//public IActionResult TimeConsuming() //{ // var uniqueName = HttpContext.User.Claims.First(claim => claim.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name").Value; // UsageTelemetry.Track(uniqueName, ArdaUsage.Report_Show); // return View(); //} public async Task <IActionResult> TimeConsuming() { string userObjectID = HttpContext.User.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value; var tokenCache = new NaiveSessionCache(userObjectID, NaiveSessionCacheResource.PowerBi, _cache); //ClientCredential credential = new ClientCredential(Startup.ClientId, Startup.ClientSecret); AuthenticationContext authContext = new AuthenticationContext(Startup.Authority, tokenCache); var authenticationResult = await authContext.AcquireTokenSilentAsync(Startup.PowerBIResourceId, Startup.ClientId); var tokenCredentials = new TokenCredentials(authenticationResult.AccessToken, "Bearer"); using (var client = new PowerBIClient(new Uri(Startup.PowerBIApiUrl), tokenCredentials)) { // You will need to provide the GroupID where the dashboard resides. ODataResponseListReport reports = await client.Reports.GetReportsInGroupAsync(Startup.PowerBIGroupId); // Get the first report in the group. Report report = reports.Value.FirstOrDefault(); // Generate Embed Token. var generateTokenRequestParameters = new GenerateTokenRequest(accessLevel: "view"); EmbedToken tokenResponse = client.Reports.GenerateTokenInGroup(Startup.PowerBIGroupId, report.Id, generateTokenRequestParameters); // Generate Embed Configuration. var embedConfig = new EmbedConfig() { EmbedToken = tokenResponse, EmbedUrl = report.EmbedUrl, Id = report.Id }; return(View("PowerBI", embedConfig)); } }
private JwtSecurityToken GetJwtSecurityToken() { IOwinContext owinContext = HttpContext.GetOwinContext(); string userObjectID = owinContext.Authentication.User.Claims.First(c => c.Type == Configuration.ClaimsObjectidentifier).Value; NaiveSessionCache cache = new NaiveSessionCache(userObjectID); AuthenticationContext authContext = new AuthenticationContext(Configuration.Authority, cache); TokenCacheItem kdAPITokenCache = authContext.TokenCache.ReadItems().Where(c => c.Resource == Configuration.KdResourceId).FirstOrDefault(); if (kdAPITokenCache == null) { authContext.TokenCache.Clear(); ViewBag.ErrorMessage = "AuthorizationRequired"; if (Request.QueryString["reauth"] == "True") { // // Send an OpenID Connect sign-in request to get a new set of tokens. // If the user still has a valid session with Azure AD, they will not be prompted for their credentials. // The OpenID Connect middleware will return to this controller after the sign-in response has been handled. // HttpContext.GetOwinContext().Authentication.Challenge(OpenIdConnectAuthenticationDefaults.AuthenticationType); } return(null); } return(new JwtSecurityToken(kdAPITokenCache.AccessToken)); }
// // The Client ID is used by the application to uniquely identify itself to Azure AD. // The App Key is a credential used to authenticate the application to Azure AD. Azure AD supports password and certificate credentials. // The Metadata Address is used by the application to retrieve the signing keys used by Azure AD. // The AAD Instance is the instance of Azure, for example public Azure or Azure China. // The Authority is the sign-in URL of the tenant. // The Post Logout Redirect Uri is the URL where the user will be redirected after they sign out. // // This is the resource ID of the AAD Graph API. We'll need this to request a token to call the Graph API. public void ConfigureAuth(IAppBuilder app) { app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType); app.UseCookieAuthentication(new CookieAuthenticationOptions()); app.UseOpenIdConnectAuthentication( new OpenIdConnectAuthenticationOptions { ClientId = MediaLibraryWebApp.Configuration.ClientId, Authority = MediaLibraryWebApp.Configuration.Authority, PostLogoutRedirectUri = MediaLibraryWebApp.Configuration.PostLogoutRedirectUri, Notifications = new OpenIdConnectAuthenticationNotifications() { // // If there is a code in the OpenID Connect response, redeem it for an access token and refresh token, and store those away. // AuthorizationCodeReceived = (context) => { var code = context.Code; System.IdentityModel.Tokens.JwtSecurityToken jwtToken = context.JwtSecurityToken; string userObjectID = context.AuthenticationTicket.Identity.FindFirst(MediaLibraryWebApp.Configuration.ClaimsObjectidentifier).Value; Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential credential = new Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential(MediaLibraryWebApp.Configuration.ClientId, MediaLibraryWebApp.Configuration.AppKey); NaiveSessionCache cache = new NaiveSessionCache(userObjectID); AuthenticationContext authContext = new AuthenticationContext(MediaLibraryWebApp.Configuration.Authority, cache); //Getting a token to connect with GraphApi later on userProfile page AuthenticationResult graphAPiresult = authContext.AcquireTokenByAuthorizationCode(code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, MediaLibraryWebApp.Configuration.GraphResourceId); //Getting a access token which can be used to configure auth restrictions for multiple tentants since audience will be same for each web app requesting this token AuthenticationResult kdAPiresult = authContext.AcquireTokenByAuthorizationCode(code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, MediaLibraryWebApp.Configuration.KdResourceId); string kdAccessToken = kdAPiresult.AccessToken; //Initializing MediaServicesCredentials in order to obtain access token to be used to connect var amsCredentials = new MediaServicesCredentials(MediaLibraryWebApp.Configuration.MediaAccount, MediaLibraryWebApp.Configuration.MediaKey); //Forces to get access token amsCredentials.RefreshToken(); //Adding token to a claim so it can be accessible within controller context.AuthenticationTicket.Identity.AddClaim(new Claim(MediaLibraryWebApp.Configuration.ClaimsSignInJwtToken, jwtToken.RawData)); //Adding media services access token as claim so it can be accessible within controller context.AuthenticationTicket.Identity.AddClaim(new Claim(MediaLibraryWebApp.Configuration.ClaimsAmsAcessToken, amsCredentials.AccessToken)); return(Task.FromResult(0)); } } }); }
// // GET: /UserProfile/ public async Task <ActionResult> Index() { // // Retrieve the user's name, tenantID, and access token since they are parameters used to query the Graph API. // UserProfile profile; IOwinContext owinContext = HttpContext.GetOwinContext(); string userObjectID = owinContext.Authentication.User.Claims.First(c => c.Type == Configuration.ClaimsObjectidentifier).Value; NaiveSessionCache cache = new NaiveSessionCache(userObjectID); AuthenticationContext authContext = new AuthenticationContext(Configuration.Authority, cache); try { TokenCacheItem graphAPITokenCache = authContext.TokenCache.ReadItems().Where(c => c.Resource == MediaLibraryWebApp.Configuration.GraphResourceId).FirstOrDefault(); TokenCacheItem kdAPITokenCache = authContext.TokenCache.ReadItems().Where(c => c.Resource == MediaLibraryWebApp.Configuration.KdResourceId).FirstOrDefault(); if (graphAPITokenCache == null) { authContext.TokenCache.Clear(); profile = new UserProfile(); ViewBag.ErrorMessage = "AuthorizationRequired"; if (Request.QueryString["reauth"] == "True") { // // Send an OpenID Connect sign-in request to get a new set of tokens. // If the user still has a valid session with Azure AD, they will not be prompted for their credentials. // The OpenID Connect middleware will return to this controller after the sign-in response has been handled. // HttpContext.GetOwinContext().Authentication.Challenge(OpenIdConnectAuthenticationDefaults.AuthenticationType); } return(View(profile)); } string graphAPIAccessToken = graphAPITokenCache.AccessToken; JwtSecurityToken signInToken = new JwtSecurityToken(owinContext.Authentication.User.Claims.First(c => c.Type == Configuration.ClaimsSignInJwtToken).Value); ActiveDirectoryClient activeDirectoryClient = Factory.GetActiveDirectoryClientAsApplication(graphAPIAccessToken); User userProfile = (User)await activeDirectoryClient.Users.GetByObjectId(userObjectID).ExecuteAsync(); List <string> membergroups = (await userProfile.GetMemberGroupsAsync(false)).ToList(); var groups = await activeDirectoryClient.Groups.ExecuteAsync(); profile = new UserProfile(); profile.GraphApiAccessToken = new JwtSecurityToken(graphAPIAccessToken); profile.KeyDeliveryApiAccessToken = new JwtSecurityToken(kdAPITokenCache.AccessToken); profile.OpenConnectSignInToken = signInToken; profile.MemberGroups = membergroups; profile.AllGroups = groups.CurrentPage; profile.User = userProfile; return(View(profile)); } catch (Exception) { // // If the call failed, then drop the current access token and show the user an error indicating they might need to sign-in again. // var todoTokens = authContext.TokenCache.ReadItems().Where(a => a.Resource == Configuration.GraphResourceId); foreach (TokenCacheItem tci in todoTokens) { authContext.TokenCache.DeleteItem(tci); } // // If refresh is set to true, the user has clicked the link to be authorized again. // if (Request.QueryString["reauth"] == "True") { // // Send an OpenID Connect sign-in request to get a new set of tokens. // If the user still has a valid session with Azure AD, they will not be prompted for their credentials. // The OpenID Connect middleware will return to this controller after the sign-in response has been handled. // HttpContext.GetOwinContext().Authentication.Challenge(OpenIdConnectAuthenticationDefaults.AuthenticationType); } // // The user needs to re-authorize. Show them a message to that effect. // profile = new UserProfile(); ViewBag.ErrorMessage = "AuthorizationRequired"; return(View(profile)); } }