public void CacheSynchronizationWithDefault()
        {
            var options = new ConfidentialClientApplicationOptions()
            {
                ClientSecret = "secret",
                ClientId     = TestConstants.ClientId,
            };
            var app = ConfidentialClientApplicationBuilder.CreateWithApplicationOptions(options).Build();

            Assert.IsTrue((app.AppConfig as ApplicationConfiguration).CacheSynchronizationEnabled);

            options = new ConfidentialClientApplicationOptions
            {
                ClientId     = TestConstants.ClientId,
                ClientSecret = "secret",
                EnableCacheSynchronization = false
            };
            app = ConfidentialClientApplicationBuilder.CreateWithApplicationOptions(options).Build();
            Assert.AreEqual(false, (app.AppConfig as ApplicationConfiguration).CacheSynchronizationEnabled);

            options = new ConfidentialClientApplicationOptions
            {
                ClientId     = TestConstants.ClientId,
                ClientSecret = "secret",
                EnableCacheSynchronization = true
            };
            app = ConfidentialClientApplicationBuilder.CreateWithApplicationOptions(options).Build();
            Assert.AreEqual(true, (app.AppConfig as ApplicationConfiguration).CacheSynchronizationEnabled);
        }
        private IConfidentialClientApplication GetOrCreateApplication()
        {
            if (_application == null)
            {
                lock (_applicationSyncObj)
                {
                    if (_application == null)
                    {
                        var options = new ConfidentialClientApplicationOptions()
                        {
                            ClientId     = AppServicesAuthenticationInformation.ClientId,
                            ClientSecret = AppServicesAuthenticationInformation.ClientSecret,
                            Instance     = AppServicesAuthenticationInformation.Issuer,
                        };
                        _application = ConfidentialClientApplicationBuilder.CreateWithApplicationOptions(options)
                                       .WithHttpClientFactory(_httpClientFactory)
                                       .Build();
                        _tokenCacheProvider.Initialize(_application.AppTokenCache);
                        _tokenCacheProvider.Initialize(_application.UserTokenCache);
                    }
                }
            }

            return(_application);
        }
コード例 #3
0
        /// <summary>
        /// Creates an MSAL Confidential client application
        /// </summary>
        /// <param name="httpContext"></param>
        /// <param name="claimsPrincipal"></param>
        /// <returns></returns>
        private IConfidentialClientApplication BuildConfidentialClientApplication(
            HttpContext httpContext,
            ClaimsPrincipal claimsPrincipal)
        {
            var    request    = httpContext.Request;
            string currentUri = UriHelper.BuildAbsolute(
                request.Scheme,
                request.Host,
                request.PathBase,
                _azureAdOptions.CallbackPath ?? string.Empty);

            string authority = $"{_azureAdOptions.Instance}{_azureAdOptions.TenantId}/";

            var app = ConfidentialClientApplicationBuilder
                      .CreateWithApplicationOptions(_applicationOptions)
                      .WithRedirectUri(currentUri)
                      .WithAuthority(authority)
                      .Build();

            // Initialize token cache providers
            if (_appTokenCacheProvider != null)
            {
                _appTokenCacheProvider.Initialize(app.AppTokenCache, httpContext);
            }

            if (_userTokenCacheProvider != null)
            {
                _userTokenCacheProvider.Initialize(app.UserTokenCache, httpContext, claimsPrincipal);
            }

            return(app);
        }
        /// <summary>
        /// Creates an MSAL Confidential client application
        /// </summary>
        /// <param name="claimsPrincipal"></param>
        /// <returns></returns>
        private IConfidentialClientApplication BuildConfidentialClientApplication()
        {
            var    request            = CurrentHttpContext.Request;
            var    azureAdOptions     = _azureAdOptions;
            var    applicationOptions = _applicationOptions;
            string currentUri         = UriHelper.BuildAbsolute(
                request.Scheme,
                request.Host,
                request.PathBase,
                azureAdOptions.CallbackPath ?? string.Empty);

            string authority = $"{applicationOptions.Instance}{applicationOptions.TenantId}/";

            var app = ConfidentialClientApplicationBuilder
                      .CreateWithApplicationOptions(applicationOptions)
                      .WithRedirectUri(currentUri)
                      .WithAuthority(authority)
                      .Build();

            // Initialize token cache providers
            _tokenCacheProvider?.InitializeAsync(app.AppTokenCache);
            _tokenCacheProvider?.InitializeAsync(app.UserTokenCache);

            return(app);
        }
コード例 #5
0
        public void VerifyCorrectAuthorityUsedInTokenAcquisitionTests(string tenant)
        {
            _microsoftIdentityOptions = new MicrosoftIdentityOptions
            {
                Authority    = TestConstants.AuthorityCommonTenant,
                ClientId     = TestConstants.ConfidentialClientId,
                CallbackPath = string.Empty,
            };

            BuildTheRequiredServices();
            InitializeTokenAcquisitionObjects();
            IConfidentialClientApplication app = ConfidentialClientApplicationBuilder
                                                 .CreateWithApplicationOptions(_applicationOptions)
                                                 .WithAuthority(TestConstants.AuthorityCommonTenant).Build();

            if (!string.IsNullOrEmpty(tenant))
            {
                Assert.Equal(
                    string.Format(
                        CultureInfo.InvariantCulture, "{0}/{1}/", TestConstants.AadInstance, tenant),
                    _tokenAcquisition.CreateAuthorityBasedOnTenantIfProvided(
                        app,
                        tenant));
            }
            else
            {
                Assert.Equal(app.Authority, _tokenAcquisition.CreateAuthorityBasedOnTenantIfProvided(app, tenant));
            }
        }
コード例 #6
0
        /// <summary>
        /// Creates an MSAL Confidential client application.
        /// </summary>
        private async Task <IConfidentialClientApplication> BuildConfidentialClientApplicationAsync()
        {
            if (!_applicationOptions.Instance.EndsWith("/", StringComparison.InvariantCulture))
            {
                _applicationOptions.Instance += "/";
            }

            string authority;
            IConfidentialClientApplication app;

            MicrosoftIdentityOptionsValidation microsoftIdentityOptionsValidation = new MicrosoftIdentityOptionsValidation();

            if (microsoftIdentityOptionsValidation.ValidateClientSecret(_applicationOptions).Failed)
            {
                string msg = string.Format(CultureInfo.InvariantCulture, "Client secret cannot be null or whitespace, " +
                                           "and must be included in the configuration of the web app when calling a web API. " +
                                           "For instance, in the appsettings.json file. ");

                _logger.LogInformation(msg);
                throw new MsalClientException(
                          "missing_client_credentials",
                          msg);
            }

            try
            {
                var builder = ConfidentialClientApplicationBuilder
                              .CreateWithApplicationOptions(_applicationOptions)
                              .WithRedirectUri(CreateRedirectUri())
                              .WithHttpClientFactory(_httpClientFactory);

                if (_microsoftIdentityOptions.IsB2C)
                {
                    authority = $"{ _applicationOptions.Instance}tfp/{_microsoftIdentityOptions.Domain}/{_microsoftIdentityOptions.DefaultUserFlow}";
                    builder.WithB2CAuthority(authority);
                    app = builder.Build();
                }
                else
                {
                    authority = $"{ _applicationOptions.Instance}{_applicationOptions.TenantId}/";
                    builder.WithAuthority(authority);
                    app = builder.Build();
                }

                // Initialize token cache providers
                await _tokenCacheProvider.InitializeAsync(app.AppTokenCache).ConfigureAwait(false);

                await _tokenCacheProvider.InitializeAsync(app.UserTokenCache).ConfigureAwait(false);

                return(app);
            }
            catch (Exception ex)
            {
                _logger.LogInformation(
                    ex,
                    string.Format(CultureInfo.InvariantCulture,
                                  "Exception acquiring token for a confidential client. "));
                throw;
            }
        }
コード例 #7
0
        private void TestBuildConfidentialClientFromOptions(ConfidentialClientApplicationOptions options)
        {
            var app           = ConfidentialClientApplicationBuilder.CreateWithApplicationOptions(options).Build();
            var authorityInfo = ((ConfidentialClientApplication)app).ServiceBundle.Config.AuthorityInfo;

            Assert.AreEqual("https://login.microsoftonline.com/the_tenant_id/", authorityInfo.CanonicalAuthority);
        }
コード例 #8
0
        private IConfidentialClientApplication BuildConfidentialClientApplication()
        {
            //use MSAL for v2.0
            //https://docs.microsoft.com/bs-latn-ba/azure/active-directory/develop/msal-net-instantiate-confidential-client-config-options
            //https://joonasw.net/view/azure-ad-v2-and-msal-from-dev-pov
            //https://securecloud.blog/2019/05/22/azure-api-management-jwt-validation-for-multiple-azure-ad-partner-registrations/
            //https://thomaslevesque.com/2018/12/24/multitenant-azure-ad-issuer-validation-in-asp-net-core/
            //https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant

            var request    = _httpContext.HttpContext.Request;
            var currentUri = UriHelper.BuildAbsolute(request.Scheme, request.Host, request.PathBase, request.Path);
            var co         = new ConfidentialClientApplicationOptions
            {
                Instance     = "https://login.microsoftonline.com/",
                TenantId     = "common",
                ClientId     = "b021b14e-1671-4fe6-b7cc-0a67a248543f",
                ClientSecret = "Ushs_5=SuttP50l7ZEovc?l]1[H3Z9k1",
                RedirectUri  = currentUri
            };

            var app = ConfidentialClientApplicationBuilder.CreateWithApplicationOptions(co)
                      .Build();

            _cache.ConfigureCache(app);

            return(app);
        }
コード例 #9
0
        public async Task <TokenTenant> GetGraphToken(string domain)
        {
            try
            {
                var tenantId = await GetTenantId(domain);

                var daemonClient = ConfidentialClientApplicationBuilder.CreateWithApplicationOptions(new ConfidentialClientApplicationOptions()
                {
                    ClientId = bottySettings.AppId, ClientSecret = bottySettings.AppSecrets, TenantId = tenantId, RedirectUri = bottySettings.Url
                }).Build();

                var authResult = await daemonClient.AcquireTokenForClient(new string[] { msGraphScope }).ExecuteAsync();

                var token = new TokenTenant()
                {
                    Token = authResult.AccessToken, ExpireDate = authResult.ExpiresOn.DateTime
                };

                return(token);
            }
            catch (Exception e)
            {
                return(null);
            }
        }
コード例 #10
0
        public static async Task Main(string[] args)
        {
            var builder = new ConfigurationBuilder()
                          .AddJsonFile($"appsettings.json", true, true);

            var configuration        = builder.Build();
            var azureAdConfiguration = configuration.GetSection("AzureAd");
            var options = new ConfidentialClientApplicationOptions()
            {
                ClientId     = azureAdConfiguration["ClientId"],
                ClientSecret = azureAdConfiguration["ClientSecret"],
                Instance     = azureAdConfiguration["Instance"],
                TenantId     = azureAdConfiguration["TenantId"]
            };

            var confidentialClientApplication = ConfidentialClientApplicationBuilder
                                                .CreateWithApplicationOptions(options)
                                                .Build();
            var authenticationResult = await confidentialClientApplication.AcquireTokenForClient(new string[] { "https://graph.microsoft.com/.default" }).ExecuteAsync();

            var accessToken = authenticationResult.AccessToken;

            Console.WriteLine(accessToken);

            var httpClient = new HttpClient()
            {
                BaseAddress = new Uri("https://graph.microsoft.com")
            };

            httpClient.SetBearerToken(accessToken);
            using var request = new HttpRequestMessage
                  {
                      Method     = new HttpMethod("GET"),
                      RequestUri = new Uri("v1.0/users", UriKind.RelativeOrAbsolute)
                  };

            var response = await httpClient.SendAsync(request, HttpCompletionOption.ResponseHeadersRead, default);

            if (response.StatusCode != HttpStatusCode.OK)
            {
                Console.WriteLine(response.ToString());
            }

            using var responseStream = await response.Content.ReadAsStreamAsync();

            using var streamReader   = new StreamReader(responseStream);
            using var jsonTextReader = new JsonTextReader(streamReader);
            var serializer  = JsonSerializer.Create();
            var userReponse = serializer.Deserialize <UserResponse>(jsonTextReader);
            var users       = userReponse.Users;

            users.ForEach(user =>
            {
                Console.WriteLine(JsonConvert.SerializeObject(user, Formatting.Indented));
            });

            Console.WriteLine("Press any key to exit...");
            Console.Read();
        }
コード例 #11
0
        private static async Task RunAsync(string[] args)
        {
            // Load configuration.
            var configuration = new ConfigurationBuilder()
                                .AddJsonFile("appsettings.json", optional: false)
                                .AddUserSecrets <Program>(optional: true)
                                .AddEnvironmentVariables()
                                .AddCommandLine(args)
                                .Build();
            var sampleApiRootUrl = configuration.GetValue <string>("SampleApiRootUrl");
            var sampleApiScope   = configuration.GetValue <string>("AzureAd:Scope");
            var confidentialClientApplicationOptions = new ConfidentialClientApplicationOptions();

            configuration.Bind("AzureAd", confidentialClientApplicationOptions);
            var scopes = new[] { sampleApiScope }; // The client credentials flow ALWAYS uses the "/.default" scope.

            while (true)
            {
                try
                {
                    Console.WriteLine("A - Call API using a client secret");
                    Console.Write("Type your choice and press Enter: ");
                    var choice = Console.ReadLine();
                    if (string.Equals(choice, "A", StringComparison.InvariantCultureIgnoreCase))
                    {
                        // Retrieve an access token to call the back-end Web API using a client secret
                        // representing this application (rather than a user).
                        var confidentialClientApplication = ConfidentialClientApplicationBuilder.CreateWithApplicationOptions(confidentialClientApplicationOptions).Build();
                        var token = await confidentialClientApplication.AcquireTokenForClient(scopes).ExecuteAsync();

                        // Put the access token on the authorization header by default.
                        var client = new HttpClient();
                        client.BaseAddress = new Uri(sampleApiRootUrl);
                        client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token.AccessToken);

                        // Call the back-end Web API using the bearer access token.
                        var response = await client.GetAsync("api/identity");

                        response.EnsureSuccessStatusCode();

                        // Deserialize the response into an IdentityInfo instance.
                        var apiResponse = await response.Content.ReadAsStringAsync();

                        Console.WriteLine("Web API call was successful, raw response:");
                        Console.WriteLine(apiResponse);
                    }
                    else
                    {
                        break;
                    }
                    Console.WriteLine();
                }
                catch (Exception exc)
                {
                    Console.WriteLine(exc.ToString());
                }
            }
        }
コード例 #12
0
        /// <summary>
        /// Creates an MSAL Confidential client application.
        /// </summary>
        private async Task <IConfidentialClientApplication> BuildConfidentialClientApplicationAsync()
        {
            if (!_applicationOptions.Instance.EndsWith("/", StringComparison.InvariantCulture))
            {
                _applicationOptions.Instance += "/";
            }

            string authority;
            IConfidentialClientApplication app;

            MicrosoftIdentityOptionsValidation microsoftIdentityOptionsValidation = new MicrosoftIdentityOptionsValidation();

            microsoftIdentityOptionsValidation.ValidateEitherClientCertificateOrClientSecret(
                _applicationOptions.ClientSecret,
                _microsoftIdentityOptions.ClientCertificates);

            try
            {
                var builder = ConfidentialClientApplicationBuilder
                              .CreateWithApplicationOptions(_applicationOptions)
                              .WithRedirectUri(CreateRedirectUri())
                              .WithHttpClientFactory(_httpClientFactory);

                if (_microsoftIdentityOptions.IsB2C)
                {
                    authority = $"{_applicationOptions.Instance}tfp/{_microsoftIdentityOptions.Domain}/{_microsoftIdentityOptions.DefaultUserFlow}";
                    builder.WithB2CAuthority(authority);
                }
                else
                {
                    authority = $"{_applicationOptions.Instance}{_applicationOptions.TenantId}/";
                    builder.WithAuthority(authority);
                }

                if (_microsoftIdentityOptions.ClientCertificates != null)
                {
                    X509Certificate2 certificate = DefaultCertificateLoader.LoadFirstCertificate(_microsoftIdentityOptions.ClientCertificates);
                    builder.WithCertificate(certificate);
                }

                app = builder.Build();
                // Initialize token cache providers
                await _tokenCacheProvider.InitializeAsync(app.AppTokenCache).ConfigureAwait(false);

                await _tokenCacheProvider.InitializeAsync(app.UserTokenCache).ConfigureAwait(false);

                return(app);
            }
            catch (Exception ex)
            {
                _logger.LogInformation(
                    ex,
                    string.Format(
                        CultureInfo.InvariantCulture,
                        "Exception acquiring token for a confidential client. "));
                throw;
            }
        }
コード例 #13
0
 public IConfidentialClientApplication GetApplication()
 {
     if (_application == null)
     {
         _application = ConfidentialClientApplicationBuilder
                        .CreateWithApplicationOptions(_applicationOptions)
                        .Build();
     }
     return(_application);
 }
コード例 #14
0
        public MsalClientCredentialsProvider(IConfiguration configuration)
        {
            var scopes = configuration["Scopes"];

            _scopes = scopes.Split(new char[0], StringSplitOptions.RemoveEmptyEntries);

            var options = new ConfidentialClientApplicationOptions();

            configuration.Bind("AzureAd", options);
            _app = ConfidentialClientApplicationBuilder.CreateWithApplicationOptions(options).Build();
        }
        public void CacheSynchronizationNoDefault(bool optionFlag, bool builderFlag, bool result)
        {
            var options = new ConfidentialClientApplicationOptions
            {
                ClientSecret = "secret",
                ClientId     = TestConstants.ClientId,
                EnableCacheSynchronization = optionFlag
            };
            var app = ConfidentialClientApplicationBuilder.CreateWithApplicationOptions(options).WithCacheSynchronization(builderFlag).Build();

            Assert.AreEqual(result, (app.AppConfig as ApplicationConfiguration).CacheSynchronizationEnabled);
        }
コード例 #16
0
        /// <summary>
        /// Creates an MSAL Confidential client application
        /// </summary>
        /// <param name="claimsPrincipal"></param>
        /// <returns></returns>
        private async Task <IConfidentialClientApplication> BuildConfidentialClientApplicationAsync()
        {
            var    request    = CurrentHttpContext.Request;
            string currentUri = UriHelper.BuildAbsolute(
                request.Scheme,
                request.Host,
                request.PathBase,
                _microsoftIdentityOptions.CallbackPath.Value ?? string.Empty);

            if (!_applicationOptions.Instance.EndsWith("/"))
            {
                _applicationOptions.Instance += "/";
            }

            string authority;
            IConfidentialClientApplication app;

            try
            {
                if (_microsoftIdentityOptions.IsB2C)
                {
                    authority = $"{ _applicationOptions.Instance}tfp/{_microsoftIdentityOptions.Domain}/{_microsoftIdentityOptions.DefaultUserFlow}";
                    app       = ConfidentialClientApplicationBuilder
                                .CreateWithApplicationOptions(_applicationOptions)
                                .WithRedirectUri(currentUri)
                                .WithB2CAuthority(authority)
                                .Build();
                }
                else
                {
                    authority = $"{ _applicationOptions.Instance}{_applicationOptions.TenantId}/";

                    app = ConfidentialClientApplicationBuilder
                          .CreateWithApplicationOptions(_applicationOptions)
                          .WithRedirectUri(currentUri)
                          .WithAuthority(authority)
                          .Build();
                }

                // Initialize token cache providers
                await _tokenCacheProvider.InitializeAsync(app.AppTokenCache).ConfigureAwait(false);

                await _tokenCacheProvider.InitializeAsync(app.UserTokenCache).ConfigureAwait(false);

                return(app);
            }
            catch (Exception ex)
            {
                _logger.LogInformation(ex, "Exception acquiring token for a confidential client. ");
                throw;
            }
        }
コード例 #17
0
        /// <summary>
        /// Creates an MSAL Confidential client application
        /// </summary>
        /// <param name="httpContext"></param>
        /// <param name="claimsPrincipal"></param>
        /// <param name="authenticationProperties"></param>
        /// <param name="signInScheme"></param>
        /// <returns></returns>
        private IConfidentialClientApplication CreateApplication(HttpContext httpContext, ClaimsPrincipal claimsPrincipal)
        {
            var    request    = httpContext.Request;
            string currentUri = UriHelper.BuildAbsolute(request.Scheme, request.Host, request.PathBase, azureAdOptions.CallbackPath ?? string.Empty);
            string authority  = $"{azureAdOptions.Instance}{azureAdOptions.TenantId}/";
            var    app        = ConfidentialClientApplicationBuilder.CreateWithApplicationOptions(_applicationOptions)
                                .WithRedirectUri(currentUri)
                                .WithAuthority(authority)
                                .Build();

            tokenCacheProvider.EnableSerialization(app.UserTokenCache, httpContext, claimsPrincipal);
            return(app);
        }
コード例 #18
0
        public static async Task <IActionResult> Run([HttpTrigger(AuthorizationLevel.Function, "POST")] HttpRequest req, ILogger log)
        {
            try
            {
                var serializer = new JsonSerializer();
                var message    = serializer.Deserialize <JToken>(new JsonTextReader(new StreamReader(req.Body)));
                var values     = JToken.FromObject(new[]
                {
                    new[]
                    {
                        message.Value <string>("name"),
                        message.Value <string>("rating"),
                        message.Value <string>("comment")
                    }
                });

                var clientApplicationOptions = new ConfidentialClientApplicationOptions()
                {
                    TenantId     = GraphTenantId,
                    ClientId     = GraphClientId,
                    ClientSecret = GraphClientSecret,
                };
                var clientApplicationBuilder = ConfidentialClientApplicationBuilder.CreateWithApplicationOptions(clientApplicationOptions);
                var clientApplication        = clientApplicationBuilder.Build();
                var authenticationResult     = await clientApplication.AcquireTokenForClient(GraphScope).ExecuteAsync();

                var graphClient = new GraphServiceClient(new DelegateAuthenticationProvider(async msg =>
                {
                    await Task.Run(() =>
                    {
                        msg.Headers.Authorization = new AuthenticationHeaderValue("Bearer", authenticationResult.AccessToken);
                    });
                }));

                var o4bUser       = graphClient.Users[O4BUserPrincipalName];
                var o4bExcelFile  = o4bUser.Drive.Root.ItemWithPath(O4BExcelFileName);
                var o4bExcelTable = o4bExcelFile.Workbook.Tables[O4BExcelTableName];
                await o4bExcelTable.Rows.Add(values : values).Request().PostAsync();

                req.HttpContext.Response.Headers.Add("CARD-ACTION-STATUS", "Responding to the survey was succeeded.");
                return(new OkResult());
            }
            catch (Exception ex)
            {
                log.LogError(ex.ToString());

                req.HttpContext.Response.Headers.Add("CARD-ACTION-STATUS", "Responding to the survey was failed.");
                return(new OkResult());
            }
        }
コード例 #19
0
ファイル: Startup.cs プロジェクト: ericmqt/b2csamples
        private void SetupGraphClient(string sectionName, HttpClient c)
        {
            var options = new ConfidentialClientApplicationOptions();

            Configuration.Bind(sectionName, options);
            var msal = ConfidentialClientApplicationBuilder
                       .CreateWithApplicationOptions(options)
                       .Build();
            var tokens = msal.AcquireTokenForClient(new string[] { "https://graph.microsoft.com/.default" }).ExecuteAsync().Result;

            c.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", tokens.AccessToken);
            c.BaseAddress = new Uri("https://graph.microsoft.com/v1.0/");
            c.DefaultRequestHeaders.Add("Accept", "application/json");
        }
コード例 #20
0
        public void TestBuildWithNoClientSecretButUsingCert()
        {
            var options = new ConfidentialClientApplicationOptions()
            {
                ClientId = TestConstants.ClientId,
                TenantId = "the_tenant_id",
                Instance = "https://login.microsoftonline.com"
            };

            var app           = ConfidentialClientApplicationBuilder.CreateWithApplicationOptions(options).Build();
            var authorityInfo = ((ConfidentialClientApplication)app).ServiceBundle.Config.AuthorityInfo;

            Assert.AreEqual("https://login.microsoftonline.com/the_tenant_id/", authorityInfo.CanonicalAuthority);
        }
コード例 #21
0
        public async Task <IActionResult> AuthorizeAsync()
        {
            // 認証を行うための URL にリダイレクトします
            var clientApplicationOptions = new ConfidentialClientApplicationOptions()
            {
                TenantId     = GraphTenantId,
                ClientId     = GraphClientId,
                ClientSecret = GraphClientSecret,
                RedirectUri  = RedirectUrl
            };
            var clientApplicationBuilder = ConfidentialClientApplicationBuilder.CreateWithApplicationOptions(clientApplicationOptions);
            var clientApplication        = clientApplicationBuilder.Build();
            var requestUrl = await clientApplication.GetAuthorizationRequestUrl(GraphScope).ExecuteAsync();

            return(this.Redirect(requestUrl.ToString()));
        }
コード例 #22
0
        public static IServiceCollection AddEmployerUsersClient(this IServiceCollection services,
                                                                IConfiguration configuration)
        {
            var employerUsersConfig = configuration.GetSection("EmployerUsersApi").Get <EmployerUsersConfiguration>();

            services.Configure <EmployerUsersConfiguration>(configuration.GetSection("EmployerUsersApi").Bind);


            _applicationOptions = new ConfidentialClientApplicationOptions();
            configuration.Bind("EmployerUsersApi", _applicationOptions);

            services.AddSingleton <IConfidentialClientApplication, ConfidentialClientApplication>(x =>
            {
                var app = ConfidentialClientApplicationBuilder.CreateWithApplicationOptions(_applicationOptions)
                          .Build();
                return(app as ConfidentialClientApplication);
            });

            services.AddTransient <ActiveDirectoryHttpClientHandler>(x =>
                                                                     new ActiveDirectoryHttpClientHandler(x.GetRequiredService <IConfidentialClientApplication>(),
                                                                                                          employerUsersConfig.Identifier));

            services.AddTransient <AzureAppAuthenticationHttpClientHandler>(x =>
                                                                            new AzureAppAuthenticationHttpClientHandler(employerUsersConfig.Identifier,
                                                                                                                        x.GetRequiredService <ILogger <AzureAppAuthenticationHttpClientHandler> >()));

            var httpBuilder = services.AddRefitClient <IEmployerUsersApiClient>()
                              .ConfigureHttpClient(c => c.BaseAddress = new Uri(employerUsersConfig.ApiBaseUrl));

            var githubClientBuilder = services.AddRefitClient <IGithubRepository>()
                                      .ConfigureHttpClient(c => c.BaseAddress = new Uri("https://raw.githubusercontent.com/"));

            var environment = configuration.GetValue <string>("ASPNETCORE_ENVIRONMENT");

            if (environment == "Development")
            {
                httpBuilder.AddHttpMessageHandler <ActiveDirectoryHttpClientHandler>();
            }
            else
            {
                httpBuilder.AddHttpMessageHandler <AzureAppAuthenticationHttpClientHandler>();
            }



            return(services);
        }
        public void CacheSynchronizationWithDefaultCCA()
        {
            //Validate CacheSynchronizationEnabled when app is created from ApplicaitonOptions for CCA
            var options = new ConfidentialClientApplicationOptions()
            {
                ClientSecret = "secret",
                ClientId     = TestConstants.ClientId,
            };
            var app = ConfidentialClientApplicationBuilder.CreateWithApplicationOptions(options).Build();

            Assert.IsFalse((app.AppConfig as ApplicationConfiguration).CacheSynchronizationEnabled);

            options = new ConfidentialClientApplicationOptions
            {
                ClientId     = TestConstants.ClientId,
                ClientSecret = "secret",
                EnableCacheSynchronization = false
            };
            app = ConfidentialClientApplicationBuilder.CreateWithApplicationOptions(options).Build();
            Assert.AreEqual(false, (app.AppConfig as ApplicationConfiguration).CacheSynchronizationEnabled);

            options = new ConfidentialClientApplicationOptions
            {
                ClientId     = TestConstants.ClientId,
                ClientSecret = "secret",
                EnableCacheSynchronization = true
            };
            app = ConfidentialClientApplicationBuilder.CreateWithApplicationOptions(options).Build();
            Assert.AreEqual(true, (app.AppConfig as ApplicationConfiguration).CacheSynchronizationEnabled);

            //Validate CacheSynchronizationEnabled is false by default when app is created from ConfidentialClientApplicationBuilder
            app = ConfidentialClientApplicationBuilder.Create(Guid.NewGuid().ToString()).WithClientSecret(TestConstants.ClientSecret).BuildConcrete();
            Assert.IsFalse((app.AppConfig as ApplicationConfiguration).CacheSynchronizationEnabled);

            //Validate CacheSynchronizationEnabled when app is created from ApplicaitonOptions for PCA
            var options2 = new PublicClientApplicationOptions()
            {
                ClientId = TestConstants.ClientId
            };
            var app2 = PublicClientApplicationBuilder.CreateWithApplicationOptions(options2).Build();

            Assert.IsTrue((app2.AppConfig as ApplicationConfiguration).CacheSynchronizationEnabled);

            //Validate CacheSynchronizationEnabled is true by default when app is created from PublicClientApplicationBuilder
            app2 = PublicClientApplicationBuilder.Create(Guid.NewGuid().ToString()).BuildConcrete();
            Assert.IsTrue((app2.AppConfig as ApplicationConfiguration).CacheSynchronizationEnabled);
        }
        public void CreateConfidentialClient(string resource, string clientCertificate)
        {
            X509Certificate2 certificate = ReadCertificate(clientCertificate);

            _confidentialClientApp = ConfidentialClientApplicationBuilder
                                     .CreateWithApplicationOptions(new ConfidentialClientApplicationOptions
            {
                ClientId    = Config.AzureClientId,
                RedirectUri = resource,
                TenantId    = Config.AzureTenantId,
                ClientName  = Config.AzureClientId
            })
                                     .WithAuthority(AzureCloudInstance.AzurePublic, Config.AzureTenantId)
                                     .WithCertificate(certificate)
                                     .Build();
            AddClientScopes();
        }
コード例 #25
0
 public void CreateConfidentialCertificateClient(string resource, X509Certificate2 clientCertificate)
 {
     Log.Info($"enter: {resource}");
     _confidentialClientApp = ConfidentialClientApplicationBuilder
                              .CreateWithApplicationOptions(new ConfidentialClientApplicationOptions
     {
         ClientId    = _config.AzureClientId,
         RedirectUri = resource,
         TenantId    = _config.AzureTenantId,
         ClientName  = Constants.ApplicationName
     })
                              .WithAuthority(AzureCloudInstance.AzurePublic, _config.AzureTenantId)
                              .WithLogging(MsalLoggerCallback, LogLevel.Verbose, true, true)
                              .WithCertificate(clientCertificate)
                              .Build();
     AddClientScopes(true);
 }
        /// <summary>
        /// Creates an MSAL Confidential client application
        /// </summary>
        /// <param name="claimsPrincipal"></param>
        /// <returns></returns>
        private IConfidentialClientApplication BuildConfidentialClientApplication()
        {
            var    request = CurrentHttpContext.Request;
            var    microsoftIdentityOptions = _microsoftIdentityOptions;
            var    applicationOptions       = _applicationOptions;
            string currentUri = UriHelper.BuildAbsolute(
                request.Scheme,
                request.Host,
                request.PathBase,
                microsoftIdentityOptions.CallbackPath.Value ?? string.Empty);

            if (!applicationOptions.Instance.EndsWith("/"))
            {
                applicationOptions.Instance += "/";
            }

            string authority;
            IConfidentialClientApplication app = null;

            if (microsoftIdentityOptions.IsB2C)
            {
                authority = $"{applicationOptions.Instance}tfp/{microsoftIdentityOptions.Domain}/{microsoftIdentityOptions.DefaultUserFlow}";
                app       = ConfidentialClientApplicationBuilder
                            .CreateWithApplicationOptions(applicationOptions)
                            .WithRedirectUri(currentUri)
                            .WithB2CAuthority(authority)
                            .Build();
            }
            else
            {
                authority = $"{applicationOptions.Instance}{applicationOptions.TenantId}/";
                app       = ConfidentialClientApplicationBuilder
                            .CreateWithApplicationOptions(applicationOptions)
                            .WithRedirectUri(currentUri)
                            .WithAuthority(authority)
                            .Build();
            }

            // Initialize token cache providers
            _tokenCacheProvider?.InitializeAsync(app.AppTokenCache);
            _tokenCacheProvider?.InitializeAsync(app.UserTokenCache);

            return(app);
        }
コード例 #27
0
        public IConfidentialClientApplication CreateConfidentialClientApplication()
        {
            var options = serviceProvider
                          .GetRequiredService <IOptions <ConfidentialClientApplicationOptions> >()
                          .Value;
            var builder = ConfidentialClientApplicationBuilder
                          .CreateWithApplicationOptions(options);

            ConfigureBuilder(builder);
            var app = builder.Build();
            var cacheStorageProvider = serviceProvider.GetService <MsalTokenCacheProvider>();

            if (cacheStorageProvider is not null)
            {
                cacheStorageProvider.RegisterCache(app.UserTokenCache);
                cacheStorageProvider.RegisterCache(app.AppTokenCache);
            }
            return(app);
        }
コード例 #28
0
        public void TestBuildWithNoClientSecretButUsingCert()
        {
            var options = new ConfidentialClientApplicationOptions()
            {
                ClientId = TestConstants.ClientId,
                TenantId = "the_tenant_id",
                Instance = "https://login.microsoftonline.com",
            };

            var cert = new X509Certificate2(
                ResourceHelper.GetTestResourceRelativePath("testCert.crtfile"), "passw0rd!");

            var app = ConfidentialClientApplicationBuilder.CreateWithApplicationOptions(options)
                      .WithCertificate(cert)
                      .Build();
            var authorityInfo = ((ConfidentialClientApplication)app).ServiceBundle.Config.AuthorityInfo;

            Assert.AreEqual("https://login.microsoftonline.com/the_tenant_id/", authorityInfo.CanonicalAuthority);
        }
        [DataRow(null)] // Not specified, default is true
        public void TestConstructor_WithLegacyCacheCompatibility_WithOptions(bool?isLegacyCacheCompatibilityEnabled)
        {
            var options = CreateConfidentialClientApplicationOptions();

            if (isLegacyCacheCompatibilityEnabled.HasValue)
            {
                options.LegacyCacheCompatibilityEnabled = isLegacyCacheCompatibilityEnabled.Value;
            }
            else
            {
                isLegacyCacheCompatibilityEnabled = true;
            }

            var cca = ConfidentialClientApplicationBuilder
                      .CreateWithApplicationOptions(options)
                      .Build();

            Assert.AreEqual(isLegacyCacheCompatibilityEnabled, cca.AppConfig.LegacyCacheCompatibilityEnabled);
        }
コード例 #30
0
        public void CreateConfidentialClient(string resource, string secret)
        {
            Log.Info($"enter: {resource}");
            // no prompt with clientid and secret
            _confidentialClientApp = ConfidentialClientApplicationBuilder
                                     .CreateWithApplicationOptions(new ConfidentialClientApplicationOptions
            {
                ClientId     = _config.AzureClientId,
                RedirectUri  = resource,
                ClientSecret = secret,
                TenantId     = _config.AzureTenantId,
                ClientName   = _config.AzureClientId
            })
                                     .WithAuthority(AzureCloudInstance.AzurePublic, _config.AzureTenantId)
                                     .WithLogging(MsalLoggerCallback, LogLevel.Verbose, true, true)
                                     .Build();

            AddClientScopes();
        }