private async Task InitializeAsync() { ConfidentialClientApplicationBuilder confClientBuilder = ConfidentialClientApplicationBuilder.Create(_options.ClientId).WithAuthority(_options.AuthorityHost.AbsoluteUri, _options.TenantId).WithHttpClientFactory(new HttpPipelineClientFactory(_options.Pipeline.HttpPipeline)); if (_options.Secret != null) { confClientBuilder.WithClientSecret(_options.Secret); } if (_options.CertificateProvider != null) { X509Certificate2 clientCertificate = await _options.CertificateProvider.GetCertificateAsync(true, default).ConfigureAwait(false); confClientBuilder.WithCertificate(clientCertificate); } _client = confClientBuilder.Build(); if (_options.AttachSharedCache) { StorageCreationProperties storageProperties = new StorageCreationPropertiesBuilder(Constants.DefaultMsalTokenCacheName, Constants.DefaultMsalTokenCacheDirectory, _options.ClientId) .WithMacKeyChain(Constants.DefaultMsalTokenCacheKeychainService, Constants.DefaultMsalTokenCacheKeychainAccount) .WithLinuxKeyring(Constants.DefaultMsalTokenCacheKeyringSchema, Constants.DefaultMsalTokenCacheKeyringCollection, Constants.DefaultMsalTokenCacheKeyringLabel, Constants.DefaultMsaltokenCacheKeyringAttribute1, Constants.DefaultMsaltokenCacheKeyringAttribute2) .Build(); MsalCacheHelper cacheHelper = await MsalCacheHelper.CreateAsync(storageProperties).ConfigureAwait(false); cacheHelper.RegisterCache(_client.UserTokenCache); } }
public async Task <ActionResult> Authorize() { ConfidentialClientApplicationBuilder clientBuilder = ConfidentialClientApplicationBuilder.Create(_azureAdOptions.ClientId); clientBuilder.WithClientSecret(_azureAdOptions.ClientSecret); clientBuilder.WithRedirectUri(LoginRedirectUri.ToString()); clientBuilder.WithAuthority(_azureAdOptions.Authority); ConfidentialClientApplication clientApp = (ConfidentialClientApplication)clientBuilder.Build(); string[] sassScopes = $"{_azureAdOptions.SaaSScopes}".Split(new[] { ' ' }); var authResultBuilder = clientApp.AcquireTokenByAuthorizationCode( sassScopes, HttpContext.Request.Query["code"].ToString() ); try { var authResult = await authResultBuilder.ExecuteAsync(); var offer = Offers.ContosoAppOffer; var activation = await _assignedUserService.Activate($"{_azureAdOptions.SaaSAPI}/{offer.OfferID}", authResult.AccessToken); ViewBag.Message = JsonConvert.SerializeObject( new { status = "success", activation = activation, accountName = authResult.Account.Username }); } catch (Exception e) { ViewBag.Message = JsonConvert.SerializeObject(new { status = "failure", error = e.Message }); } return(View()); }
protected override async ValueTask <IConfidentialClientApplication> CreateClientAsync(bool async, CancellationToken cancellationToken) { ConfidentialClientApplicationBuilder confClientBuilder = ConfidentialClientApplicationBuilder.Create(ClientId) .WithAuthority(Pipeline.AuthorityHost.AbsoluteUri, TenantId) .WithHttpClientFactory(new HttpPipelineClientFactory(Pipeline.HttpPipeline)) .WithLogging(AzureIdentityEventSource.Singleton.LogMsal, enablePiiLogging: LogPII); if (_clientSecret != null) { confClientBuilder.WithClientSecret(_clientSecret); } if (_certificateProvider != null) { X509Certificate2 clientCertificate = await _certificateProvider.GetCertificateAsync(async, cancellationToken).ConfigureAwait(false); confClientBuilder.WithCertificate(clientCertificate); } if (RegionalAuthority.HasValue) { confClientBuilder.WithAzureRegion(RegionalAuthority.Value.ToString()); } return(confClientBuilder.Build()); }
public async Task <ActionResult> Authorize() { ConfidentialClientApplicationBuilder clientBuilder = ConfidentialClientApplicationBuilder.Create(AzureADClientId); clientBuilder.WithClientSecret(AzureADClientSecret); clientBuilder.WithRedirectUri(loginRedirectUri.ToString()); clientBuilder.WithAuthority(AzureADAuthority); ConfidentialClientApplication clientApp = (ConfidentialClientApplication)clientBuilder.Build(); string[] sassScopes = $"{SaaSScopes}".Split(new[] { ' ' }); try { // Get and save the token. var authResultBuilder = clientApp.AcquireTokenByAuthorizationCode( sassScopes, Request.Params["code"] ); var authResult = await authResultBuilder.ExecuteAsync(); var activation = await _assignedUserService.Activate($"{SaaSAPI}/{OfferID}", authResult.AccessToken); ViewBag.accountName = authResult.Account.Username; return(View(activation)); } catch (Exception ex) { System.Diagnostics.Trace.WriteLine(ex.ToString()); } return(View()); }
/// <summary> /// Gets IdToken from implicit flow and sends it to main add-in window. /// </summary> /// <returns>The default view.</returns> public async Task <ActionResult> Authorize() { ConfidentialClientApplicationBuilder clientBuilder = ConfidentialClientApplicationBuilder.Create(Settings.AzureADClientId); clientBuilder.WithClientSecret(Settings.AzureADClientSecret); clientBuilder.WithRedirectUri(loginRedirectUri.ToString()); clientBuilder.WithAuthority(Settings.AzureADAuthority); ConfidentialClientApplication clientApp = (ConfidentialClientApplication)clientBuilder.Build(); string[] graphScopes = { "Files.Read.All", "User.Read" }; // Get and save the token. var authResultBuilder = clientApp.AcquireTokenByAuthorizationCode( graphScopes, Request.Params["code"] // The auth 'code' parameter from the Azure redirect. ); try { var authResult = await authResultBuilder.ExecuteAsync(); ViewBag.AccessToken = authResult.AccessToken; } catch (Exception e) { ViewBag.Error = e.Message; } return(View()); }
/// <summary> /// Logs the user into Office 365. /// </summary> /// <param name="authState">The login or logout status of the user.</param> /// <returns>A redirect to the Office 365 login page.</returns> public async Task <ActionResult> Login(string authState) { if (string.IsNullOrEmpty(Settings.AzureADClientId) || string.IsNullOrEmpty(Settings.AzureADClientSecret)) { ViewBag.Message = "Please set your client ID and client secret in the Web.config file"; return(View()); } // TODO: ADDED withAuth ConfidentialClientApplicationBuilder clientBuilder = ConfidentialClientApplicationBuilder.Create(Settings.AzureADClientId) .WithAuthority(Settings.AzureADAuthority) .WithClientSecret(Settings.AzureADClientSecret); ConfidentialClientApplication clientApp = (ConfidentialClientApplication)clientBuilder.Build(); // Generate the parameterized URL for Azure login. string[] graphScopes = { "Files.Read.All", "User.Read" }; var urlBuilder = clientApp.GetAuthorizationRequestUrl(graphScopes); urlBuilder.WithRedirectUri(loginRedirectUri.ToString()); urlBuilder.WithAuthority(Settings.AzureADAuthority); urlBuilder.WithExtraQueryParameters("state=" + authState); var authUrl = await urlBuilder.ExecuteAsync(System.Threading.CancellationToken.None); // Redirect the browser to the login page, then come back to the Authorize method below. return(Redirect(authUrl.ToString())); }
#pragma warning disable CS1998 // Async method lacks 'await' operators and will run synchronously protected override async ValueTask <IConfidentialClientApplication> CreateClientAsync(bool async, CancellationToken cancellationToken) #pragma warning restore CS1998 // Async method lacks 'await' operators and will run synchronously { ConfidentialClientApplicationBuilder confClientBuilder = ConfidentialClientApplicationBuilder.Create(ClientId).WithAuthority(Pipeline.AuthorityHost.AbsoluteUri, TenantId).WithHttpClientFactory(new HttpPipelineClientFactory(Pipeline.HttpPipeline)); confClientBuilder.WithClientAssertion(clientAssertion); return(confClientBuilder.Build()); }
public HttpResponseMessage Token(Token body) { if (string.IsNullOrEmpty(body.UserToken)) { return(SendErrorToClient(HttpStatusCode.InternalServerError, null, "No token provided")); } UserAssertion userAssertion = new UserAssertion(body.UserToken); // Get the access token for MS Graph. ConfidentialClientApplicationBuilder b = ConfidentialClientApplicationBuilder.Create(ConfigurationManager.AppSettings["ida:ClientID"]); b.WithClientSecret(ConfigurationManager.AppSettings["ida:Password"]).WithRedirectUri(ConfigurationManager.AppSettings["ida:RedirectUri"]); IConfidentialClientApplication cca = b.Build(); //string[] graphScopes = { "user.read", "files.read.all", "mail.read", "calendars.read" }; string[] graphScopes = { "Mail.Read", "Files.Read.All", "Calendars.Read" }; AuthenticationResult result = null; try { // The AcquireTokenOnBehalfOfAsync method will first look in the MSAL in memory cache for a // matching access token. Only if there isn't one, does it initiate the "on behalf of" flow // with the Azure AD V2 endpoint. result = cca.AcquireTokenOnBehalfOf(graphScopes, userAssertion).ExecuteAsync().Result; } catch (MsalServiceException e) { if (e.Message.StartsWith("AADSTS50076")) { string responseMessage = String.Format("{{\"AADError\":\"AADSTS50076\",\"Claims\":{0}}}", e.Claims); return(SendErrorToClient(HttpStatusCode.InternalServerError, e, responseMessage)); } if ((e.Message.StartsWith("AADSTS65001")) || (e.Message.StartsWith("AADSTS70011: The provided value for the input parameter 'scope' is not valid."))) { return(SendErrorToClient(HttpStatusCode.InternalServerError, e, e.Message)); } return(SendErrorToClient(HttpStatusCode.InternalServerError, e, e.Message)); } HttpRequestMessage requestMessage = new HttpRequestMessage(); var configuration = new HttpConfiguration(); requestMessage.Properties[System.Web.Http.Hosting.HttpPropertyKeys.HttpConfigurationKey] = configuration; HttpResponseMessage tokenMessage = requestMessage.CreateResponse(HttpStatusCode.OK, result.AccessToken); return(tokenMessage); }
/// <summary> /// Authenticate using MS Identity Library /// </summary> /// <returns></returns> private async Task <AuthenticationResult> AuthenticateViaMsal() { ConfidentialClientApplicationBuilder builder = ConfidentialClientApplicationBuilder.Create(_AzureADConfig.ClientId); //builder.WithTenantId(_AzureADConfig.TenantId); builder.WithClientSecret(_AzureADConfig.ClientSecret); IConfidentialClientApplication app = builder.Build(); // Acquire Token string[] scopes = new string[] { _CustomerApiConfig.Scope }; return(await app.AcquireTokenForClient(scopes).WithAuthority(CreateOAuthEndPoint(), true).ExecuteAsync()); }
protected override async ValueTask <IConfidentialClientApplication> CreateClientAsync(bool async, CancellationToken cancellationToken) { ConfidentialClientApplicationBuilder confClientBuilder = ConfidentialClientApplicationBuilder.Create(ClientId).WithAuthority(Pipeline.AuthorityHost.AbsoluteUri, TenantId).WithHttpClientFactory(new HttpPipelineClientFactory(Pipeline.HttpPipeline)); if (_clientSecret != null) { confClientBuilder.WithClientSecret(_clientSecret); } if (_certificateProvider != null) { X509Certificate2 clientCertificate = await _certificateProvider.GetCertificateAsync(async, cancellationToken).ConfigureAwait(false); confClientBuilder.WithCertificate(clientCertificate); } return(confClientBuilder.Build()); }
/// <summary> /// Authorizes the web application (not the user) to access Microsoft Graph resources by using /// the Authorization Code flow of OAuth. /// </summary> /// <returns>The default view.</returns> public async Task <ActionResult> Authorize() { ConfidentialClientApplicationBuilder clientBuilder = ConfidentialClientApplicationBuilder.Create(Settings.AzureADClientId); clientBuilder.WithClientSecret(Settings.AzureADClientSecret); clientBuilder.WithRedirectUri(loginRedirectUri.ToString()); clientBuilder.WithAuthority(Settings.AzureADAuthority); ConfidentialClientApplication clientApp = (ConfidentialClientApplication)clientBuilder.Build(); string[] graphScopes = { "Files.Read.All", "User.Read" }; var authStateString = Request.QueryString["state"]; var authState = JsonConvert.DeserializeObject <AuthState>(authStateString); try { // Get and save the token. var authResultBuilder = clientApp.AcquireTokenByAuthorizationCode( graphScopes, Request.Params["code"] // The auth 'code' parameter from the Azure redirect. ); var authResult = await authResultBuilder.ExecuteAsync(); await SaveAuthToken(authState, authResult); authState.authStatus = "success"; } catch (Exception ex) { System.Diagnostics.Trace.WriteLine(ex.ToString()); authState.authStatus = "failure"; } // Instead of doing a server-side redirect, we have to do a client-side redirect to get around // some issues with the display dialog API not getting properly wired up after a server-side redirect var redirectUrl = Url.Action(nameof(AuthorizeComplete), new { authState = JsonConvert.SerializeObject(authState) }); ViewBag.redirectUrl = redirectUrl; return(View()); }
protected override async ValueTask <IConfidentialClientApplication> CreateClientAsync(bool async, CancellationToken cancellationToken) { ConfidentialClientApplicationBuilder confClientBuilder = ConfidentialClientApplicationBuilder.Create(ClientId) .WithAuthority(Pipeline.AuthorityHost.AbsoluteUri, TenantId) .WithHttpClientFactory(new HttpPipelineClientFactory(Pipeline.HttpPipeline)) .WithLogging(LogMsal, enablePiiLogging: IsPiiLoggingEnabled); if (_clientSecret != null) { confClientBuilder.WithClientSecret(_clientSecret); } if (_assertionCallback != null) { confClientBuilder.WithClientAssertion(_assertionCallback); } if (_asyncAssertionCallback != null) { confClientBuilder.WithClientAssertion(_asyncAssertionCallback); } if (_certificateProvider != null) { X509Certificate2 clientCertificate = await _certificateProvider.GetCertificateAsync(async, cancellationToken).ConfigureAwait(false); confClientBuilder.WithCertificate(clientCertificate); } if (RegionalAuthority.HasValue) { confClientBuilder.WithAzureRegion(RegionalAuthority.Value.ToString()); } if (!string.IsNullOrEmpty(RedirectUrl)) { confClientBuilder.WithRedirectUri(RedirectUrl); } return(confClientBuilder.Build()); }
public async Task <ActionResult> Login() { if (string.IsNullOrEmpty(_azureAdOptions.ClientId) || string.IsNullOrEmpty(_azureAdOptions.ClientSecret)) { ViewBag.Message = "Please set your client ID and client secret in the Web.config file"; return(View()); } ConfidentialClientApplicationBuilder clientBuilder = ConfidentialClientApplicationBuilder.Create(_azureAdOptions.ClientId); ConfidentialClientApplication clientApp = (ConfidentialClientApplication)clientBuilder.Build(); string[] graphScopes = { "profile" }; var urlBuilder = clientApp.GetAuthorizationRequestUrl(graphScopes); urlBuilder.WithRedirectUri(LoginRedirectUri.ToString()); urlBuilder.WithAuthority(_azureAdOptions.Authority); var authUrl = await urlBuilder.ExecuteAsync(System.Threading.CancellationToken.None); return(Redirect(authUrl.ToString())); }