public async Task <ActionResult> Authorize() { ConfidentialClientApplicationBuilder clientBuilder = ConfidentialClientApplicationBuilder.Create(AzureADClientId); clientBuilder.WithClientSecret(AzureADClientSecret); clientBuilder.WithRedirectUri(loginRedirectUri.ToString()); clientBuilder.WithAuthority(AzureADAuthority); ConfidentialClientApplication clientApp = (ConfidentialClientApplication)clientBuilder.Build(); string[] sassScopes = $"{SaaSScopes}".Split(new[] { ' ' }); try { // Get and save the token. var authResultBuilder = clientApp.AcquireTokenByAuthorizationCode( sassScopes, Request.Params["code"] ); var authResult = await authResultBuilder.ExecuteAsync(); var activation = await _assignedUserService.Activate($"{SaaSAPI}/{OfferID}", authResult.AccessToken); ViewBag.accountName = authResult.Account.Username; return(View(activation)); } catch (Exception ex) { System.Diagnostics.Trace.WriteLine(ex.ToString()); } return(View()); }
public async Task <ActionResult> Authorize() { ConfidentialClientApplicationBuilder clientBuilder = ConfidentialClientApplicationBuilder.Create(_azureAdOptions.ClientId); clientBuilder.WithClientSecret(_azureAdOptions.ClientSecret); clientBuilder.WithRedirectUri(LoginRedirectUri.ToString()); clientBuilder.WithAuthority(_azureAdOptions.Authority); ConfidentialClientApplication clientApp = (ConfidentialClientApplication)clientBuilder.Build(); string[] sassScopes = $"{_azureAdOptions.SaaSScopes}".Split(new[] { ' ' }); var authResultBuilder = clientApp.AcquireTokenByAuthorizationCode( sassScopes, HttpContext.Request.Query["code"].ToString() ); try { var authResult = await authResultBuilder.ExecuteAsync(); var offer = Offers.ContosoAppOffer; var activation = await _assignedUserService.Activate($"{_azureAdOptions.SaaSAPI}/{offer.OfferID}", authResult.AccessToken); ViewBag.Message = JsonConvert.SerializeObject( new { status = "success", activation = activation, accountName = authResult.Account.Username }); } catch (Exception e) { ViewBag.Message = JsonConvert.SerializeObject(new { status = "failure", error = e.Message }); } return(View()); }
/// <summary> /// Gets IdToken from implicit flow and sends it to main add-in window. /// </summary> /// <returns>The default view.</returns> public async Task <ActionResult> Authorize() { ConfidentialClientApplicationBuilder clientBuilder = ConfidentialClientApplicationBuilder.Create(Settings.AzureADClientId); clientBuilder.WithClientSecret(Settings.AzureADClientSecret); clientBuilder.WithRedirectUri(loginRedirectUri.ToString()); clientBuilder.WithAuthority(Settings.AzureADAuthority); ConfidentialClientApplication clientApp = (ConfidentialClientApplication)clientBuilder.Build(); string[] graphScopes = { "Files.Read.All", "User.Read" }; // Get and save the token. var authResultBuilder = clientApp.AcquireTokenByAuthorizationCode( graphScopes, Request.Params["code"] // The auth 'code' parameter from the Azure redirect. ); try { var authResult = await authResultBuilder.ExecuteAsync(); ViewBag.AccessToken = authResult.AccessToken; } catch (Exception e) { ViewBag.Error = e.Message; } return(View()); }
public static IConfidentialClientApplication CreateConfidentialClient( string authority = null, string clientId = null, string clientSecret = null, X509Certificate2 certificate = null, string redirectUri = null, string tenantId = null) { ConfidentialClientApplicationBuilder builder = ConfidentialClientApplicationBuilder.Create(clientId); if (!string.IsNullOrEmpty(authority)) { builder = builder.WithAuthority(authority); } if (!string.IsNullOrEmpty(clientSecret)) { builder = builder.WithClientSecret(clientSecret); } if (certificate != null) { builder = builder.WithCertificate(certificate); } if (!string.IsNullOrEmpty(redirectUri)) { builder = builder.WithRedirectUri(redirectUri); } if (!string.IsNullOrEmpty(tenantId)) { builder = builder.WithTenantId(tenantId); } IConfidentialClientApplication client = builder.WithLogging( DebugLoggingMethod, LogLevel.Info, enablePiiLogging: false, enableDefaultPlatformLogging: true).Build(); MsalCacheHelper cacheHelper = InitializeCacheHelper(clientId); cacheHelper.RegisterCache(client.UserTokenCache); return(client); }
/// <summary> /// Creates a confidential client used for generating tokens. /// </summary> /// <param name="cloudInstance">The cloud instance used for authentication.</param> /// <param name="clientId">Identifier of the client requesting the token.</param> /// <param name="certificate">Certificate used by the client requesting the token.</param> /// <param name="clientSecret">Secret of the client requesting the token.</param> /// <param name="redirectUri">The redirect URI for the client.</param> /// <param name="tenantId">Identifier of the tenant requesting the token.</param> /// <returns>An aptly configured confidential client.</returns> private static IConfidentialClientApplication CreateConfidentialClient( AzureCloudInstance cloudInstance, string clientId = null, string clientSecret = null, X509Certificate2 certificate = null, string redirectUri = null, string tenantId = null) { ConfidentialClientApplicationBuilder builder = ConfidentialClientApplicationBuilder.Create(clientId); builder = builder.WithAuthority(cloudInstance, tenantId); if (!string.IsNullOrEmpty(clientSecret)) { builder = builder.WithClientSecret(clientSecret); } if (certificate != null) { builder = builder.WithCertificate(certificate); } if (!string.IsNullOrEmpty(redirectUri)) { builder = builder.WithRedirectUri(redirectUri); } if (!string.IsNullOrEmpty(tenantId)) { builder = builder.WithTenantId(tenantId); } IConfidentialClientApplication client = builder.WithLogging((level, message, pii) => { MgmtSession.Instance.DebugMessages.Enqueue($"[MSAL] {level} {message}"); }).Build(); if (MgmtSession.Instance.TryGetComponent(ComponentKey.TokenCache, out IMgmtTokenCache tokenCache)) { ServiceClientTracing.Information($"[MSAL] Registering the token cache for client {clientId}"); tokenCache.RegisterCache(client); } return(client); }
/// <summary> /// Authorizes the web application (not the user) to access Microsoft Graph resources by using /// the Authorization Code flow of OAuth. /// </summary> /// <returns>The default view.</returns> public async Task <ActionResult> Authorize() { ConfidentialClientApplicationBuilder clientBuilder = ConfidentialClientApplicationBuilder.Create(Settings.AzureADClientId); clientBuilder.WithClientSecret(Settings.AzureADClientSecret); clientBuilder.WithRedirectUri(loginRedirectUri.ToString()); clientBuilder.WithAuthority(Settings.AzureADAuthority); ConfidentialClientApplication clientApp = (ConfidentialClientApplication)clientBuilder.Build(); string[] graphScopes = { "Files.Read.All", "User.Read" }; var authStateString = Request.QueryString["state"]; var authState = JsonConvert.DeserializeObject <AuthState>(authStateString); try { // Get and save the token. var authResultBuilder = clientApp.AcquireTokenByAuthorizationCode( graphScopes, Request.Params["code"] // The auth 'code' parameter from the Azure redirect. ); var authResult = await authResultBuilder.ExecuteAsync(); await SaveAuthToken(authState, authResult); authState.authStatus = "success"; } catch (Exception ex) { System.Diagnostics.Trace.WriteLine(ex.ToString()); authState.authStatus = "failure"; } // Instead of doing a server-side redirect, we have to do a client-side redirect to get around // some issues with the display dialog API not getting properly wired up after a server-side redirect var redirectUrl = Url.Action(nameof(AuthorizeComplete), new { authState = JsonConvert.SerializeObject(authState) }); ViewBag.redirectUrl = redirectUrl; return(View()); }
/// <summary> /// Creates a confidential client used for generating tokens. /// </summary> /// <param name="cloudInstance">The cloud instance used for authentication.</param> /// <param name="clientId">Identifier of the client requesting the token.</param> /// <param name="certificate">Certificate used by the client requesting the token.</param> /// <param name="clientSecret">Secret of the client requesting the token.</param> /// <param name="redirectUri">The redirect URI for the client.</param> /// <param name="tenantId">Identifier of the tenant requesting the token.</param> /// <returns>An aptly configured confidential client.</returns> private static IConfidentialClientApplication CreateConfidentialClient( AzureCloudInstance cloudInstance, string clientId = null, string clientSecret = null, X509Certificate2 certificate = null, string redirectUri = null, string tenantId = null) { ConfidentialClientApplicationBuilder builder = ConfidentialClientApplicationBuilder.Create(clientId); builder = builder.WithAuthority(cloudInstance, tenantId); if (!string.IsNullOrEmpty(clientSecret)) { builder = builder.WithClientSecret(clientSecret); } if (certificate != null) { builder = builder.WithCertificate(certificate); } if (!string.IsNullOrEmpty(redirectUri)) { builder = builder.WithRedirectUri(redirectUri); } if (!string.IsNullOrEmpty(tenantId)) { builder = builder.WithTenantId(tenantId); } IConfidentialClientApplication client = builder.WithLogging((level, message, pii) => { PartnerSession.Instance.DebugMessages.Enqueue($"[MSAL] {level} {message}"); }).Build(); return(client); }