public bool CreatePublicClient(bool prompt, bool deviceLogin = false) { Log.Info($"enter: {prompt} {deviceLogin}"); _publicClientApp = PublicClientApplicationBuilder .Create(_wellKnownClientId) .WithAuthority(AzureCloudInstance.AzurePublic, Config.AzureTenantId) .WithLogging(MsalLoggerCallback, LogLevel.Verbose, true, true) .WithDefaultRedirectUri() .Build(); if (_instance.IsWindows) { TokenCacheHelper.EnableSerialization(_publicClientApp.UserTokenCache); } if (prompt) { if (deviceLogin) { AuthenticationResult = _publicClientApp .AcquireTokenWithDeviceCode(_defaultScope, MsalDeviceCodeCallback) .ExecuteAsync().Result; } else { AuthenticationResult = _publicClientApp .AcquireTokenInteractive(_defaultScope) .ExecuteAsync().Result; } } else { AuthenticationResult = _publicClientApp .AcquireTokenSilent(_defaultScope, _publicClientApp.GetAccountsAsync().Result.FirstOrDefault()) .ExecuteAsync().Result; } if (Scopes.Count > 0) { Log.Info($"adding scopes {Scopes.Count}"); AuthenticationResult = _publicClientApp .AcquireTokenSilent(Scopes, _publicClientApp.GetAccountsAsync().Result.FirstOrDefault()) .ExecuteAsync().Result; } return(true); }
public bool CreatePublicClient(bool prompt, bool deviceLogin = false) { Log.Info($"enter: {prompt} {deviceLogin}"); AuthenticationResult result = null; _publicClientApp = PublicClientApplicationBuilder .Create(_wellKnownClientId) .WithAuthority(AzureCloudInstance.AzurePublic, _config.AzureTenantId) .WithLogging(MsalLoggerCallback, LogLevel.Verbose, true, true) .WithDefaultRedirectUri() .Build(); TokenCacheHelper.EnableSerialization(_publicClientApp.UserTokenCache); if (prompt) { if (deviceLogin) { result = _publicClientApp.AcquireTokenWithDeviceCode(_defaultScope, MsalDeviceCodeCallback).ExecuteAsync().Result; } else { result = _publicClientApp.AcquireTokenInteractive(_defaultScope).ExecuteAsync().Result; } } else { IAccount hint = _publicClientApp.GetAccountsAsync().Result.FirstOrDefault(); if (hint == null && !TokenCacheHelper.HasTokens) { throw new MsalUiRequiredException("unable to acquire token silently.", "no hint and no cached tokens."); } result = _publicClientApp.AcquireTokenSilent(_defaultScope, hint).ExecuteAsync().Result; } if (Scopes.Count > 0) { Log.Info($"adding scopes {Scopes.Count}"); result = _publicClientApp.AcquireTokenSilent(Scopes, _publicClientApp.GetAccountsAsync().Result.FirstOrDefault()).ExecuteAsync().Result; } AuthenticationResultToken = new AccessToken(result.AccessToken, result.ExpiresOn); return(true); }
public bool CreateConfidentialClient(string resource) { Log.Info($"enter: {resource}"); // no prompt with clientid and secret _confidentialClientApp = ConfidentialClientApplicationBuilder .CreateWithApplicationOptions(new ConfidentialClientApplicationOptions { ClientId = Config.AzureClientId, RedirectUri = resource, ClientSecret = Config.AzureClientSecret, TenantId = Config.AzureTenantId, ClientName = Config.AzureClientId }) .WithAuthority(AzureCloudInstance.AzurePublic, Config.AzureTenantId) .WithLogging(MsalLoggerCallback, LogLevel.Verbose, true, true) .Build(); if (Scopes.Count < 1) { Scopes = _defaultScope; } if (_instance.IsWindows) { TokenCacheHelper.EnableSerialization(_confidentialClientApp.AppTokenCache); } foreach (string scope in Scopes) { AuthenticationResult = _confidentialClientApp .AcquireTokenForClient(new List <string>() { scope }) .ExecuteAsync().Result; Log.Debug($"scope authentication result:", AuthenticationResult); } return(true); }
private void AddClientScopes(bool sendX5C = false) { if (Scopes.Count < 1) { Scopes = _defaultScope; } TokenCacheHelper.EnableSerialization(_confidentialClientApp.AppTokenCache); foreach (string scope in Scopes) { AuthenticationResult result = _confidentialClientApp .AcquireTokenForClient(new List <string>() { scope }) .WithSendX5C(sendX5C) .ExecuteAsync().Result; Log.Debug($"scope authentication result:", AuthenticationResultToken); AuthenticationResultToken = new AccessToken(result.AccessToken, result.ExpiresOn); } }
private void AddClientScopes() { if (Scopes.Count < 1) { Scopes = _defaultScope; } if (_instance.IsWindows) { TokenCacheHelper.EnableSerialization(_confidentialClientApp.AppTokenCache); } foreach (string scope in Scopes) { AuthenticationResult = _confidentialClientApp .AcquireTokenForClient(new List <string>() { scope }) .ExecuteAsync().Result; Log.Debug($"scope authentication result:", AuthenticationResult); } }
public bool Authenticate(bool throwOnError = false, string resource = ManagementAzureCom, bool prompt = false) { Log.Debug("azure ad:enter"); _resource = resource; if (_tokenExpirationHalfLife > DateTime.Now) { Log.Debug("token still valid"); return(false); } else if (!IsAuthenticated) { Log.Info("authenticating to azure", ConsoleColor.Green); } else { Log.Warning($"refreshing aad token. token expiration half life: {_tokenExpirationHalfLife}"); } try { if (string.IsNullOrEmpty(Config.AzureTenantId)) { Config.AzureTenantId = _commonTenantId; } if (Config.IsClientIdConfigured()) { // no prompt with clientid and secret _confidentialClientApp = ConfidentialClientApplicationBuilder .CreateWithApplicationOptions(new ConfidentialClientApplicationOptions { ClientId = Config.AzureClientId, RedirectUri = resource, ClientSecret = Config.AzureClientSecret, TenantId = Config.AzureTenantId, ClientName = Config.AzureClientId }) .WithAuthority(AzureCloudInstance.AzurePublic, Config.AzureTenantId) .WithLogging(MsalLoggerCallback, LogLevel.Verbose, true, true) .Build(); if (Scopes.Count < 1) { Scopes = _defaultScope; } foreach (string scope in Scopes) { TokenCacheHelper.EnableSerialization(_confidentialClientApp.AppTokenCache); AuthenticationResult = _confidentialClientApp .AcquireTokenForClient(new List <string>() { scope }) .ExecuteAsync().Result; Log.Debug($"scope authentication result:", AuthenticationResult); } } else { _publicClientApp = PublicClientApplicationBuilder .Create(_wellKnownClientId) .WithAuthority(AzureCloudInstance.AzurePublic, Config.AzureTenantId) .WithLogging(MsalLoggerCallback, LogLevel.Verbose, true, true) .WithDefaultRedirectUri() .Build(); TokenCacheHelper.EnableSerialization(_publicClientApp.UserTokenCache); AuthenticationResult = _publicClientApp .AcquireTokenSilent(_defaultScope, _publicClientApp.GetAccountsAsync().Result.FirstOrDefault()) .ExecuteAsync().Result; if (Scopes.Count > 0) { Log.Info($"adding scopes {Scopes.Count}"); AuthenticationResult = _publicClientApp .AcquireTokenSilent(Scopes, _publicClientApp.GetAccountsAsync().Result.FirstOrDefault()) .ExecuteAsync().Result; } } BearerToken = AuthenticationResult.AccessToken; long tickDiff = ((AuthenticationResult.ExpiresOn.ToLocalTime().Ticks - DateTime.Now.Ticks) / 2) + DateTime.Now.Ticks; _tokenExpirationHalfLife = new DateTimeOffset(new DateTime(tickDiff)); Log.Info($"authentication result:", ConsoleColor.Green, null, AuthenticationResult); Log.Highlight($"aad token expiration: {AuthenticationResult.ExpiresOn.ToLocalTime()}"); Log.Highlight($"aad token half life expiration: {_tokenExpirationHalfLife}"); _timer = new Timer(Reauthenticate, null, Convert.ToInt32((_tokenExpirationHalfLife - DateTime.Now).TotalMilliseconds), Timeout.Infinite); IsAuthenticated = true; return(true); } catch (MsalUiRequiredException) { if (!Config.IsClientIdConfigured()) { AuthenticationResult = _publicClientApp .AcquireTokenInteractive(_defaultScope) .ExecuteAsync().Result; return(Authenticate(throwOnError, resource, true)); } if (throwOnError) { throw; } IsAuthenticated = false; return(false); } catch (AggregateException ae) { Log.Exception($"aggregate exception:{ae}"); if (ae.GetBaseException() is MsalException) { MsalException me = ae.GetBaseException() as MsalException; Log.Exception($"msal exception:{me}"); if (me.ErrorCode.Contains("interaction_required") && !prompt) { return(Authenticate(throwOnError, resource, true)); } } return(false); } catch (Exception e) { Log.Exception($"{e}"); if (throwOnError) { throw; } IsAuthenticated = false; return(false); } }