ConfigurationManager["AdClientId"], credentials);
HttpResponseMessage apiResponse;
using (HttpClient httpClient = new HttpClient())
{
httpClient.BaseAddress = new Uri(ConfigurationManager["CrmServerUrl"]);
httpClient.Timeout = new TimeSpan(0, 2, 0);
httpClient.DefaultRequestHeaders.Add("OData-MaxVersion", "4.0");
httpClient.DefaultRequestHeaders.Add("OData-Version", "4.0");
httpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", tokenResult.AccessToken);
if (requestType == "retrieve")
{
apiResponse = await httpClient.GetAsync(apiRequest);
}
else if (requestType == "create")
{
apiResponse = await httpClient.PostAsync(apiRequest, requestContent);
}
else
{
apiResponse = null;
}
}
return(apiResponse);
}
//Get access token:
// To call a Data Catalog REST operation, create an instance of AuthenticationContext and call AcquireToken
// AuthenticationContext is part of the Active Directory Authentication Library NuGet package
// To install the Active Directory Authentication Library NuGet package in Visual Studio,
// run "Install-Package Microsoft.IdentityModel.Clients.ActiveDirectory" from the NuGet Package Manager Console.
static AuthenticationResult AccessToken()
{
if (authResult == null)
{
//Resource Uri for Data Catalog API
string resourceUri = "https://datacatalog.azure.com";
//To learn how to register a client app and get a Client ID, see https://msdn.microsoft.com/en-us/library/azure/mt403303.aspx#clientID
string clientId = clientIDFromAzureAppRegistration;
//A redirect uri gives AAD more details about the specific application that it will authenticate.
//Since a client app does not have an external service to redirect to, this Uri is the standard placeholder for a client app.
string redirectUri = "https://login.live.com/oauth20_desktop.srf";
// Create an instance of AuthenticationContext to acquire an Azure access token
// OAuth2 authority Uri
string authorityUri = "https://login.windows.net/common/oauth2/authorize";
AuthenticationContext authContext = new AuthenticationContext(authorityUri);
// Call AcquireToken to get an Azure token from Azure Active Directory token issuance endpoint
// AcquireToken takes a Client Id that Azure AD creates when you register your client app.
authResult = authContext.AcquireToken(resourceUri, clientId, new Uri(redirectUri), PromptBehavior.RefreshSession);
}
return authResult;
}
internal static AuthenticationResult From(OriginalAuthenticationResult originalAuthResult)
{
var result = new AuthenticationResult();
result.Initialize(originalAuthResult);
return(result);
}
public static async Task <GraphServiceClient> GetGraphServiceClient2()
{
var authentication = new
{
Authority = "https://graph.microsoft.com/",
Directory = WebConfigurationManager.AppSettings["ida:TenantId"],
Application = WebConfigurationManager.AppSettings["ida:ClientId"],
ClientSecret = WebConfigurationManager.AppSettings["ida:ClientSecret"],
GraphResourceEndPoint = "v1.0",
Instance = WebConfigurationManager.AppSettings["ida:AADInstance"],
Domain = WebConfigurationManager.AppSettings["ida:Domain"]
};
var graphAPIEndpoint = $"{authentication.Authority}{authentication.GraphResourceEndPoint}";
var newAuth = $"{authentication.Instance}{authentication.Directory}";
//var newAuth2 = $"{authentication.Instance}{authentication.Domain}";
AuthenticationContext authenticationContext = new AuthenticationContext(newAuth);
Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential clientCred
= new Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential(authentication.Application, authentication.ClientSecret);
Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationResult authenticationResult
= await authenticationContext.AcquireTokenAsync(authentication.Authority, clientCred);
var token = authenticationResult.AccessToken;
var delegateAuthProvider = new DelegateAuthenticationProvider((requestMessage) => {
requestMessage.Headers.Authorization = new AuthenticationHeaderValue("bearer", token.ToString());
return(Task.FromResult(0));
});
var graphClient = new GraphServiceClient(graphAPIEndpoint, delegateAuthProvider);
return(graphClient);
}
public AzureADAuthentication()
{
Log.WritetoLog("Authentication object initialized");
Tenant = string.Empty;
ClientId = string.Empty;
ErrorMessage = string.Empty;
Context = null;
Result = null;
}
public TokenCacheInfo(string resource, AuthenticationResult result)
{
AccessToken = result.AccessToken;
DisplayableId = result.UserInfo == null ? null : result.UserInfo.DisplayableId;
ExpiresOn = result.ExpiresOn;
RefreshToken = result.RefreshToken;
Resource = resource;
TenantId = result.TenantId;
}
/// <summary>
/// Create an application token provider that can retrieve tokens for the given application from the given context, using the given audience
/// and credential store.
/// See <see href="https://azure.microsoft.com/en-us/documentation/articles/active-directory-devquickstarts-dotnet/">Active Directory Quickstart for .Net</see>
/// for detailed instructions on creating an Azure Active Directory application.
/// </summary>
/// <param name="context">The authentication context to use when retrieving tokens.</param>
/// <param name="tokenAudience">The token audience to use when retrieving tokens</param>
/// <param name="clientId">The client Id for this active directory application</param>
/// <param name="credentialStore">The source of authentication information for this application.</param>
/// <param name="authenticationResult">The authenticationResult of initial authentication with the application credentials.</param>
public ApplicationTokenProvider(AuthenticationContext context, string tokenAudience, string clientId,
IApplicationCredentialProvider credentialStore, AuthenticationResult authenticationResult)
{
if (authenticationResult == null)
{
throw new ArgumentNullException("authenticationResult");
}
Initialize(context, tokenAudience, clientId, credentialStore, authenticationResult, authenticationResult.ExpiresOn);
}
private void getAccessToken()
{
string resourceUri = "https://analysis.windows.net/powerbi/api";
string redirectUri = "https://login.live.com/oauth20_desktop.srf";
string authorityUri = "https://login.windows.net/common/oauth2/authorize";
AuthenticationContext authContext = new AuthenticationContext(authorityUri);
_token = authContext.AcquireToken(resourceUri, this._clientId,
new Uri(redirectUri), PromptBehavior.Always);
}
private void DisplayToken(AuthenticationResult result)
{
if (!string.IsNullOrEmpty(result.AccessToken))
{
this.AccessToken.Text = result.AccessToken;
}
else
{
this.AccessToken.Text = result.ErrorDescription;
}
}
/// <summary>
/// Initializes a new instance of the <see cref="SharePointAccessInfo"/> class.
/// </summary>
/// <param name="webUrl">The web URL.</param>
/// <param name="authenticationResult">The authentication result.</param>
public SharePointAccessInfo(string webUrl, AuthenticationResult authenticationResult)
: this(webUrl)
{
// Dont expose the refresh token on the client side!
AccessToken = authenticationResult.AccessToken;
ExpiresOn = authenticationResult.ExpiresOn;
TenantId = authenticationResult.TenantId;
UserId = authenticationResult.UserInfo.UniqueId;
RefreshToken = authenticationResult.RefreshToken;
UserEmail = authenticationResult.UserInfo.DisplayableId;
User = new SharePointUser();
}
internal void Initialize(OriginalAuthenticationResult authResult)
{
AccessToken = authResult.AccessToken;
AccessTokenType = authResult.AccessTokenType;
ExpiresOn = authResult.ExpiresOn;
IdToken = authResult.IdToken;
TenantId = authResult.TenantId;
UserInfo = UserInfo.From(authResult.UserInfo);
Status = (int)AuthenticationStatus.Success;
ReplaceNullStringPropertiesWithEmptyString();
}
public static void CacheAuthenticationResult(AuthenticationResult authenticationResult) {
session["UserHasAuthenticated"] = "true";
// cache user authentication info
session["tenant_id"] = authenticationResult.TenantId;
session["user_id"] = authenticationResult.UserInfo.UniqueId;
session["user_name"] = authenticationResult.UserInfo.GivenName + " " +
authenticationResult.UserInfo.FamilyName;
// cache security tokens
session["id_token"] = authenticationResult.IdToken;
session["access_token"] = authenticationResult.AccessToken;
session["refresh_token"] = authenticationResult.RefreshToken;
}
private AuthenticationResult Convert(ADALAuthenticationResult authenticationResult)
{
return(new AuthenticationResult()
{
Status = Convert(authenticationResult.Status),
AccessToken = authenticationResult.AccessToken,
Error = authenticationResult.Error,
ErrorDescription = authenticationResult.ErrorDescription,
UserFamilyName = authenticationResult.UserInfo == null ? null : authenticationResult.UserInfo.FamilyName,
UserGivenName = authenticationResult.UserInfo == null ? null : authenticationResult.UserInfo.GivenName,
UserDisplayableId = authenticationResult.UserInfo == null ? null : authenticationResult.UserInfo.DisplayableId
});
}
public Result(ActiveDirectory.AuthenticationResult result)
{
if (result is null)
{
throw new ArgumentNullException(nameof(result));
}
_result = result;
_resultAccessToken = result.AccessToken;
_resultAuthority = result.Authority;
_resultTenantId = result.TenantId;
_resultTokenType = result.AccessTokenType;
}
public async Task<bool> Logout()
{
await Task.Factory.StartNew(async () =>
{
var success = await _Authenticator.DeAuthenticate(_TenantAuthority);
if (!success)
{
throw new Exception("Failed to DeAuthenticate!");
}
_AuthenticationResult = null;
});
return true;
}
private AuthenticationResult Convert(Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationResult authenticationResult)
{
return(new AuthenticationResult()
{
Status = AuthenticationStatus.Success, //only get Success or Exception from authentication
AccessToken = authenticationResult.AccessToken,
Error = null,
ErrorDescription = null,
UserFamilyName = authenticationResult.UserInfo == null ? null : authenticationResult.UserInfo.FamilyName,
UserGivenName = authenticationResult.UserInfo == null ? null : authenticationResult.UserInfo.GivenName,
UserDisplayableId = authenticationResult.UserInfo == null ? null : authenticationResult.UserInfo.DisplayableId
});
}
public async Task <IAdalResult> AcquireTokenAsync(
string authorityHostUrl,
string resource,
string clientId,
Uri redirectUri,
string extraQueryParameters)
{
if (authorityHostUrl is null)
{
throw new ArgumentNullException(nameof(authorityHostUrl));
}
if (resource is null)
{
throw new ArgumentNullException(nameof(resource));
}
if (clientId is null)
{
throw new ArgumentNullException(nameof(clientId));
}
if (redirectUri is null)
{
throw new ArgumentNullException(nameof(redirectUri));
}
if (extraQueryParameters is null)
{
throw new ArgumentNullException(nameof(extraQueryParameters));
}
try
{
var authenticationContext = new ActiveDirectory.AuthenticationContext(authorityHostUrl, _cache);
var platformParameters = new ActiveDirectory.PlatformParameters(ActiveDirectory.PromptBehavior.SelectAccount);
var userIdentifier = ActiveDirectory.UserIdentifier.AnyUser;
ActiveDirectory.AuthenticationResult result = await authenticationContext.AcquireTokenAsync(resource,
clientId,
redirectUri,
platformParameters,
userIdentifier,
extraQueryParameters);
return(new Result(result));
}
// We should just be able to catch AdalException here but due to an ADAL bug an HttpRequestException can be leaked:
// https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/1285
// Until we update to ADAL 4.x or MSAL, we should just workaround this problem.
catch (Exception exception)
{
throw new AuthenticationException(exception);
}
}
public static async Task<string> GetDrivesApiCallForSelectedFile( this SharePointOnlineUri fileHandlerFileGetOrPutUri, AuthenticationResult SharepointAdalAuthResult )
{
Guid fileHandlerFileId;
System.Text.RegularExpressions.Regex findGuid = new System.Text.RegularExpressions.Regex( ".+/files/(?<fileGuid>[A-Fa-f0-9]+)/.*" );
var match = findGuid.Match( fileHandlerFileGetOrPutUri.PathAndQuery ).Groups["fileGuid"].Value;
if ( Guid.TryParse( match, out fileHandlerFileId ) )
{
return await GetDrivesApiCallForSelectedFile( fileHandlerFileGetOrPutUri, fileHandlerFileId, SharepointAdalAuthResult );
}
else
{
throw new ArgumentException( "Could not locate a GUID in the fileGetOrPutUri" );
}
}
/// <summary>
/// Create an application token provider that can retrieve tokens for the given application from the given context, using the given audience
/// and credential.
/// See <see href="https://azure.microsoft.com/en-us/documentation/articles/active-directory-devquickstarts-dotnet/">Active Directory Quickstart for .Net</see>
/// for detailed instructions on creating an Azure Active Directory application.
/// </summary>
/// <param name="context">The authentication context to use when retrieving tokens.</param>
/// <param name="tokenAudience">The token audience to use when retrieving tokens.</param>
/// <param name="credential">The client credential for this application.</param>
/// <param name="authenticationResult">The token details provided when authenticating with the client credentials.</param>
public ApplicationTokenProvider(AuthenticationContext context, string tokenAudience, ClientCredential credential, AuthenticationResult authenticationResult)
{
if (credential == null)
{
throw new ArgumentNullException("credential");
}
if (authenticationResult == null)
{
throw new ArgumentNullException("authenticationResult");
}
Initialize(context, tokenAudience, credential.ClientId, new MemoryApplicationAuthenticationProvider(credential), authenticationResult, authenticationResult.ExpiresOn);
}
/// <summary>
/// Get a Microsoft Graph access token from Azure AD V1.
/// </summary>
/// <returns>An oauth2 access token.</returns>
internal static async Task <string> AuthenticateAdalUserAsync()
{
ADAL.AuthenticationResult authenticationResult = null;
try
{
authenticationResult = await _azureAdContext.AcquireTokenSilentAsync(_resourceUri, _appClientId);
}
catch (Exception)
{
authenticationResult = await _azureAdContext.AcquireTokenAsync(_resourceUri, _appClientId, new Uri(DefaultRedirectUri), new ADAL.PlatformParameters(ADAL.PromptBehavior.RefreshSession, false));
}
return(authenticationResult.AccessToken);
}
private Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedNotification notification)
{
// good code
// Acquire a Token for the Graph API and cache it. In the TodoListController, we'll use the cache to acquire a token to the Todo List API
string userObjectId = notification.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential clientCred = new Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential(clientId, clientSecret);
AuthenticationContext authContext = new AuthenticationContext(authority, new Microsoft.IdentityModel.Clients.ActiveDirectory.TokenCache(Encoding.Default.GetBytes(userObjectId)));
Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationResult authResult = authContext.AcquireTokenByAuthorizationCodeAsync(
notification.Code, new Uri(notification.RedirectUri), clientCred, GraphResourceId).Result;
// decode token
// https://docs.microsoft.com/en-us/azure/active-directory/develop/access-tokens
idToken = authResult.IdToken;
accessToken = authResult.AccessToken;
return(Task.FromResult(0));
//string authorizationCode = notification.Code;
//ClientCredential clientCred = new ClientCredential(clientId, clientSecret);
//AuthenticationResult tokenResult = notification.(authorizationCode, new Uri(notification.RedirectUri), clientCred);
//return Task.FromResult(0);
/*
* var code = notification.Code;
* string signedInUserID = notification.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value;
*
* Microsoft.Identity.Client.TokenCache userTokenCache = new SessionTokenCache(
* signedInUserID,
* notification.OwinContext.Environment["System.Web.HttpContextBase"] as HttpContextBase).GetMsalCacheInstance();
*
*
* ConfidentialClientApplication cca = new ConfidentialClientApplicationBuilder(
* clientId,
* redirectUri,
* new Microsoft.Identity.Client.ClientCredential(clientSecret),
* userTokenCache,
* null);
* string[] scopes = graphScopes.Split(new char[] { ' ' });
*
* Microsoft.Identity.Client.AuthenticationResult result = await cca.AcquireTokenByAuthorizationCodeAsync(code, scopes);
* return Task.FromResult(0);
*/
}
public async Task <IAdalResult> AcquireTokenAsync(
string authorityHostUrl,
string resource,
string clientId,
Uri redirectUri,
string extraQueryParameters)
{
if (authorityHostUrl is null)
{
throw new ArgumentNullException(nameof(authorityHostUrl));
}
if (resource is null)
{
throw new ArgumentNullException(nameof(resource));
}
if (clientId is null)
{
throw new ArgumentNullException(nameof(clientId));
}
if (redirectUri is null)
{
throw new ArgumentNullException(nameof(redirectUri));
}
if (extraQueryParameters is null)
{
throw new ArgumentNullException(nameof(extraQueryParameters));
}
try
{
var authenticationContext = new ActiveDirectory.AuthenticationContext(authorityHostUrl, _cache);
var platformParameters = new ActiveDirectory.PlatformParameters(ActiveDirectory.PromptBehavior.SelectAccount);
var userIdentifier = ActiveDirectory.UserIdentifier.AnyUser;
ActiveDirectory.AuthenticationResult result = await authenticationContext.AcquireTokenAsync(resource,
clientId,
redirectUri,
platformParameters,
userIdentifier,
extraQueryParameters);
return(new Result(result));
}
catch (ActiveDirectory.AdalException exception)
{
throw new AuthenticationException(exception);
}
}
public async Task GetAuthToken_Azure_Success()
{
using (var autoMock = AutoMock.GetLoose())
{
AuthenticationSettings authenticationSettings = AuthenticationSettings.GetFromAppSettings();
string resource = "https://test";
Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationResult result = autoMock.Mock <Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationResult>().Object;
autoMock.Mock <AuthenticationContext>()
.Setup(t => t.AcquireTokenSilentAsync(resource, authenticationSettings.ClientId))
.Returns(() => Task.FromResult(result));
await AzureADHelper.GetToken("userUniqueId", authenticationSettings, resource);
}
}
protected override void PostTokenRequest(AuthenticationResult result)
{
base.PostTokenRequest(result);
this.UniqueId = (result.UserInfo == null) ? null : result.UserInfo.UniqueId;
this.DisplayableId = (result.UserInfo == null) ? null : result.UserInfo.DisplayableId;
if (result.Resource != null)
{
this.Resource = result.Resource;
Logger.Verbose(this.CallState, "Resource value in the token response was used for storing tokens in the cache");
}
// If resource is not passed as an argument and is not returned by STS either,
// we cannot store the token in the cache with null resource.
// TODO: Store refresh token though if STS supports MRRT.
this.StoreToCache = this.StoreToCache && (this.Resource != null);
}
/// <summary>
/// Create an application token provider that can retrieve tokens for the given application from the given context, using the given audience
/// and certificate.
/// See <see href="https://azure.microsoft.com/en-us/documentation/articles/active-directory-devquickstarts-dotnet/">Active Directory Quickstart for .Net</see>
/// for detailed instructions on creating an Azure Active Directory application.
/// </summary>
/// <param name="context">The authentication context to use when retrieving tokens.</param>
/// <param name="tokenAudience">The token audience to use when retrieving tokens.</param>
/// <param name="certificate">The certificate associated with Active Directory application.</param>
/// <param name="authenticationResult">The token details provided when authenticating with the client credentials.</param>
public ApplicationTokenProvider(AuthenticationContext context, string tokenAudience, ClientAssertionCertificate certificate, AuthenticationResult authenticationResult)
{
if (certificate == null)
{
throw new ArgumentNullException("certificate");
}
if (authenticationResult == null)
{
throw new ArgumentNullException("authenticationResult");
}
Initialize(context, tokenAudience, certificate.ClientId,
new CertificateAuthenticationProvider((clientId) => Task.FromResult(certificate)),
authenticationResult, authenticationResult.ExpiresOn);
}
//Once we have an AuthenticationResult, get user information.
private void PopulateCurrentUserInformation(AuthenticationResult result)
{
var rl = ResourceLoader.GetForCurrentView();
AuthenticationHelper._settings.Values["TenantId"] = result.TenantId;
AuthenticationHelper._settings.Values["LastAuthority"] = AuthenticationHelper._authenticationContext.Authority;
_displayName = result.UserInfo.GivenName;
_mailAddress = result.UserInfo.DisplayableId;
EmailAddressBox.Text = _mailAddress;
WelcomeText.Text = "Hi " + _displayName + ". " + rl.GetString("WelcomeMessage");
MailButton.IsEnabled = true;
EmailAddressBox.IsEnabled = true;
_userLoggedIn = true;
ProgressBar.Visibility = Visibility.Collapsed;
ConnectButton.Content = "disconnect";
}
/// <summary>
/// Refreshes the token used to access azure automation.
/// This is currently called from a timer that runs on the Constants.tokenRefreshInterval
/// If it is about to expire (2 minutes from the next refresh, it will renew)
/// </summary>
public void RefreshAutomationClientwithNewToken()
{
// Get the token for the tenant on this subscription and check if it is about to expire.
// If it is, refresh it if possible.
if (currSubscription == null) return;
if (azureARMAuthResult.ExpiresOn.ToLocalTime() < DateTime.Now.AddMinutes(Constants.tokenRefreshInterval + 2))
{
azureARMAuthResult = AuthenticateHelper.RefreshTokenByAuthority(currSubscription.ActiveDirectoryTenantId);
subscriptionCreds = new TokenCloudCredentials(currSubscription.SubscriptionId, azureARMAuthResult.AccessToken);
automationManagementClient = new AutomationManagementClient(subscriptionCreds);
// Add user agent string to indicate this is coming from the ISE automation client.
ProductInfoHeaderValue ISEClientAgent = new ProductInfoHeaderValue(Constants.ISEUserAgent, Constants.ISEVersion);
automationManagementClient.UserAgent.Add(ISEClientAgent);
}
}
protected void Page_Load(object sender, EventArgs e)
{
//Test for AuthenticationResult
if (Session["authResult"] != null)
{
//Get the authentication result from the session
authResult = (AuthenticationResult)Session["authResult"];
//Show Power BI Panel
signInStatus.Visible = true;
//Set user and token from authentication result
userLabel.Text = authResult.UserInfo.DisplayableId;
accessTokenTextbox.Text = authResult.AccessToken;
}
}
// Gets an access token. First tries to get the access token from the token cache.
// This app uses a password (secret) to authenticate. Production apps should use a certificate.
//public async Task<string> GetAppAccessTokenAsync()
//{
// try
// {
// // For development mode purposes only. Production apps should use a client certificate.
// return await GetUserAccessTokenAsync(_tenantId);
// }
// catch (AdalException ex)
// {
// throw ex;
// }
//}
// TODO: Once the new method above has been fully tested, deprecate the cmmented code below:
// Gets an access token. First tries to get the access token from the token cache.
// This app uses a password (secret) to authenticate. Production apps should use a certificate.
public async Task <string> GetAppAccessTokenAsync()
{
AuthenticationContext authContext = new AuthenticationContext($"{ _aadInstance }{ _tenantId }", null);
try
{
Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationResult authResult = await authContext.AcquireTokenAsync(
_graphResourceId,
new Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential(_appId, _appSecret)); // For development mode purposes only. Production apps should use a client certificate.
return(authResult.AccessToken);
}
catch (AdalException ex)
{
throw ex;
}
}
public async Task<bool> AuthenticateAsync()
{
await GetConfigAsync();
// prompts the user for authentication
_AuthenticationResult = await _Authenticator.Authenticate(_TenantAuthority, _ResourceUri, _AzureAuthenticationClientId, _ReturnUri);
var accessToken = await GetTokenAsync();
// instantiate an ActiveDirectoryClient to query the Graph API
var activeDirectoryGraphApiClient = new ActiveDirectoryClient(
new Uri(new Uri(_ResourceUri), _AzureGraphApiClientId),
() => Task.FromResult<string>(accessToken)
);
return true;
}
// GET api/GetToken
// This routine creates AzureAd token, another routine creates jwtBearer depending on which works with dual auth with cookies
public async Task <HttpResponseMessage> Get()
{
// OWIN middleware validated the audience and issuer, but the scope must also be validated; must contain "access_as_user".
string[] addinScopes = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/scope").Value.Split(' ');
if (addinScopes.Contains("access_as_user"))
{
var bootstrapContext = ClaimsPrincipal.Current.Identities.First().BootstrapContext as BootstrapContext;
Microsoft.IdentityModel.Clients.ActiveDirectory.UserAssertion userAssertion = new Microsoft.IdentityModel.Clients.ActiveDirectory.UserAssertion(bootstrapContext.Token);
authContextADAL = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext(authority, new FileCache());
Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationResult result = null;
Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential clientCred =
new Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential(clientIdAddin, PasswordAddin);
result = await authContextADAL.AcquireTokenAsync(enterpriseAppResourceId, clientCred, userAssertion);
HttpResponseMessage response = null;
try
{
//response = ODataHelper.SendRequestWithAccessToken(enterpriseAppBaseAddress + "api/branches", result.AccessToken);
httpClient.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", result.AccessToken);
// Call the To Do list service.
// Or call to /api/outlook/branches/user
response = await httpClient.GetAsync(enterpriseAppBaseAddress + "api/branches/user");
if (response.IsSuccessStatusCode)
{
return(response);
}
else
{
string failureDescription = await response.Content.ReadAsStringAsync();
return(SendErrorToClient(HttpStatusCode.Unauthorized, null, $"{response.ReasonPhrase}\n {failureDescription} " + "- An error occurred while getting /api/branches"));
}
}
catch (MsalServiceException e)
{
itemNames.Add("e.Message: " + e.Message);
}
}
// The token from the client does not have "access_as_user" permission.
return(SendErrorToClient(HttpStatusCode.Unauthorized, null, "Missing access_as_user."));
}
public async Task <Models.Message> GetChannelMessages(string messageId)
{
Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationResult res = await _authContext.AcquireTokenAsync("https://graph.microsoft.com", _credential);
string accessToken = res.AccessToken;
var req = new HttpRequestMessage
{
Method = HttpMethod.Get,
RequestUri = new Uri($"https://graph.microsoft.com/beta/teams/{_teamsId}/channels/{_channelId}/messages/{messageId}"),
};
req.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
var reqRes = await _httpClient.SendAsync(req);
string message = await reqRes.Content.ReadAsStringAsync();
Models.Message retContent = JsonSerializer.Deserialize <Models.Message>(message);
return(retContent);
}
/// <summary>
/// Fired when the user authenticates
/// </summary>
/// <param name="notification"></param>
/// <returns></returns>
private async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedNotification notification)
{
// Get the user's object id (used to name the token cache)
string userObjId = notification.AuthenticationTicket.Identity.FindFirst(Settings.AAD_OBJECTID_CLAIMTYPE).Value;
// Create a token cache
HttpContextBase httpContext = notification.OwinContext.Get <HttpContextBase>(typeof(HttpContextBase).FullName);
SessionTokenCache tokenCache = new SessionTokenCache(userObjId, httpContext);
// Exchange the auth code for a token
ADAL.ClientCredential clientCred = new ADAL.ClientCredential(Settings.AAD_APP_ID, Settings.AAD_APP_SECRET);
// Create the auth context
ADAL.AuthenticationContext authContext = new ADAL.AuthenticationContext(
string.Format(CultureInfo.InvariantCulture, Settings.AAD_INSTANCE, "common", ""), false, tokenCache);
ADAL.AuthenticationResult authResult = await authContext.AcquireTokenByAuthorizationCodeAsync(
notification.Code, notification.Request.Uri, clientCred, Settings.GRAPH_API_URL);
}
private async Task <AuthenticationResult> AcquireTokenSilentAsyncInternal(string resourceUrl, string clientId,
UserIdentifier userIdentifier)
{
OriginalAuthenticationResult authResult = null;
AuthenticationResult result;
try
{
authResult = await _context.AcquireTokenSilentAsync(resourceUrl, clientId, userIdentifier.GetOriginalUserIdentifier());
result = AuthenticationResult.From(authResult);
}
catch (Exception ex)
{
result = new AuthenticationResult(ex);
}
return(result);
}
private async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedNotification notification)
{
// Get the user's object id (used to name the token cache)
string userObjId = notification.AuthenticationTicket.Identity
.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
// Create a token cache
HttpContextBase httpContext = notification.OwinContext.Get <HttpContextBase>(typeof(HttpContextBase).FullName);
SessionTokenCache tokenCache = new SessionTokenCache(userObjId, httpContext);
// Exchange the auth code for a token
ADAL.ClientCredential clientCred = new ADAL.ClientCredential(appId, appSecret);
// Create the auth context
ADAL.AuthenticationContext authContext = new ADAL.AuthenticationContext(
authority, false, tokenCache);
ADAL.AuthenticationResult authResult = await authContext.AcquireTokenByAuthorizationCodeAsync(
notification.Code, notification.Request.Uri, clientCred, "https://graph.microsoft.com");
}
public void EnsureAuthenticationContext(String authority)
{
if (this.AuthenticationContext == null)
{
this.AuthenticationContext = new AuthenticationContext(authority);
var tokenCacheItem = AuthenticationContext.TokenCache.ReadItems().FirstOrDefault();
if (tokenCacheItem != null)
{
this.AuthenticationContext = new AuthenticationContext(tokenCacheItem.Authority);
}
}
this.AuthenticationResult =
this.AuthenticationContext.AcquireToken(
Office365ServicesUris.AADGraphAPIResourceId,
ClientId,
new Uri(RedirectUri));
}
// GET: Accounts
public ActionResult Index()
{
// TODO Substitute your correct CRM root service address,
string resource = "https://demogold.crm.dynamics.com";
// TODO Substitute your app registration values that can be obtained after you
// register the app in Active Directory on the Microsoft Azure portal.
string clientId = "c447dac5-f9bc-4ca2-bc0f-4d8c649583f9";
string redirectUrl = "https://localhost:44300/";
// Authenticate the registered application with Azure Active Directory.
AuthenticationContext authContext = new AuthenticationContext("https://login.windows.net/common", false);
_AuthenticationResult = authContext.AcquireToken(resource, clientId, new Uri(redirectUrl));
//using this page: https://github.com/jlattimer/CrmWebApiCSharp/blob/master/CrmWebApiCSharp/Program.cs
Task.WaitAll(Task.Run(async () => await GetAccounts()));
return View(_jAccounts);
}
/// <summary>
/// Default constructor.
/// </summary>
internal TokenCacheItem(TokenCacheKey key, AuthenticationResult result)
{
this.Authority = key.Authority;
this.Resource = key.Resource;
this.ClientId = key.ClientId;
this.TokenSubjectType = key.TokenSubjectType;
this.UniqueId = key.UniqueId;
this.DisplayableId = key.DisplayableId;
this.TenantId = result.TenantId;
this.ExpiresOn = result.ExpiresOn;
this.AccessToken = result.AccessToken;
this.IdToken = result.IdToken;
if (result.UserInfo != null)
{
this.FamilyName = result.UserInfo.FamilyName;
this.GivenName = result.UserInfo.GivenName;
this.IdentityProvider = result.UserInfo.IdentityProvider;
}
}
protected override void OnCreate(Bundle bundle)
{
base.OnCreate(bundle);
// Set our view from the "main" layout resource
SetContentView(Resource.Layout.Main);
// Get our button from the layout resource,
// and attach an event to it
Button button = FindViewById<Button>(Resource.Id.MyButton);
button.Click += async (sender, args) =>
{
var authContext = new AuthenticationContext(commonAuthority);
var cacheItems = authContext.TokenCache.ReadItems();
if (authContext.TokenCache.ReadItems().Count() > 0)
authContext = new AuthenticationContext(authContext.TokenCache.ReadItems().First().Authority);
authResult = await authContext.AcquireTokenAsync(graphResourceUri, clientId, returnUri, new PlatformParameters(this));
};
}
private async Task <AuthenticationResult> AcquireTokenAsyncInternal(string resourceUrl, string clientId,
Uri redirectUrl, int promptBehavior, UserIdentifier userIdentifier, string extraQueryParameters)
{
OriginalAuthenticationResult authResult = null;
AuthenticationResult result;
var platformParameters = new PlatformParameters(PromptBehavior.IntToEnum(promptBehavior), UseCorporateNetwork);
try
{
authResult = await _context.AcquireTokenAsync(resourceUrl, clientId, redirectUrl, platformParameters, userIdentifier.GetOriginalUserIdentifier(), extraQueryParameters);
result = AuthenticationResult.From(authResult);
}
catch (Exception ex)
{
result = new AuthenticationResult(ex);
}
return(result);
}
public ActionResult AppOnlyAccessToken()
{
string urlTokenEndpointForTenant =
string.Format("https://login.windows.net/{0}/oauth2/token",
CustomAuthenticationManager.GetTenantID());
ADAL.AuthenticationContext authenticationContext
= new ADAL.AuthenticationContext(urlTokenEndpointForTenant);
string resource = DemoConstants.TargetResource;
ADAL.ClientAssertionCertificate clientAssertionCertificate =
DemoConstants.GetClientAssertionCertificate();
ADAL.AuthenticationResult authenticationResult =
authenticationContext.AcquireToken(resource, clientAssertionCertificate);
string appOnlyAccessToken = authenticationResult.AccessToken;
JwtSecurityToken jwtAppOnlyAccessToken = new JwtSecurityToken(appOnlyAccessToken);
return(View(jwtAppOnlyAccessToken));
}
public async Task <IAdalResult> AcquireTokenAsync(
string authorityHostUrl,
string resource,
string clientId)
{
if (authorityHostUrl is null)
{
throw new ArgumentNullException(nameof(authorityHostUrl));
}
if (resource is null)
{
throw new ArgumentNullException(nameof(resource));
}
if (clientId is null)
{
throw new ArgumentNullException(nameof(clientId));
}
try
{
var authenticationContext = new ActiveDirectory.AuthenticationContext(authorityHostUrl, _cache);
var userCredential = new ActiveDirectory.UserCredential();
ActiveDirectory.AuthenticationResult result = await AdalExtentions.AcquireTokenAsync(authenticationContext,
resource,
clientId,
userCredential);
return(new Result(result));
}
// We should just be able to catch AdalException here but due to an ADAL bug an HttpRequestException can be leaked:
// https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/1285
// Until we update to ADAL 4.x or MSAL, we should just workaround this problem.
catch (Exception exception)
{
throw new AuthenticationException(exception);
}
}
public async Task <SubscriptionResponse> SetSubscription()
{
Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationResult res = await _authContext.AcquireTokenAsync("https://graph.microsoft.com", _credential);
string accessToken = res.AccessToken;
var req = new HttpRequestMessage
{
Method = HttpMethod.Post,
RequestUri = new Uri($"https://graph.microsoft.com/beta/subscriptions"),
};
req.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
var subscriptionSettting = new SubscriptionPost
{
ChangeType = "created,updated",
NotificationUrl = _subscriptionUrl,
ExpirationDateTime = DateTime.Now.AddMinutes(30),
Resource = $"/teams/{_teamsId}/channels/{_channelId}/messages"
};
string json = JsonSerializer.ToJsonString <SubscriptionPost>(subscriptionSettting);
StringContent content = new StringContent(json, Encoding.UTF8, "application/json");
req.Content = content;
var reqRes = await _httpClient.SendAsync(req);
if (reqRes.IsSuccessStatusCode)
{
string contentString = await reqRes.Content.ReadAsStringAsync();
SubscriptionResponse retContent = JsonSerializer.Deserialize <SubscriptionResponse>(contentString);
return(retContent);
}
else
{
throw new Exception("Failed Post Message");
}
}
protected virtual Task PostRunAsync(AuthenticationResult result)
{
LogReturnedToken(result);
return(CompletedTask);
}
public static async Task <string> FetchTokenAsync()
{
/*In case of using different profiles (AAD users) from one client
* 1. After Authentication during acquiring token, User Id shoud be recorded and saved
* 2. UserIdentifier should be created using previously saved UserId, as a hint for context, when acquiring token again
* e.g.: UserIdentifier userId = new UserIdentifier(PBIConfig.Profile, UserIdentifierType.UniqueId);
* 3. If you want to add new profile (user), than "Prompt Behavior" platform parameter should be set to "Always"
* a. in this case, the newly returned client id should be recorded again, and used as context information...
*/
Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationResult result = null;
// first, try to get a token silently
try
{
switch (PBIConfig.AuthMode)
{
case "Secret":
result = await AuthContext.AcquireTokenAsync(PBIConfig.ResourceUrl, new Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential(PBIConfig.ClientId, PBIConfig.ClientSecret));
break;
case "ClientId":
result = await AuthContext.AcquireTokenSilentAsync(PBIConfig.ResourceUrl, PBIConfig.ClientId);
break;
case "UserName":
result = await AuthContext.AcquireTokenAsync(PBIConfig.ResourceUrl, PBIConfig.ClientId, new UserCredential(PBIConfig.UserName));
break;
}
}
catch (AdalException adalException)
{
// There is no token in the cache; prompt the user to sign-in.
if (adalException.ErrorCode == AdalError.FailedToAcquireTokenSilently ||
adalException.ErrorCode == AdalError.InteractionRequired)
{
try
{
result = await AuthContext.AcquireTokenAsync(PBIConfig.ResourceUrl, PBIConfig.ClientId, new Uri(PBIConfig.RedirectUrl), new PlatformParameters(PromptBehavior.Auto));
}
catch (Exception e)
{
//Log Exception
}
}
else
{
//Log exception
}
// An unexpected error occurred.
// ShowError(adalException);
}
catch (Exception e)
{
//Log Exception
}
return(result.AccessToken);
}
// GET: /<controller>/
public async Task <ActionResult> Index()
{
Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationResult result = null;
try
{
//string userObjectID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
AuthenticationContext authContext = new AuthenticationContext(authority);
ClientCredential credential = new ClientCredential(clientId, appKey);
//#if ASPNET50
// result = await authContext.AcquireTokenAsync(todoListResourceId, clientId, new Uri("http://localhost:42023"), null);
//#endif
result = await authContext.AcquireTokenAsync(todoListResourceId, credential);
//
// Retrieve the user's To Do List.
//
HttpClient client = new HttpClient();
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, todoListBaseAddress + "/api/todolist");
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken);
HttpResponseMessage response = await client.SendAsync(request);
//
// Return the To Do List in the view.
//
if (response.IsSuccessStatusCode)
{
string responseContent = await response.Content.ReadAsStringAsync();
ViewBag.Message = "Success";
ViewBag.Content = responseContent;
return(View());
}
else
{
ViewBag.Message = "Failure";
//
// If the call failed with access denied, then drop the current access token from the cache,
// and show the user an error indicating they might need to sign-in again.
//
if (response.StatusCode == System.Net.HttpStatusCode.Unauthorized)
{
var todoTokens = authContext.TokenCache.ReadItems().Where(a => a.Resource == todoListResourceId);
foreach (TokenCacheItem tci in todoTokens)
{
authContext.TokenCache.DeleteItem(tci);
}
ViewBag.ErrorMessage = "UnexpectedError";
return(View());
}
}
}
catch (Exception ee)
{
ViewBag.Message = ee.Message + ee.InnerException;
//ViewBag.Message = "AuthorizationRequired";
return(View());
}
//
// If the call failed for any other reason, show the user an error.
//
return(View("Error"));
}
private static async Task <string> GetToken()
{
Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationResult result = await context.AcquireTokenAsync(resource, credential);
return(result.AccessToken);
}
public void AddAccessToken(Uri orgUri, Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationResult accessToken)
{
// Access tokens can be matched on the hostname,
// different endpoints in the same organization can use the same access token
accessTokens[orgUri.Host] = accessToken;
}
