// If the javascript issues an OIDC authorize reuest, and it succeeds, the user is already logged
// into AAD. Since the AAD session cookie has changed, we need to check if the same use is still
// logged in.
public static Task AuthorizationCodeRecieved(AuthorizationCodeReceivedNotification notification)
{
// If the successful authorize request was issued by the SingleSignOut javascript
if (notification.AuthenticationTicket.Properties.RedirectUri.Contains("SessionChanged"))
{
// Clear the SingleSignOutCookie
notification.Response.Cookies.Append("SingleSignOut" + clientId, "");
Claim existingUserObjectId = notification.OwinContext.Authentication.User.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier");
Claim incomingUserObjectId = notification.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier");
if (existingUserObjectId.Value != null && incomingUserObjectId != null)
{
// If a different user is logged into AAD
if (existingUserObjectId.Value != incomingUserObjectId.Value)
{
// No need to clear the session state here. It has already been
// updated with the new user's session state in SecurityTokenValidated.
notification.Response.Redirect("Account/SingleSignOut");
notification.HandleResponse();
}
// If the same user is logged into AAD
else if (existingUserObjectId.Value == incomingUserObjectId.Value)
{
// No need to clear the session state, SecurityTokenValidated will do so.
// Simply redirect the iframe to a page other than SingleSignOut to reset
// the timer in the javascript.
notification.Response.Redirect("/");
notification.HandleResponse();
}
}
}
return(Task.FromResult <object>(null));
}
private async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedNotification context)
{
// If there is a code in the OpenID Connect response, redeem it for an access token and store it away.
var code = context.Code;
string userObjectId = context.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
SampleTokenCache tokenCache = new SampleTokenCache(userObjectId);
var credential = new ClientCredential(ClientSecret);
var cca = new ConfidentialClientApplication(
ClientId,
context.Request.Uri.ToString(),
credential,
tokenCache.GetMsalCacheInstance(),
null);
try
{
var result = await cca.AcquireTokenByAuthorizationCodeAsync(code, Scopes);
}
catch (MsalException ex)
{
context.HandleResponse();
context.Response.Redirect($"/error/index?message={ex.Message}");
}
}
public async Task HandleOpenIdAuthorizationCodeAsync(
AuthorizationCodeReceivedNotification authorizationCodeReceived)
{
string tokenAsBase64 =
JwtTokenHelper.CreateSecurityTokenDescriptor(authorizationCodeReceived.JwtSecurityToken.Claims,
_jwtOptions).CreateTokenAsBase64();
authorizationCodeReceived.AuthenticationTicket.Properties.RedirectUri +=
string.Format("&{0}={1}", _jwtOptions.JwtTokenParameterName, tokenAsBase64);
if (_createConsentOptions.CreateConsentAsync != null)
{
await _createConsentOptions.CreateConsentAsync(authorizationCodeReceived.Response,
new Uri(authorizationCodeReceived.AuthenticationTicket.Properties.RedirectUri));
authorizationCodeReceived.HandleResponse();
}
else
{
string implicitConsent = string.Format("&{0}={1}", _consentHandlerOptions.ConsentParameterName,
Uri.EscapeDataString("implicit"));
authorizationCodeReceived.AuthenticationTicket.Properties.RedirectUri += implicitConsent;
}
}
private async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedNotification notification)
{
string signedInUserId = notification.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value;
SessionTokenCache tokenCache = new SessionTokenCache(
signedInUserId,
notification.OwinContext.Environment["System.Web.HttpContextBase"] as HttpContextBase);
ConfidentialClientApplication cca = new ConfidentialClientApplication(
appId,
redirectUri,
new ClientCredential(appPassword),
tokenCache.GetMsalCacheInstance(),
null);
try
{
var result = await cca.AcquireTokenByAuthorizationCodeAsync(notification.Code, scopes);
}
catch (MsalException ex)
{
string message, debug;
message = "AcquireTokenByAuthorizationCodeAsync threw an exception";
debug = ex.Message;
notification.HandleResponse();
notification.Response.Redirect("/Home/Error?message=" + message + "&debug=" + debug);
}
}
private Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedNotification context)
{
context.HandleResponse();
var token = context.JwtSecurityToken.ToString();
context.Response.Redirect(string.Format("/Main.aspx?Token={0}", token));
return(Task.FromResult(0));
}
private async Task OnAuthorizationCodeReceivedAsync(AuthorizationCodeReceivedNotification notification)
{
var idClient = ConfidentialClientApplicationBuilder.Create(appId)
.WithRedirectUri(redirectUri)
.WithClientSecret(appSecret)
.Build();
var signedInUserId = notification.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value;
var tokenStore = new SessionTokenStore(signedInUserId, HttpContext.Current);
tokenStore.Initialize(idClient.UserTokenCache);
try
{
string[] scopes = graphScopes.Split(' ');
var result = await idClient.AcquireTokenByAuthorizationCode(
scopes, notification.Code).ExecuteAsync();
var userDetails = await GraphHelper.GetUserDetailsAsync(result.AccessToken);
var cachedUser = new CachedUser()
{
DisplayName = userDetails.DisplayName,
Email = string.IsNullOrEmpty(userDetails.Mail) ?
userDetails.UserPrincipalName : userDetails.Mail,
Avatar = string.Empty
};
tokenStore.SaveUserDetails(cachedUser);
}
catch (MsalException ex)
{
string message = "AcquireTokenByAuthorizationCodeAsync threw an exception";
notification.HandleResponse();
notification.Response.Redirect($"/Home/Error?message={message}&debug={ex.Message}");
}
catch (Microsoft.Graph.ServiceException ex)
{
string message = "GetUserDetailsAsync threw an exception";
notification.HandleResponse();
notification.Response.Redirect($"/Home/Error?message={message}&debug={ex.Message}");
}
}
private async Task OnAuthorizationCodeReceivedAsync(AuthorizationCodeReceivedNotification notification)
{
notification.HandleCodeRedemption();
var idClient = ConfidentialClientApplicationBuilder.Create(appId)
.WithRedirectUri(redirectUri)
.WithClientSecret(appSecret)
.Build();
var signedInUser = new ClaimsPrincipal(notification.AuthenticationTicket.Identity);
var tokenStore = new SessionTokenStore(idClient.UserTokenCache, HttpContext.Current, signedInUser);
try
{
string[] scopes = graphScopes.Split(' ');
var result = await idClient.AcquireTokenByAuthorizationCode(
scopes, notification.Code).ExecuteAsync();
var userDetails = await GraphHelper.GetUserDetailsAsync(result.AccessToken);
var handler = new JwtSecurityTokenHandler();
var jsonToken = handler.ReadToken(result.IdToken) as JwtSecurityToken;
var sid = jsonToken.Claims.First(claim => claim.Type == "sid");
tokenStore.SaveSid(sid.Value);
tokenStore.SaveUserDetails(userDetails);
notification.HandleCodeRedemption(null, result.IdToken);
}
catch (MsalException ex)
{
string message = "AcquireTokenByAuthorizationCodeAsync threw an exception";
notification.HandleResponse();
notification.Response.Redirect($"/Home/Error?message={message}&debug={ex.Message}");
}
catch (Microsoft.Graph.ServiceException ex)
{
string message = "GetUserDetailsAsync threw an exception";
notification.HandleResponse();
notification.Response.Redirect($"/Home/Error?message={message}&debug={ex.Message}");
}
}
private async Task OnAuthorizationCodeReceivedAsync(AuthorizationCodeReceivedNotification notification)
{
// Get the signed in user's id and create a token cache
string signedInUserId = notification.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value;
SessionTokenStore tokenStore = new SessionTokenStore(signedInUserId,
notification.OwinContext.Environment["System.Web.HttpContextBase"] as HttpContextBase);
var idClient = new ConfidentialClientApplication(
appId, redirectUri, new ClientCredential(appSecret), tokenStore.GetMsalCacheInstance(), null);
try
{
string[] scopes = graphScopes.Split(' ');
var result = await idClient.AcquireTokenByAuthorizationCodeAsync(
notification.Code, scopes);
var userDetails = await GraphHelper.GetUserDetailsAsync(result.AccessToken);
var cachedUser = new CachedUser()
{
DisplayName = userDetails.DisplayName,
Email = string.IsNullOrEmpty(userDetails.Mail) ?
userDetails.UserPrincipalName : userDetails.Mail,
Avatar = string.Empty,
AccessToken = result.AccessToken
};
tokenStore.SaveUserDetails(cachedUser);
}
catch (MsalException ex)
{
string message = "AcquireTokenByAuthorizationCodeAsync threw an exception";
notification.HandleResponse();
notification.Response.Redirect($"/Home/Error?message={message}&debug={ex.Message}");
}
catch (Microsoft.Graph.ServiceException ex)
{
string message = "GetUserDetailsAsync threw an exception";
notification.HandleResponse();
notification.Response.Redirect($"/Home/Error?message={message}&debug={ex.Message}");
}
}
// If the javascript issues an OIDC authorize reuest, and it succeeds, the user is already logged
// into AAD. Since the AAD session cookie has changed, we need to check if the same use is still
// logged in.
public static Task AuthorizationCodeRecieved(AuthorizationCodeReceivedNotification notification)
{
// If the successful authorize request was issued by the SingleSignOut javascript
if (notification.AuthenticationTicket.Properties.RedirectUri.Contains("SessionChanged"))
{
// Clear the SingleSignOut Cookie
ICookieManager cookieManager = new ChunkingCookieManager();
string cookie = cookieManager.GetRequestCookie(notification.OwinContext, CookieName);
AuthenticationTicket ticket = ticketDataFormat.Unprotect(cookie);
if (ticket.Properties.Dictionary != null)
{
ticket.Properties.Dictionary[OpenIdConnectAuthenticationDefaults.AuthenticationType + "SingleSignOut"] = "";
}
cookieManager.AppendResponseCookie(notification.OwinContext, CookieName, ticketDataFormat.Protect(ticket), new CookieOptions());
Claim existingUserObjectId = notification.OwinContext.Authentication.User.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier");
Claim incomingUserObjectId = notification.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier");
if (existingUserObjectId.Value != null && incomingUserObjectId != null)
{
// If a different user is logged into AAD
if (existingUserObjectId.Value != incomingUserObjectId.Value)
{
// No need to clear the session state here. It has already been
// updated with the new user's session state in SecurityTokenValidated.
notification.Response.Redirect("Account/SingleSignOut");
notification.HandleResponse();
}
// If the same user is logged into AAD
else if (existingUserObjectId.Value == incomingUserObjectId.Value)
{
// No need to clear the session state, SecurityTokenValidated will do so.
// Simply redirect the iframe to a page other than SingleSignOut to reset
// the timer in the javascript.
notification.Response.Redirect("/");
notification.HandleResponse();
}
}
}
return(Task.FromResult <object>(null));
}
private static async Task OnAuthorizationCodeReceivedAsync(AuthorizationCodeReceivedNotification notification)
{
//IConfidentialClientApplication clientApp = MsalAppBuilder.
notification.HandleCodeRedemption();
var idClient = ConfidentialClientApplicationBuilder.Create(appId)
.WithRedirectUri(redirectUri)
.WithClientSecret(appSecret)
.Build();
var signedInUser = new ClaimsPrincipal(notification.AuthenticationTicket.Identity);
var tokenStore = new SessionTokenStore(idClient.UserTokenCache, HttpContext.Current, signedInUser);
try
{
string[] scopes = graphScopes.Split(' ');
var result = await idClient.AcquireTokenByAuthorizationCode(
scopes, notification.Code).ExecuteAsync();
//var userMessage = await GraphHelper.GetMeAsync(result.AccessToken);
//var userSend = await GraphHelper.SendMailAsync(result.AccessToken);
//var userDetails = await OutlookFW.Web.Controllers.MailController._mailAppService.GetUserDetailsAsync(result.AccessToken);
//email= userDetails.Email.ToString();
accessToken = result.AccessToken;
//tokenStore.SaveUserDetails(userDetails);
notification.HandleCodeRedemption(null, result.IdToken);
}
catch (MsalException ex)
{
string message = "AcquireTokenByAuthorizationCodeAsync threw an exception";
notification.HandleResponse();
notification.Response.Redirect($"/Home/Error?message={message}&debug={ex.Message}");
}
catch (Microsoft.Graph.ServiceException ex)
{
string message = "GetUserDetailsAsync threw an exception";
notification.HandleResponse();
notification.Response.Redirect($"/Home/Error?message={message}&debug={ex.Message}");
}
}
private static void HandlePolicyViolation(AuthorizationCodeReceivedNotification notification, ServerException ex)
{
if (ex.Status == HttpStatusCode.NotAcceptable)
{
notification.Response.Redirect(ex.GetErrorData <ValidationError>().Url);
notification.HandleResponse();
}
else
{
_debugLogger?.Invoke(ex.ErrorData);
_debugLogger?.Invoke(ex.Message);
_exceptionLogger?.Invoke(ex);
notification.OwinContext.Authentication.SignIn(notification.AuthenticationTicket.Identity);
}
}
/*
* Callback function when an authorization code is received
*/
private static async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedNotification notification, TokenProviderConfiguration configuration)
{
var ct = HttpContext.Current;
try
{
if (IsMfaRequired(notification, configuration) && !notification.AuthenticationTicket.Identity.Claims.Any(c => c.Type == "mfa_required" && c.Value == "true"))
{
throw new UnauthorizedAccessException("MFA required");
}
await ExchangeAuthCodeWithToken(notification, configuration);
try
{
await ValidatePolicies(notification);
notification.OwinContext.Authentication.SignIn(notification.AuthenticationTicket.Identity);
notification.Response.Redirect(notification.RedirectUri);
notification.HandleResponse();
HttpContext.Current = ct;
}
catch (AggregateException aex)
{
_exceptionLogger?.Invoke(aex);
if (aex.InnerException != null)
{
_exceptionLogger?.Invoke(aex.InnerException);
}
HttpContext.Current = ct;
if (aex.InnerException is ServerException serverException)
{
HandlePolicyViolation(notification, serverException);
}
}
catch (ServerException ex)
{
_exceptionLogger?.Invoke(ex);
HttpContext.Current = ct;
HandlePolicyViolation(notification, ex);
}
}
catch (Exception ex)
{
HttpContext.Current = ct;
_exceptionLogger?.Invoke(ex);
throw;
}
}
//private async Task OnAuthorizationCodeReceivedAsync(AuthorizationCodeReceivedNotification notification)
//{
// // Get the signed in user's id and create a token cache
// string signedInUserId = notification.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value;
// SessionTokenStore tokenStore = new SessionTokenStore(signedInUserId,
// notification.OwinContext.Environment["System.Web.HttpContextBase"] as HttpContextBase);
// var idClient = new ConfidentialClientApplication(
// appId, redirectUri, new ClientCredential(appSecret), tokenStore.GetMsalCacheInstance(), null);
// try
// {
// string[] scopes = graphScopes.Split(' ');
// var result = await idClient.AcquireTokenByAuthorizationCodeAsync(
// notification.Code, scopes);
// var userDetails = await GraphHelper.GetUserDetailsAsync(result.AccessToken);
// var cachedUser = new CachedUser()
// {
// DisplayName = userDetails.DisplayName,
// Email = string.IsNullOrEmpty(userDetails.Mail) ?
// userDetails.UserPrincipalName : userDetails.Mail,
// Avatar = string.Empty
// };
// tokenStore.SaveUserDetails(cachedUser);
// }
// catch (MsalException ex)
// {
// string message = "AcquireTokenByAuthorizationCodeAsync threw an exception";
// notification.HandleResponse();
// notification.Response.Redirect($"/Home/Error?message={message}&debug={ex.Message}");
// }
// catch (Microsoft.Graph.ServiceException ex)
// {
// string message = "GetUserDetailsAsync threw an exception";
// notification.HandleResponse();
// notification.Response.Redirect($"/Home/Error?message={message}&debug={ex.Message}");
// }
//}
private async Task OnAuthorizationCodeReceivedAsync(AuthorizationCodeReceivedNotification notification)
{
var idClient = new ConfidentialClientApplication(
appId, redirectUri, new ClientCredential(appSecret), null, null);
string message;
string debug;
try
{
string[] scopes = graphScopes.Split(' ');
var result = await idClient.AcquireTokenByAuthorizationCodeAsync(
notification.Code, scopes);
var userDetails = await GraphHelper.GetUserDetailsAsync(result.AccessToken);
string email = string.IsNullOrEmpty(userDetails.Mail) ?
userDetails.UserPrincipalName : userDetails.Mail;
message = "User info retrieved.";
debug = $"User: {userDetails.DisplayName}, Email: {email}";
}
//try
//{
// string[] scopes = graphScopes.Split(' ');
// var result = await idClient.AcquireTokenByAuthorizationCodeAsync(
// notification.Code, scopes);
// message = "Access token retrieved.";
// debug = result.AccessToken;
//}
catch (MsalException ex)
{
message = "AcquireTokenByAuthorizationCodeAsync threw an exception";
debug = ex.Message;
}
notification.HandleResponse();
notification.Response.Redirect($"/Home/Error?message={message}&debug={debug}");
}
private static async Task ValidatePolicies(AuthorizationCodeReceivedNotification notification)
{
_debugLogger?.Invoke($"Validating policies with api: {VeracityApiUrl}");
var validator = ServiceProviderFactory?.Invoke()?.GetService(typeof(IPolicyValidation)) as IPolicyValidation;
if (validator != null)
{
var policy = ConfigurationManagerHelper.GetValueOnKey("serviceId").ContainsCharacters()
? await validator.ValidatePolicyWithServiceSpesificTerms(ConfigurationManagerHelper.GetValueOnKey("serviceId"), notification.RedirectUri)
: await validator.ValidatePolicy(notification.RedirectUri ?? _redirectUrl);
if (!policy.AllPoliciesValid)
{
_debugLogger?.Invoke($"policies validated, redirecting to {policy.RedirectUrl} for approval");
notification.Response.Redirect(policy.RedirectUrl);
notification.HandleResponse();
return;
}
}
_debugLogger?.Invoke($"policies validated");
}
private async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedNotification notification)
{
// Get the signed in user's id and create a token cache
string signedInUserId = notification.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value;
SessionTokenCache tokenCache = new SessionTokenCache(signedInUserId,
notification.OwinContext.Environment["System.Web.HttpContextBase"] as HttpContextBase);
ConfidentialClientApplication cca = new ConfidentialClientApplication(
appId, redirectUri, new ClientCredential(appSecret), tokenCache);
try
{
string[] scopes = { "User.Read", "Mail.Send" };
var result = await cca.AcquireTokenByAuthorizationCodeAsync(scopes, notification.Code);
}
catch (MsalException ex)
{
string message = "AcquireTokenByAuthorizationCodeAsync threw an exception";
notification.HandleResponse();
notification.Response.Redirect("/Error?message=" + message + "&debug=" + ex.Message);
}
}
public async Task HandleOpenIdAuthorizationCodeAsync(
AuthorizationCodeReceivedNotification authorizationCodeReceived)
{
string tokenAsBase64 =
JwtTokenHelper.CreateSecurityTokenDescriptor(authorizationCodeReceived.JwtSecurityToken.Claims,
_jwtOptions).CreateTokenAsBase64();
authorizationCodeReceived.AuthenticationTicket.Properties.RedirectUri +=
string.Format("&{0}={1}", _jwtOptions.JwtTokenParameterName, tokenAsBase64);
if (_createConsentOptions.CreateConsentAsync != null)
{
await _createConsentOptions.CreateConsentAsync(authorizationCodeReceived.Response,
new Uri(authorizationCodeReceived.AuthenticationTicket.Properties.RedirectUri));
authorizationCodeReceived.HandleResponse();
}
else
{
string implicitConsent = string.Format("&{0}={1}", _consentHandlerOptions.ConsentParameterName,
Uri.EscapeDataString("implicit"));
authorizationCodeReceived.AuthenticationTicket.Properties.RedirectUri += implicitConsent;
}
}
private async Task OnAuthorizationCodeReceivedAsync(AuthorizationCodeReceivedNotification notification)
{
var idClient = ConfidentialClientApplicationBuilder.Create(appId)
.WithRedirectUri(redirectUri)
.WithClientSecret(appSecret)
.Build();
var signedInUser = new ClaimsPrincipal(notification.AuthenticationTicket.Identity);
var tokenStore = new SessionTokenStore(idClient.UserTokenCache, HttpContext.Current, signedInUser);
try
{
string[] scopes = graphScopes.Split(' ');
var result = await idClient.AcquireTokenByAuthorizationCode(
scopes, notification.Code).ExecuteAsync();
var userDetails = await GraphHelper.GetUserDetailsAsync(result.AccessToken);
string profilePhoto;
try
{
var photo = await GraphHelper.GetUserPhotoAsync(result.AccessToken);
if (photo != null)
{
profilePhoto = "data:image/png;base64, " + Convert.ToBase64String(photo);
}
else
{
profilePhoto = null;
}
}
catch
{
profilePhoto = null;
}
var cachedUser = new CachedUser()
{
DisplayName = userDetails.DisplayName,
Email = userDetails.UserPrincipalName,
TenantID = result.TenantId,
Avatar = profilePhoto
};
tokenStore.SaveUserDetails(cachedUser);
}
catch (MsalException ex)
{
string message = "AcquireTokenByAuthorizationCodeAsync threw an exception";
notification.HandleResponse();
notification.Response.Redirect($"/Home/Error?message={message}&debug={ex.Message}");
}
catch (Microsoft.Graph.ServiceException ex)
{
string message = "GetUserDetailsAsync threw an exception";
notification.HandleResponse();
notification.Response.Redirect($"/Home/Error?message={message}&debug={ex.Message}");
}
}
private async Task OnAuthorizationCodeReceivedAsync(AuthorizationCodeReceivedNotification notification)
{
var idClient = ConfidentialClientApplicationBuilder.Create(appId)
.WithRedirectUri(redirectUri)
.WithClientSecret(appSecret)
.Build();
string message;
var signedInUser = new ClaimsPrincipal(notification.AuthenticationTicket.Identity);
var tokenStore = new SessionStore(idClient.UserTokenCache, HttpContext.Current, signedInUser);
try
{
string[] scopes = graphScopes.Split(' ');
var result = await idClient.AcquireTokenByAuthorizationCode(
scopes, notification.Code).ExecuteAsync();
var graphClient = new GraphServiceClient(
new DelegateAuthenticationProvider(
async(requestMessage) =>
{
requestMessage.Headers.Authorization =
new AuthenticationHeaderValue("Bearer", result.AccessToken);
}));
HttpCookie myCookie = new HttpCookie("myCookie");
myCookie.Domain = ".MailBoxIntegration.com";
//Add key-values in the cookie
//myCookie.Values.Add("userid", result.AccessToken);
myCookie.Value = result.AccessToken;
//set cookie expiry date-time. Made it to last for next 12 hours.
myCookie.Expires = DateTime.Now.AddHours(12);
//Most important, write the cookie to client.
HttpContext.Current.Response.Cookies.Add(myCookie);
//HttpCookie chk = new HttpCookie("chk");
//chk.Domain = ".MailBoxIntegration.com";
//chk.Name = "Token";
//chk.Value = result.AccessToken;
var userDetails = await graphClient.Me.Request().GetAsync();
//var userDetails = await GraphHelper.GetUserDetailsAsync(result.AccessToken);
var cachedUser = new CachedUser()
{
DisplayName = userDetails.DisplayName,
Email = (string.IsNullOrEmpty(userDetails.Mail) ? userDetails.UserPrincipalName : userDetails.Mail),
Avatar = string.Empty
};
tokenStore.SaveUserDetails(cachedUser);
}
catch (MsalException ex)
{
message = "AcquireTokenByAuthorizationCodeAsync threw an exception";
notification.HandleResponse();
notification.Response.Redirect($"/Home/Error?message={message}&debug={ex.Message}");
}
catch (Microsoft.Graph.ServiceException ex)
{
message = "GetUserDetailsAsync threw an exception";
notification.HandleResponse();
notification.Response.Redirect($"/Home/Error?message={message}&debug={ex.Message}");
}
}
// If the javascript issues an OIDC authorize reuest, and it succeeds, the user is already logged
// into AAD. Since the AAD session cookie has changed, we need to check if the same use is still
// logged in.
public static Task AuthorizationCodeRecieved(AuthorizationCodeReceivedNotification notification)
{
// If the successful authorize request was issued by the SingleSignOut javascript
if (notification.AuthenticationTicket.Properties.RedirectUri.Contains("SessionChanged"))
{
// Clear the SingleSignOut Cookie
ICookieManager cookieManager = new ChunkingCookieManager();
string cookie = cookieManager.GetRequestCookie(notification.OwinContext, CookieName);
AuthenticationTicket ticket = ticketDataFormat.Unprotect(cookie);
if (ticket.Properties.Dictionary != null)
ticket.Properties.Dictionary[OpenIdConnectAuthenticationDefaults.AuthenticationType + "SingleSignOut"] = "";
cookieManager.AppendResponseCookie(notification.OwinContext, CookieName, ticketDataFormat.Protect(ticket), new CookieOptions());
Claim existingUserObjectId = notification.OwinContext.Authentication.User.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier");
Claim incomingUserObjectId = notification.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier");
if (existingUserObjectId.Value != null && incomingUserObjectId != null)
{
// If a different user is logged into AAD
if(existingUserObjectId.Value != incomingUserObjectId.Value)
{
// No need to clear the session state here. It has already been
// updated with the new user's session state in SecurityTokenValidated.
notification.Response.Redirect("Account/SingleSignOut");
notification.HandleResponse();
}
// If the same user is logged into AAD
else if (existingUserObjectId.Value == incomingUserObjectId.Value)
{
// No need to clear the session state, SecurityTokenValidated will do so.
// Simply redirect the iframe to a page other than SingleSignOut to reset
// the timer in the javascript.
notification.Response.Redirect("/");
notification.HandleResponse();
}
}
}
return Task.FromResult<object>(null);
}
