private async Task <bool> IsDefaultAccountAndAadAsync(IAccount account)
{
if (account != null && PublicClientApplication.IsOperatingSystemAccount(account))
{
bool defaultOsAccountIsAAD = !(await _webAccountProviderFactory.IsDefaultAccountMsaAsync().ConfigureAwait(false));
return(defaultOsAccountIsAAD);
}
return(false);
}
public void TestDefaultAccountPluginSelection()
{
_webAccountProviderFactory.IsDefaultAccountMsaAsync().Returns(true);
Assert.IsTrue(
_wamBroker.IsMsaRequestAsync(Authority.CreateAuthority(TestConstants.AuthorityCommonTenant), null, false).Result,
"Common authority with no account - use Windows default account");
_webAccountProviderFactory.Received(1).IsDefaultAccountMsaAsync();
_webAccountProviderFactory.IsDefaultAccountMsaAsync().Returns(false);
Assert.IsFalse(
_wamBroker.IsMsaRequestAsync(Authority.CreateAuthority(TestConstants.AuthorityCommonTenant), null, false).Result,
"Common authority with no account - use Windows default account");
_webAccountProviderFactory.Received(2).IsDefaultAccountMsaAsync();
}
public async Task <WebTokenRequest> CreateWebTokenRequestAsync(
WebAccountProvider provider,
AuthenticationRequestParameters authenticationRequestParameters,
bool isForceLoginPrompt,
bool isInteractive,
bool isAccountInWam)
{
bool setLoginHint = false;
bool addNewAccount = false;
string loginHint = authenticationRequestParameters.LoginHint ?? authenticationRequestParameters.Account?.Username;
if (isInteractive && !isAccountInWam)
{
if (!string.IsNullOrEmpty(loginHint))
{
setLoginHint = true;
}
else
{
addNewAccount = !(await _webAccountProviderFactory.IsDefaultAccountMsaAsync().ConfigureAwait(false));
}
}
var promptType = (setLoginHint || addNewAccount || (isForceLoginPrompt && isInteractive)) ?
WebTokenRequestPromptType.ForceAuthentication :
WebTokenRequestPromptType.Default;
string scopes = ScopeHelper.GetMsalScopes(authenticationRequestParameters.Scope).AsSingleString();
WebTokenRequest request = new WebTokenRequest(
provider,
scopes,
authenticationRequestParameters.ClientId,
promptType);
if (addNewAccount || setLoginHint)
{
request.Properties.Add("Client_uiflow", "new_account"); // launch add account flow
if (setLoginHint)
{
request.Properties.Add("LoginHint", loginHint); // prefill username
}
}
request.Properties.Add("api-version", "2.0"); // request V2 tokens over V1
request.Properties.Add("oauth2_batch", "1"); // request tokens as OAuth style name/value pairs
request.Properties.Add("x-client-info", "1"); // request client_info
if (ApiInformation.IsPropertyPresent("Windows.Security.Authentication.Web.Core.WebTokenRequest", "CorrelationId"))
{
request.CorrelationId = authenticationRequestParameters.CorrelationId.ToString();
}
else
{
_logger.Warning("[WAM MSA Plugin] Could not add the correlation ID to the request.");
}
return(request);
}
private async Task <bool> IsGivenOrDefaultAccountMsaAsync(string homeTenantId)
{
if (!string.IsNullOrEmpty(homeTenantId))
{
bool result = IsConsumerTenantId(homeTenantId);
_logger.Info("[WAM Broker] Deciding plugin based on home tenant Id ... MSA? " + result);
return(result);
}
_logger.Warning("[WAM Broker] Cannot decide which plugin (AAD or MSA) to use. Using AAD. ");
var isMsa = await _webAccountProviderFactory.IsDefaultAccountMsaAsync().ConfigureAwait(false);
return(isMsa);
}
public async Task <WebTokenRequest> CreateWebTokenRequestAsync(
WebAccountProvider provider,
AuthenticationRequestParameters authenticationRequestParameters,
bool isForceLoginPrompt,
bool isInteractive,
bool isAccountInWam,
string scopeOverride = null)
{
bool setLoginHint = false;
bool addNewAccount = false;
string loginHint = !string.IsNullOrEmpty(authenticationRequestParameters.LoginHint) ?
authenticationRequestParameters.LoginHint :
authenticationRequestParameters.Account?.Username;
if (isInteractive && !isAccountInWam)
{
if (!string.IsNullOrEmpty(loginHint))
{
setLoginHint = true;
}
else
{
addNewAccount = !(await _webAccountProviderFactory.IsDefaultAccountMsaAsync().ConfigureAwait(false));
}
}
var promptType = (setLoginHint || addNewAccount || (isForceLoginPrompt && isInteractive)) ?
WebTokenRequestPromptType.ForceAuthentication :
WebTokenRequestPromptType.Default;
string scopes = scopeOverride ?? ScopeHelper.GetMsalScopes(authenticationRequestParameters.Scope).AsSingleString();
WebTokenRequest request = new WebTokenRequest(
provider,
scopes,
authenticationRequestParameters.AppConfig.ClientId,
promptType);
if (addNewAccount || setLoginHint)
{
request.Properties.Add("Client_uiflow", "new_account"); // launch add account flow
if (setLoginHint)
{
request.Properties.Add("LoginHint", loginHint); // prefill username
}
}
AddV2Properties(request);
if (ApiInformation.IsPropertyPresent("Windows.Security.Authentication.Web.Core.WebTokenRequest", "CorrelationId"))
{
LegacyOsWamProxy.SetCorrelationId(request, authenticationRequestParameters.CorrelationId.ToString());
}
else
{
_logger.Warning("[WAM MSA Plugin] Could not add the correlation ID to the request.");
}
return(request);
}