protected override async Task PreRunAsync()
{
await base.PreRunAsync();
// We cannot move the following lines to UserCredential as one of these calls in async.
// It cannot be moved to constructor or property or a pure sync or async call. This is why we moved it here which is an async call already.
if (string.IsNullOrWhiteSpace(this.userCredential.UserName))
{
#if ADAL_NET
this.userCredential.UserName = PlatformSpecificHelper.GetUserPrincipalName();
#else
this.userCredential.UserName = await PlatformSpecificHelper.GetUserPrincipalNameAsync();
#endif
if (string.IsNullOrWhiteSpace(userCredential.UserName))
{
Logger.Information(this.CallState, "Could not find UPN for logged in user");
var ex = new AdalException(AdalError.UnknownUser);
Logger.LogException(this.CallState, ex);
throw ex;
}
Logger.Information(this.CallState, "Logged in user '{0}' detected", userCredential.UserName);
}
this.DisplayableId = userCredential.UserName;
}
public static string CheckForExtraQueryParameter(string url)
{
string extraQueryParameter = PlatformSpecificHelper.GetEnvironmentVariable("ExtraQueryParameter");
string delimiter = (url.IndexOf('?') > 0) ? "&" : "?";
if (!string.IsNullOrWhiteSpace(extraQueryParameter))
{
url += string.Concat(delimiter, extraQueryParameter);
}
return(url);
}
public void AddAdalIdParameters(IDictionary <string, string> parameters)
{
parameters[AdalIdParameter.Product] = PlatformSpecificHelper.GetProductName();
parameters[AdalIdParameter.Version] = AdalIdHelper.GetAdalVersion();
#if !ADAL_WINPHONE
parameters[AdalIdParameter.CpuPlatform] = AdalIdHelper.GetProcessorArchitecture();
#endif
#if ADAL_NET
parameters[AdalIdParameter.OS] = Environment.OSVersion.ToString();
#endif
}
public AcquireTokenOnBehalfHandler(Authenticator authenticator, TokenCache tokenCache, string resource, ClientKey clientKey, UserAssertion userAssertion, bool callSync)
: base(authenticator, tokenCache, resource, clientKey, TokenSubjectType.UserPlusClient, callSync)
{
if (userAssertion == null)
{
throw new ArgumentNullException("userAssertion");
}
this.userAssertion = userAssertion;
this.DisplayableId = userAssertion.UserName;
this.assertionHash = PlatformSpecificHelper.CreateSha256Hash(userAssertion.Assertion);
this.SupportADFS = true;
}
public AuthenticatorTemplateList()
{
string[] trustedHostList = { "login.windows.net", "login.chinacloudapi.cn", "login.cloudgovapi.us", "login.microsoftonline.com" };
string customAuthorityHost = PlatformSpecificHelper.GetEnvironmentVariable("customTrustedHost");
if (string.IsNullOrWhiteSpace(customAuthorityHost))
{
foreach (string host in trustedHostList)
{
this.Add(AuthenticatorTemplate.CreateFromHost(host));
}
}
else
{
this.Add(AuthenticatorTemplate.CreateFromHost(customAuthorityHost));
}
}
private void LogReturnedToken(AuthenticationResult result)
{
if (result.AccessToken != null)
{
string accessTokenHash = PlatformSpecificHelper.CreateSha256Hash(result.AccessToken);
string logMessage;
if (result.RefreshToken != null)
{
string refreshTokenHash = PlatformSpecificHelper.CreateSha256Hash(result.RefreshToken);
logMessage = string.Format("Access Token with hash '{0}' and Refresh Token with hash '{1}' returned", accessTokenHash, refreshTokenHash);
}
else
{
logMessage = string.Format("Access Token with hash '{0}' returned", accessTokenHash);
}
Logger.Verbose(this.CallState, logMessage);
}
}
private void LogReturnedToken(AuthenticationResult result)
{
if (result.AccessToken != null)
{
string accessTokenHash = PlatformSpecificHelper.CreateSha256Hash(result.AccessToken);
string refreshTokenHash;
if (result.RefreshToken != null)
{
refreshTokenHash = PlatformSpecificHelper.CreateSha256Hash(result.RefreshToken);
}
else
{
refreshTokenHash = "[No Refresh Token]";
}
Logger.Information(this.CallState, "=== Token Acquisition finished successfully. An access token was retuned:\n\tAccess Token Hash: {0}\n\tRefresh Token Hash: {1}\n\tExpiration Time: {2}\n\tUser Hash: {3}\n\t",
accessTokenHash, refreshTokenHash, result.ExpiresOn,
result.UserInfo != null ? PlatformSpecificHelper.CreateSha256Hash(result.UserInfo.UniqueId) : "null");
}
}
public void AddAdalIdParameters(IDictionary <string, string> parameters)
{
parameters[AdalIdParameter.Product] = PlatformSpecificHelper.GetProductName();
parameters[AdalIdParameter.Version] = AdalIdHelper.GetAdalVersion();
#if !ADAL_WINPHONE
parameters[AdalIdParameter.CpuPlatform] = AdalIdHelper.GetProcessorArchitecture();
#endif
#if ADAL_NET
parameters[AdalIdParameter.OS] = Environment.OSVersion.ToString();
// Since ADAL .NET may be used on servers, for security reasons, we do not emit device type.
#else
// In WinRT, there is no way to reliably get OS version. All can be done reliably is to check
// for existence of specific features which does not help in this case, so we do not emit OS in WinRT.
var deviceInformation = new Windows.Security.ExchangeActiveSyncProvisioning.EasClientDeviceInformation();
parameters[AdalIdParameter.DeviceModel] = deviceInformation.SystemProductName;
#endif
}
public AuthenticatorTemplateList()
{
string[] trustedHostList =
{
"login.windows.net", // Microsoft Azure Worldwide - Used in validation scenarios where host is not this list
"login.chinacloudapi.cn", // Microsoft Azure China
"login-us.microsoftonline.com", // Microsoft Azure US Government
"login.microsoftonline.com" // Microsoft Azure Worldwide
};
string customAuthorityHost = PlatformSpecificHelper.GetEnvironmentVariable("customTrustedHost");
if (string.IsNullOrWhiteSpace(customAuthorityHost))
{
foreach (string host in trustedHostList)
{
this.Add(AuthenticatorTemplate.CreateFromHost(host));
}
}
else
{
this.Add(AuthenticatorTemplate.CreateFromHost(customAuthorityHost));
}
}
public void Close()
{
PlatformSpecificHelper.CloseHttpWebResponse(this.response);
}
static AuthenticationContext()
{
Logger.Information(null, string.Format("ADAL {0} with assembly version '{1}', file version '{2}' and informational version '{3}' is running...",
PlatformSpecificHelper.GetProductName(), AdalIdHelper.GetAdalVersion(), AdalIdHelper.GetAssemblyFileVersion(), AdalIdHelper.GetAssemblyInformationalVersion()));
}
protected override async Task PreTokenRequest()
{
await base.PreTokenRequest();
if (this.userAssertion == null)
{
UserRealmDiscoveryResponse userRealmResponse = await UserRealmDiscoveryResponse.CreateByDiscoveryAsync(this.Authenticator.UserRealmUri, this.userCredential.UserName, this.CallState);
Logger.Information(this.CallState, "User with hash '{0}' detected as '{1}'", PlatformSpecificHelper.CreateSha256Hash(this.userCredential.UserName), userRealmResponse.AccountType);
if (string.Compare(userRealmResponse.AccountType, "federated", StringComparison.OrdinalIgnoreCase) == 0)
{
if (string.IsNullOrWhiteSpace(userRealmResponse.FederationMetadataUrl))
{
throw new AdalException(AdalError.MissingFederationMetadataUrl);
}
WsTrustAddress wsTrustAddress = await MexParser.FetchWsTrustAddressFromMexAsync(userRealmResponse.FederationMetadataUrl, this.userCredential.UserAuthType, this.CallState);
Logger.Information(this.CallState, "WS-Trust endpoint '{0}' fetched from MEX at '{1}'", wsTrustAddress.Uri, userRealmResponse.FederationMetadataUrl);
WsTrustResponse wsTrustResponse = await WsTrustRequest.SendRequestAsync(wsTrustAddress, this.userCredential, this.CallState);
Logger.Information(this.CallState, "Token of type '{0}' acquired from WS-Trust endpoint", wsTrustResponse.TokenType);
// We assume that if the response token type is not SAML 1.1, it is SAML 2
this.userAssertion = new UserAssertion(wsTrustResponse.Token, (wsTrustResponse.TokenType == WsTrustResponse.Saml1Assertion) ? OAuthGrantType.Saml11Bearer : OAuthGrantType.Saml20Bearer);
}
else if (string.Compare(userRealmResponse.AccountType, "managed", StringComparison.OrdinalIgnoreCase) == 0)
{
// handle password grant flow for the managed user
if (this.userCredential.PasswordToCharArray() == null)
{
throw new AdalException(AdalError.PasswordRequiredForManagedUserError);
}
}
else
{
throw new AdalException(AdalError.UnknownUserType);
}
}
}
