public void MediaServicesCredentialsAcsEndPointCustomRetryPolicy() { string account = WindowsAzureMediaServicesTestConfiguration.MediaServiceAccountName; string key = WindowsAzureMediaServicesTestConfiguration.MediaServiceAccountKey; var retryStrategy = new Incremental(1, TimeSpan.FromSeconds(1), TimeSpan.FromSeconds(2)); var errorDetectionStrategy = new ErrorDetectionStrategyForRefreshToken(); MediaServicesCredentials credentials = new MediaServicesCredentials(account, key, WindowsAzureMediaServicesTestConfiguration.MediaServicesAccessScope, new List <string> { "http://dummyacsendpoint" }) { RefreshTokenRetryPolicy = new RetryPolicy(errorDetectionStrategy, retryStrategy) }; Assert.IsNull(credentials.AccessToken); Assert.IsTrue(credentials.TokenExpiration < DateTime.UtcNow); try { credentials.RefreshToken(); } catch (WebException) { Assert.IsTrue(errorDetectionStrategy.Invoked); throw; } }
public static CloudMediaContext GetContext() { string accessToken; DateTime tokenExpiration; CloudMediaContext _context; GetTokenInfo(out accessToken, out tokenExpiration); MediaServicesCredentials credentials = new MediaServicesCredentials(MSAccount, MSPrimaryKey); if (string.IsNullOrEmpty(credentials.AccessToken)) { credentials.RefreshToken(); } if (!string.IsNullOrEmpty(accessToken) && !tokenExpiration.Equals(DateTime.MaxValue)) { credentials.AccessToken = accessToken; credentials.TokenExpiration = tokenExpiration; } _context = new CloudMediaContext(credentials); if (_context.Credentials.TokenExpiration != tokenExpiration) { SaveTokenInfo(_context.Credentials.AccessToken, _context.Credentials.TokenExpiration); } return(_context); }
public void MediaServicesCredentialsAcsEndPointCustomRetryPolicy() { string account = WindowsAzureMediaServicesTestConfiguration.MediaServiceAccountName; string key = WindowsAzureMediaServicesTestConfiguration.MediaServiceAccountKey; var retryStrategy = new Incremental(1, TimeSpan.FromSeconds(1),TimeSpan.FromSeconds(2)); var errorDetectionStrategy = new ErrorDetectionStrategyForRefreshToken(); MediaServicesCredentials credentials = new MediaServicesCredentials(account, key, WindowsAzureMediaServicesTestConfiguration.MediaServicesAccessScope, new List<string> { "http://dummyacsendpoint" }) { RefreshTokenRetryPolicy = new RetryPolicy(errorDetectionStrategy, retryStrategy) }; Assert.IsNull(credentials.AccessToken); Assert.IsTrue(credentials.TokenExpiration < DateTime.UtcNow); try { credentials.RefreshToken(); } catch (WebException) { Assert.IsTrue(errorDetectionStrategy.Invoked); throw; } }
public void MediaServicesCredentialsTestGetToken() { MediaServicesCredentials target = WindowsAzureMediaServicesTestConfiguration.CreateMediaServicesCredentials(); Assert.IsNull(target.AccessToken); Assert.IsTrue(target.TokenExpiration < DateTime.UtcNow); target.RefreshToken(); Assert.IsNotNull(target.AccessToken); Assert.IsTrue(target.AccessToken.Length > 0); Assert.IsTrue(target.TokenExpiration > DateTime.UtcNow.AddHours(1)); }
// // The Client ID is used by the application to uniquely identify itself to Azure AD. // The App Key is a credential used to authenticate the application to Azure AD. Azure AD supports password and certificate credentials. // The Metadata Address is used by the application to retrieve the signing keys used by Azure AD. // The AAD Instance is the instance of Azure, for example public Azure or Azure China. // The Authority is the sign-in URL of the tenant. // The Post Logout Redirect Uri is the URL where the user will be redirected after they sign out. // // This is the resource ID of the AAD Graph API. We'll need this to request a token to call the Graph API. public void ConfigureAuth(IAppBuilder app) { app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType); app.UseCookieAuthentication(new CookieAuthenticationOptions()); app.UseOpenIdConnectAuthentication( new OpenIdConnectAuthenticationOptions { ClientId = MediaLibraryWebApp.Configuration.ClientId, Authority = MediaLibraryWebApp.Configuration.Authority, PostLogoutRedirectUri = MediaLibraryWebApp.Configuration.PostLogoutRedirectUri, Notifications = new OpenIdConnectAuthenticationNotifications() { // // If there is a code in the OpenID Connect response, redeem it for an access token and refresh token, and store those away. // AuthorizationCodeReceived = (context) => { var code = context.Code; System.IdentityModel.Tokens.JwtSecurityToken jwtToken = context.JwtSecurityToken; string userObjectID = context.AuthenticationTicket.Identity.FindFirst(MediaLibraryWebApp.Configuration.ClaimsObjectidentifier).Value; Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential credential = new Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential(MediaLibraryWebApp.Configuration.ClientId, MediaLibraryWebApp.Configuration.AppKey); NaiveSessionCache cache = new NaiveSessionCache(userObjectID); AuthenticationContext authContext = new AuthenticationContext(MediaLibraryWebApp.Configuration.Authority, cache); //Getting a token to connect with GraphApi later on userProfile page AuthenticationResult graphAPiresult = authContext.AcquireTokenByAuthorizationCode(code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, MediaLibraryWebApp.Configuration.GraphResourceId); //Getting a access token which can be used to configure auth restrictions for multiple tentants since audience will be same for each web app requesting this token AuthenticationResult kdAPiresult = authContext.AcquireTokenByAuthorizationCode(code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, MediaLibraryWebApp.Configuration.KdResourceId); string kdAccessToken = kdAPiresult.AccessToken; //Initializing MediaServicesCredentials in order to obtain access token to be used to connect var amsCredentials = new MediaServicesCredentials(MediaLibraryWebApp.Configuration.MediaAccount, MediaLibraryWebApp.Configuration.MediaKey); //Forces to get access token amsCredentials.RefreshToken(); //Adding token to a claim so it can be accessible within controller context.AuthenticationTicket.Identity.AddClaim(new Claim(MediaLibraryWebApp.Configuration.ClaimsSignInJwtToken, jwtToken.RawData)); //Adding media services access token as claim so it can be accessible within controller context.AuthenticationTicket.Identity.AddClaim(new Claim(MediaLibraryWebApp.Configuration.ClaimsAmsAcessToken, amsCredentials.AccessToken)); return(Task.FromResult(0)); } } }); }
private void RefreshAcsToken() { bool exit = false; int timesToSwitchEndpointAndRetry = 1; //first try preferred ACS if (this.IsPreferredAcsEnabled() && (this.AcsInstance != AcsInstance.Longevity)) { if (!this.IsPreferredAcsEndpoint(objMediaServicesCredentials)) { this.SwitchAcsEndpointToPreferred(); objMediaServicesCredentials = this.CreateMediaServicesCredentials(); } } while (!exit) { try { bool isNullAcsToken = (objMediaServicesCredentials.AccessToken == null); objMediaServicesCredentials.RefreshToken(); //ACS Token is constructed if not yet, by authenticating against ACS exit = true; if (isNullAcsToken) { Console.WriteLine("A new ACS token has been created."); } else { Console.WriteLine("The ACS token has been renewed."); } } catch (Exception) { // we hit an error, switch the endpoint to try so that the next attempt will be on a different endpoint SwitchAcsEndpoint(); timesToSwitchEndpointAndRetry--; if (timesToSwitchEndpointAndRetry < 0) { Logger.Log("Have tried all available ACS instances and failed.", EventLogEntryType.Error); throw new Exception("Have tried all available ACS instances and failed."); } // Create the new credentials instance with the next endpoint for the retry objMediaServicesCredentials = this.CreateMediaServicesCredentials(); } } }
public void MediaServicesCredentialsPassingAcsEndPoint() { var context1 = WindowsAzureMediaServicesTestConfiguration.CreateCloudMediaContext(); string account = WindowsAzureMediaServicesTestConfiguration.MediaServiceAccountName; string key = WindowsAzureMediaServicesTestConfiguration.MediaServiceAccountKey; MediaServicesCredentials credentials = new MediaServicesCredentials(account, key, WindowsAzureMediaServicesTestConfiguration.MediaServicesAccessScope, WindowsAzureMediaServicesTestConfiguration.MediaServicesAcsBaseAddress); Assert.IsNull(credentials.AccessToken); Assert.IsTrue(credentials.TokenExpiration < DateTime.UtcNow); credentials.RefreshToken(); Assert.IsNotNull(credentials.AccessToken); Assert.IsTrue(credentials.AccessToken.Length > 0); Assert.IsTrue(credentials.TokenExpiration > DateTime.UtcNow); }
public void MediaServicesCredentialsAcsEndPointListWithWrongOneLast() { string account = WindowsAzureMediaServicesTestConfiguration.MediaServiceAccountName; string key = WindowsAzureMediaServicesTestConfiguration.MediaServiceAccountKey; MediaServicesCredentials credentials = new MediaServicesCredentials(account, key, WindowsAzureMediaServicesTestConfiguration.MediaServicesAccessScope, new List <string> { WindowsAzureMediaServicesTestConfiguration.MediaServicesAcsBaseAddress, "http://dummyacsendpoint" }); Assert.IsNull(credentials.AccessToken); Assert.IsTrue(credentials.TokenExpiration < DateTime.UtcNow); credentials.RefreshToken(); Assert.IsNotNull(credentials.AccessToken); Assert.IsTrue(credentials.AccessToken.Length > 0); Assert.IsTrue(credentials.TokenExpiration > DateTime.UtcNow); }
// // The Client ID is used by the application to uniquely identify itself to Azure AD. // The App Key is a credential used to authenticate the application to Azure AD. Azure AD supports password and certificate credentials. // The Metadata Address is used by the application to retrieve the signing keys used by Azure AD. // The AAD Instance is the instance of Azure, for example public Azure or Azure China. // The Authority is the sign-in URL of the tenant. // The Post Logout Redirect Uri is the URL where the user will be redirected after they sign out. // // This is the resource ID of the AAD Graph API. We'll need this to request a token to call the Graph API. public void ConfigureAuth(IAppBuilder app) { app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType); app.UseCookieAuthentication(new CookieAuthenticationOptions()); app.UseOpenIdConnectAuthentication( new OpenIdConnectAuthenticationOptions { ClientId = MediaLibraryWebApp.Configuration.ClientId, Authority = MediaLibraryWebApp.Configuration.Authority, PostLogoutRedirectUri = MediaLibraryWebApp.Configuration.PostLogoutRedirectUri, Notifications = new OpenIdConnectAuthenticationNotifications() { // // If there is a code in the OpenID Connect response, redeem it for an access token and refresh token, and store those away. // AuthorizationCodeReceived = (context) => { var code = context.Code; ClientCredential credential = new ClientCredential(MediaLibraryWebApp.Configuration.ClientId, MediaLibraryWebApp.Configuration.AppKey); string userObjectID = context.AuthenticationTicket.Identity.FindFirst(MediaLibraryWebApp.Configuration.ClaimsObjectidentifier).Value; AuthenticationContext authContext = new AuthenticationContext(MediaLibraryWebApp.Configuration.Authority, new NaiveSessionCache(userObjectID)); AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode(code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, MediaLibraryWebApp.Configuration.GraphResourceId); //Initializing MediaServicesCredentials in order to obtain access token to be used to connect var amsCredentials = new MediaServicesCredentials(MediaLibraryWebApp.Configuration.MediaAccount, MediaLibraryWebApp.Configuration.MediaKey); //Forces to get access token amsCredentials.RefreshToken(); //Adding token to a claim so it can be accessible within controller context.AuthenticationTicket.Identity.AddClaim(new Claim(MediaLibraryWebApp.Configuration.ClaimsJwtToken, result.AccessToken)); context.AuthenticationTicket.Identity.AddClaim(new Claim(MediaLibraryWebApp.Configuration.ClaimsAmsAcessToken, amsCredentials.AccessToken)); return(Task.FromResult(0)); } } }); }
public void MediaServicesCredentialsAcsEndPointListWithWrongOneFirst() { string account = WindowsAzureMediaServicesTestConfiguration.MediaServiceAccountName; string key = WindowsAzureMediaServicesTestConfiguration.MediaServiceAccountKey; MediaServicesCredentials credentials = new MediaServicesCredentials(account, key, WindowsAzureMediaServicesTestConfiguration.MediaServicesAccessScope, new List<string> { "http://dummyacsendpoint", WindowsAzureMediaServicesTestConfiguration.MediaServicesAcsBaseAddress}); Assert.IsNull(credentials.AccessToken); Assert.IsTrue(credentials.TokenExpiration < DateTime.UtcNow); credentials.RefreshToken(); Assert.IsNotNull(credentials.AccessToken); Assert.IsTrue(credentials.AccessToken.Length > 0); Assert.IsTrue(credentials.TokenExpiration > DateTime.UtcNow); }
public void MediaServicesCredentialsPassingAcsEndPoint() { var context1 = WindowsAzureMediaServicesTestConfiguration.CreateCloudMediaContext(); string account = WindowsAzureMediaServicesTestConfiguration.MediaServiceAccountName; string key = WindowsAzureMediaServicesTestConfiguration.MediaServiceAccountKey; MediaServicesCredentials credentials = new MediaServicesCredentials(account, key,WindowsAzureMediaServicesTestConfiguration.MediaServicesAccessScope,WindowsAzureMediaServicesTestConfiguration.MediaServicesAcsBaseAddress); Assert.IsNull(credentials.AccessToken); Assert.IsTrue(credentials.TokenExpiration < DateTime.UtcNow); credentials.RefreshToken(); Assert.IsNotNull(credentials.AccessToken); Assert.IsTrue(credentials.AccessToken.Length > 0); Assert.IsTrue(credentials.TokenExpiration > DateTime.UtcNow); }