protected override async Task PreRunAsync() { await base.PreRunAsync(); // We cannot move the following lines to UserCredential as one of these calls in async. // It cannot be moved to constructor or property or a pure sync or async call. This is why we moved it here which is an async call already. if (string.IsNullOrWhiteSpace(this.userCredential.UserName)) { #if ADAL_NET this.userCredential.UserName = PlatformSpecificHelper.GetUserPrincipalName(); #else this.userCredential.UserName = await PlatformSpecificHelper.GetUserPrincipalNameAsync(); #endif if (string.IsNullOrWhiteSpace(userCredential.UserName)) { Logger.Information(this.CallState, "Could not find UPN for logged in user"); var ex = new AdalException(AdalError.UnknownUser); Logger.LogException(this.CallState, ex); throw ex; } Logger.Information(this.CallState, "Logged in user '{0}' detected", userCredential.UserName); } this.DisplayableId = userCredential.UserName; }
public static string CheckForExtraQueryParameter(string url) { string extraQueryParameter = PlatformSpecificHelper.GetEnvironmentVariable("ExtraQueryParameter"); string delimiter = (url.IndexOf('?') > 0) ? "&" : "?"; if (!string.IsNullOrWhiteSpace(extraQueryParameter)) { url += string.Concat(delimiter, extraQueryParameter); } return(url); }
public void AddAdalIdParameters(IDictionary <string, string> parameters) { parameters[AdalIdParameter.Product] = PlatformSpecificHelper.GetProductName(); parameters[AdalIdParameter.Version] = AdalIdHelper.GetAdalVersion(); #if !ADAL_WINPHONE parameters[AdalIdParameter.CpuPlatform] = AdalIdHelper.GetProcessorArchitecture(); #endif #if ADAL_NET parameters[AdalIdParameter.OS] = Environment.OSVersion.ToString(); #endif }
public AcquireTokenOnBehalfHandler(Authenticator authenticator, TokenCache tokenCache, string resource, ClientKey clientKey, UserAssertion userAssertion, bool callSync) : base(authenticator, tokenCache, resource, clientKey, TokenSubjectType.UserPlusClient, callSync) { if (userAssertion == null) { throw new ArgumentNullException("userAssertion"); } this.userAssertion = userAssertion; this.DisplayableId = userAssertion.UserName; this.assertionHash = PlatformSpecificHelper.CreateSha256Hash(userAssertion.Assertion); this.SupportADFS = true; }
public AuthenticatorTemplateList() { string[] trustedHostList = { "login.windows.net", "login.chinacloudapi.cn", "login.cloudgovapi.us", "login.microsoftonline.com" }; string customAuthorityHost = PlatformSpecificHelper.GetEnvironmentVariable("customTrustedHost"); if (string.IsNullOrWhiteSpace(customAuthorityHost)) { foreach (string host in trustedHostList) { this.Add(AuthenticatorTemplate.CreateFromHost(host)); } } else { this.Add(AuthenticatorTemplate.CreateFromHost(customAuthorityHost)); } }
private void LogReturnedToken(AuthenticationResult result) { if (result.AccessToken != null) { string accessTokenHash = PlatformSpecificHelper.CreateSha256Hash(result.AccessToken); string logMessage; if (result.RefreshToken != null) { string refreshTokenHash = PlatformSpecificHelper.CreateSha256Hash(result.RefreshToken); logMessage = string.Format("Access Token with hash '{0}' and Refresh Token with hash '{1}' returned", accessTokenHash, refreshTokenHash); } else { logMessage = string.Format("Access Token with hash '{0}' returned", accessTokenHash); } Logger.Verbose(this.CallState, logMessage); } }
private void LogReturnedToken(AuthenticationResult result) { if (result.AccessToken != null) { string accessTokenHash = PlatformSpecificHelper.CreateSha256Hash(result.AccessToken); string refreshTokenHash; if (result.RefreshToken != null) { refreshTokenHash = PlatformSpecificHelper.CreateSha256Hash(result.RefreshToken); } else { refreshTokenHash = "[No Refresh Token]"; } Logger.Information(this.CallState, "=== Token Acquisition finished successfully. An access token was retuned:\n\tAccess Token Hash: {0}\n\tRefresh Token Hash: {1}\n\tExpiration Time: {2}\n\tUser Hash: {3}\n\t", accessTokenHash, refreshTokenHash, result.ExpiresOn, result.UserInfo != null ? PlatformSpecificHelper.CreateSha256Hash(result.UserInfo.UniqueId) : "null"); } }
public void AddAdalIdParameters(IDictionary <string, string> parameters) { parameters[AdalIdParameter.Product] = PlatformSpecificHelper.GetProductName(); parameters[AdalIdParameter.Version] = AdalIdHelper.GetAdalVersion(); #if !ADAL_WINPHONE parameters[AdalIdParameter.CpuPlatform] = AdalIdHelper.GetProcessorArchitecture(); #endif #if ADAL_NET parameters[AdalIdParameter.OS] = Environment.OSVersion.ToString(); // Since ADAL .NET may be used on servers, for security reasons, we do not emit device type. #else // In WinRT, there is no way to reliably get OS version. All can be done reliably is to check // for existence of specific features which does not help in this case, so we do not emit OS in WinRT. var deviceInformation = new Windows.Security.ExchangeActiveSyncProvisioning.EasClientDeviceInformation(); parameters[AdalIdParameter.DeviceModel] = deviceInformation.SystemProductName; #endif }
public AuthenticatorTemplateList() { string[] trustedHostList = { "login.windows.net", // Microsoft Azure Worldwide - Used in validation scenarios where host is not this list "login.chinacloudapi.cn", // Microsoft Azure China "login-us.microsoftonline.com", // Microsoft Azure US Government "login.microsoftonline.com" // Microsoft Azure Worldwide }; string customAuthorityHost = PlatformSpecificHelper.GetEnvironmentVariable("customTrustedHost"); if (string.IsNullOrWhiteSpace(customAuthorityHost)) { foreach (string host in trustedHostList) { this.Add(AuthenticatorTemplate.CreateFromHost(host)); } } else { this.Add(AuthenticatorTemplate.CreateFromHost(customAuthorityHost)); } }
public void Close() { PlatformSpecificHelper.CloseHttpWebResponse(this.response); }
static AuthenticationContext() { Logger.Information(null, string.Format("ADAL {0} with assembly version '{1}', file version '{2}' and informational version '{3}' is running...", PlatformSpecificHelper.GetProductName(), AdalIdHelper.GetAdalVersion(), AdalIdHelper.GetAssemblyFileVersion(), AdalIdHelper.GetAssemblyInformationalVersion())); }
protected override async Task PreTokenRequest() { await base.PreTokenRequest(); if (this.userAssertion == null) { UserRealmDiscoveryResponse userRealmResponse = await UserRealmDiscoveryResponse.CreateByDiscoveryAsync(this.Authenticator.UserRealmUri, this.userCredential.UserName, this.CallState); Logger.Information(this.CallState, "User with hash '{0}' detected as '{1}'", PlatformSpecificHelper.CreateSha256Hash(this.userCredential.UserName), userRealmResponse.AccountType); if (string.Compare(userRealmResponse.AccountType, "federated", StringComparison.OrdinalIgnoreCase) == 0) { if (string.IsNullOrWhiteSpace(userRealmResponse.FederationMetadataUrl)) { throw new AdalException(AdalError.MissingFederationMetadataUrl); } WsTrustAddress wsTrustAddress = await MexParser.FetchWsTrustAddressFromMexAsync(userRealmResponse.FederationMetadataUrl, this.userCredential.UserAuthType, this.CallState); Logger.Information(this.CallState, "WS-Trust endpoint '{0}' fetched from MEX at '{1}'", wsTrustAddress.Uri, userRealmResponse.FederationMetadataUrl); WsTrustResponse wsTrustResponse = await WsTrustRequest.SendRequestAsync(wsTrustAddress, this.userCredential, this.CallState); Logger.Information(this.CallState, "Token of type '{0}' acquired from WS-Trust endpoint", wsTrustResponse.TokenType); // We assume that if the response token type is not SAML 1.1, it is SAML 2 this.userAssertion = new UserAssertion(wsTrustResponse.Token, (wsTrustResponse.TokenType == WsTrustResponse.Saml1Assertion) ? OAuthGrantType.Saml11Bearer : OAuthGrantType.Saml20Bearer); } else if (string.Compare(userRealmResponse.AccountType, "managed", StringComparison.OrdinalIgnoreCase) == 0) { // handle password grant flow for the managed user if (this.userCredential.PasswordToCharArray() == null) { throw new AdalException(AdalError.PasswordRequiredForManagedUserError); } } else { throw new AdalException(AdalError.UnknownUserType); } } }