public override Task <IAccessToken> Authenticate(AuthenticationParameters parameters, CancellationToken cancellationToken) { var deviceCodeParameters = parameters as DeviceCodeParameters; var tokenCacheProvider = parameters.TokenCacheProvider; var onPremise = parameters.Environment.OnPremise; //null instead of "organizations" should be passed to Azure.Identity to support MSA account var tenantId = onPremise ? AdfsTenant : (string.Equals(parameters.TenantId, OrganizationsTenant, StringComparison.OrdinalIgnoreCase) ? null : parameters.TenantId); var resource = parameters.Environment.GetEndpoint(parameters.ResourceId) ?? parameters.ResourceId; var scopes = AuthenticationHelpers.GetScope(onPremise, resource); var clientId = AuthenticationHelpers.PowerShellClientId; var authority = parameters.Environment.ActiveDirectoryAuthority; var requestContext = new TokenRequestContext(scopes); AzureSession.Instance.TryGetComponent(nameof(PowerShellTokenCache), out PowerShellTokenCache tokenCache); DeviceCodeCredentialOptions options = new DeviceCodeCredentialOptions() { DeviceCodeCallback = DeviceCodeFunc, AuthorityHost = new Uri(authority), ClientId = clientId, TenantId = onPremise ? tenantId : null, TokenCache = tokenCache.TokenCache, }; var codeCredential = new DeviceCodeCredential(options); var authTask = codeCredential.AuthenticateAsync(requestContext, cancellationToken); return(MsalAccessToken.GetAccessTokenAsync( authTask, codeCredential, requestContext, cancellationToken)); }
//MSAL doesn't cache Service Principal into msal.cache public override Task <IAccessToken> Authenticate(AuthenticationParameters parameters, CancellationToken cancellationToken) { var spParameters = parameters as ClientAssertionParameters; var onPremise = spParameters.Environment.OnPremise; var tenantId = onPremise ? AdfsTenant : (string.Equals(parameters.TenantId, OrganizationsTenant, StringComparison.OrdinalIgnoreCase) ? null : parameters.TenantId); var resource = spParameters.Environment.GetEndpoint(spParameters.ResourceId) ?? spParameters.ResourceId; var scopes = AuthenticationHelpers.GetScope(onPremise, resource); var authority = spParameters.Environment.ActiveDirectoryAuthority; var requestContext = new TokenRequestContext(scopes); AzureSession.Instance.TryGetComponent(nameof(AzureCredentialFactory), out AzureCredentialFactory azureCredentialFactory); TokenCredential tokenCredential = new ClientAssertionCredential(tenantId, spParameters.ClientId, spParameters.ClientAssertion.ConvertToString()); string parametersLog = $"- ClientId:'{spParameters.ClientId}', TenantId:'{tenantId}', ClientAssertion:'***' Scopes:'{string.Join(",", scopes)}'"; return(MsalAccessToken.GetAccessTokenAsync( nameof(ClientAssertionAuthenticator), parametersLog, tokenCredential, requestContext, cancellationToken, spParameters.TenantId, spParameters.ClientId)); }
public override Task <IAccessToken> Authenticate(AuthenticationParameters parameters, CancellationToken cancellationToken) { var silentParameters = parameters as SilentParameters; var onPremise = silentParameters.Environment.OnPremise; var tenantId = onPremise ? AdfsTenant : (string.Equals(parameters.TenantId, OrganizationsTenant, StringComparison.OrdinalIgnoreCase) ? null : parameters.TenantId); var resource = silentParameters.Environment.GetEndpoint(silentParameters.ResourceId) ?? silentParameters.ResourceId; var scopes = AuthenticationHelpers.GetScope(onPremise, resource); var authority = silentParameters.Environment.ActiveDirectoryAuthority; AzureSession.Instance.TryGetComponent(nameof(PowerShellTokenCache), out PowerShellTokenCache tokenCache); var options = new SharedTokenCacheCredentialOptions(tokenCache.TokenCache) { EnableGuestTenantAuthentication = true, ClientId = AuthenticationHelpers.PowerShellClientId, Username = silentParameters.UserId, AuthorityHost = new Uri(authority), TenantId = tenantId, }; var cacheCredential = new SharedTokenCacheCredential(options); var requestContext = new TokenRequestContext(scopes); var parametersLog = $"- TenantId:'{options.TenantId}', Scopes:'{string.Join(",", scopes)}', AuthorityHost:'{options.AuthorityHost}', UserId:'{silentParameters.UserId}'"; return(MsalAccessToken.GetAccessTokenAsync( nameof(SilentAuthenticator), parametersLog, cacheCredential, requestContext, cancellationToken, silentParameters.TenantId, silentParameters.UserId, silentParameters.HomeAccountId)); }
public override Task <IAccessToken> Authenticate(AuthenticationParameters parameters, CancellationToken cancellationToken) { var deviceCodeParameters = parameters as DeviceCodeParameters; var tokenCacheProvider = parameters.TokenCacheProvider; var onPremise = parameters.Environment.OnPremise; //null instead of "organizations" should be passed to Azure.Identity to support MSA account var tenantId = onPremise ? AdfsTenant : (string.Equals(parameters.TenantId, OrganizationsTenant, StringComparison.OrdinalIgnoreCase) ? null : parameters.TenantId); var resource = parameters.Environment.GetEndpoint(parameters.ResourceId) ?? parameters.ResourceId; var scopes = AuthenticationHelpers.GetScope(onPremise, resource); var clientId = AuthenticationHelpers.PowerShellClientId; var authority = parameters.Environment.ActiveDirectoryAuthority; var requestContext = new TokenRequestContext(scopes); DeviceCodeCredentialOptions options = new DeviceCodeCredentialOptions() { DeviceCodeCallback = DeviceCodeFunc, AuthorityHost = new Uri(authority), ClientId = clientId, TenantId = tenantId, TokenCachePersistenceOptions = tokenCacheProvider.GetTokenCachePersistenceOptions(), }; var codeCredential = new DeviceCodeCredential(options); TracingAdapter.Information($"{DateTime.Now:T} - [DeviceCodeAuthenticator] Calling DeviceCodeCredential.AuthenticateAsync - TenantId:'{options.TenantId}', Scopes:'{string.Join(",", scopes)}', AuthorityHost:'{options.AuthorityHost}'"); var authTask = codeCredential.AuthenticateAsync(requestContext, cancellationToken); return(MsalAccessToken.GetAccessTokenAsync( authTask, codeCredential, requestContext, cancellationToken)); }
public override Task <IAccessToken> Authenticate(AuthenticationParameters parameters, CancellationToken cancellationToken) { var interactiveParameters = parameters as InteractiveParameters; var onPremise = interactiveParameters.Environment.OnPremise; //null instead of "organizations" should be passed to Azure.Identity to support MSA account var tenantId = onPremise ? AdfsTenant : (string.Equals(parameters.TenantId, OrganizationsTenant, StringComparison.OrdinalIgnoreCase) ? null : parameters.TenantId); var tokenCacheProvider = interactiveParameters.TokenCacheProvider; var resource = interactiveParameters.Environment.GetEndpoint(interactiveParameters.ResourceId) ?? interactiveParameters.ResourceId; var scopes = AuthenticationHelpers.GetScope(onPremise, resource); var clientId = AuthenticationHelpers.PowerShellClientId; var requestContext = new TokenRequestContext(scopes); var authority = interactiveParameters.Environment.ActiveDirectoryAuthority; var options = new InteractiveBrowserCredentialOptions() { ClientId = clientId, TenantId = tenantId, TokenCachePersistenceOptions = tokenCacheProvider.GetTokenCachePersistenceOptions(), AuthorityHost = new Uri(authority), RedirectUri = GetReplyUrl(onPremise, interactiveParameters), LoginHint = interactiveParameters.UserId, }; var browserCredential = new InteractiveBrowserCredential(options); TracingAdapter.Information($"{DateTime.Now:T} - [InteractiveUserAuthenticator] Calling InteractiveBrowserCredential.AuthenticateAsync with TenantId:'{options.TenantId}', Scopes:'{string.Join(",", scopes)}', AuthorityHost:'{options.AuthorityHost}', RedirectUri:'{options.RedirectUri}'"); var authTask = browserCredential.AuthenticateAsync(requestContext, cancellationToken); return(MsalAccessToken.GetAccessTokenAsync( authTask, browserCredential, requestContext, cancellationToken)); }
//MSAL doesn't cache Service Principal into msal.cache public override Task <IAccessToken> Authenticate(AuthenticationParameters parameters, CancellationToken cancellationToken) { var spParameters = parameters as ServicePrincipalParameters; var onPremise = spParameters.Environment.OnPremise; var tenantId = onPremise ? AdfsTenant : (string.Equals(parameters.TenantId, OrganizationsTenant, StringComparison.OrdinalIgnoreCase) ? null : parameters.TenantId); var resource = spParameters.Environment.GetEndpoint(spParameters.ResourceId) ?? spParameters.ResourceId; var scopes = AuthenticationHelpers.GetScope(onPremise, resource); var clientId = spParameters.ApplicationId; var authority = spParameters.Environment.ActiveDirectoryAuthority; var requestContext = new TokenRequestContext(scopes); var options = new ClientCertificateCredentialOptions() { AuthorityHost = new Uri(authority) }; if (!string.IsNullOrEmpty(spParameters.Thumbprint)) { //Service Principal with Certificate ClientCertificateCredential certCredential; if (!ClientCertCredentialMap.TryGetValue(spParameters.ApplicationId, out certCredential)) { //first time login var certificate = AzureSession.Instance.DataStore.GetCertificate(spParameters.Thumbprint); certCredential = new ClientCertificateCredential(tenantId, spParameters.ApplicationId, certificate, options); var tokenTask = certCredential.GetTokenAsync(requestContext, cancellationToken); return(MsalAccessToken.GetAccessTokenAsync(tokenTask, () => { ClientCertCredentialMap[spParameters.ApplicationId] = certCredential; }, spParameters.TenantId, spParameters.ApplicationId)); } else { var tokenTask = certCredential.GetTokenAsync(requestContext, cancellationToken); return(MsalAccessToken.GetAccessTokenAsync(tokenTask, spParameters.TenantId, spParameters.ApplicationId)); } } else if (spParameters.Secret != null) { // service principal with secret var secretCredential = new ClientSecretCredential(tenantId, spParameters.ApplicationId, spParameters.Secret.ConvertToString(), options); var tokenTask = secretCredential.GetTokenAsync(requestContext, cancellationToken); return(MsalAccessToken.GetAccessTokenAsync( tokenTask, spParameters.TenantId, spParameters.ApplicationId)); } else { throw new MsalException(MsalError.AuthenticationFailed, string.Format(AuthenticationFailedMessage, clientId)); } }
//MSAL doesn't cache Service Principal into msal.cache public override Task <IAccessToken> Authenticate(AuthenticationParameters parameters, CancellationToken cancellationToken) { var spParameters = parameters as ServicePrincipalParameters; var onPremise = spParameters.Environment.OnPremise; var tenantId = onPremise ? AdfsTenant : (string.Equals(parameters.TenantId, OrganizationsTenant, StringComparison.OrdinalIgnoreCase) ? null : parameters.TenantId); var resource = spParameters.Environment.GetEndpoint(spParameters.ResourceId) ?? spParameters.ResourceId; var scopes = AuthenticationHelpers.GetScope(onPremise, resource); var clientId = spParameters.ApplicationId; var authority = spParameters.Environment.ActiveDirectoryAuthority; var requestContext = new TokenRequestContext(scopes); var options = new ClientCertificateCredentialOptions() { AuthorityHost = new Uri(authority), SendCertificateChain = spParameters.SendCertificateChain ?? default(bool) }; if (!string.IsNullOrEmpty(spParameters.Thumbprint)) { //Service Principal with Certificate var certificate = AzureSession.Instance.DataStore.GetCertificate(spParameters.Thumbprint); ClientCertificateCredential certCredential = new ClientCertificateCredential(tenantId, spParameters.ApplicationId, certificate, options); var parametersLog = $"- Thumbprint:'{spParameters.Thumbprint}', ApplicationId:'{spParameters.ApplicationId}', TenantId:'{tenantId}', Scopes:'{string.Join(",", scopes)}', AuthorityHost:'{options.AuthorityHost}'"; return(MsalAccessToken.GetAccessTokenAsync( nameof(ServicePrincipalAuthenticator), parametersLog, certCredential, requestContext, cancellationToken, spParameters.TenantId, spParameters.ApplicationId)); } else if (spParameters.Secret != null) { // service principal with secret var secretCredential = new ClientSecretCredential(tenantId, spParameters.ApplicationId, spParameters.Secret.ConvertToString(), options); var parametersLog = $"- ApplicationId:'{spParameters.ApplicationId}', TenantId:'{tenantId}', Scopes:'{string.Join(",", scopes)}', AuthorityHost:'{options.AuthorityHost}'"; return(MsalAccessToken.GetAccessTokenAsync( nameof(ServicePrincipalAuthenticator), parametersLog, secretCredential, requestContext, cancellationToken, spParameters.TenantId, spParameters.ApplicationId)); } else { throw new MsalException(MsalError.AuthenticationFailed, string.Format(AuthenticationFailedMessage, clientId)); } }
public override Task <IAccessToken> Authenticate(AuthenticationParameters parameters, CancellationToken cancellationToken) { var upParameters = parameters as UsernamePasswordParameters; var onPremise = upParameters.Environment.OnPremise; var tenantId = onPremise ? AdfsTenant : upParameters.TenantId; //Is user name + password valid in Adfs env? var tokenCacheProvider = upParameters.TokenCacheProvider; var resource = upParameters.Environment.GetEndpoint(upParameters.ResourceId) ?? upParameters.ResourceId; var scopes = AuthenticationHelpers.GetScope(onPremise, resource); var clientId = AuthenticationHelpers.PowerShellClientId; var authority = upParameters.Environment.ActiveDirectoryAuthority; var requestContext = new TokenRequestContext(scopes); UsernamePasswordCredential passwordCredential; AzureSession.Instance.TryGetComponent(nameof(PowerShellTokenCache), out PowerShellTokenCache tokenCache); var credentialOptions = new UsernamePasswordCredentialOptions() { AuthorityHost = new Uri(authority), TokenCache = tokenCache.TokenCache }; if (upParameters.Password != null) { passwordCredential = new UsernamePasswordCredential(upParameters.UserId, upParameters.Password.ConvertToString(), tenantId, clientId, credentialOptions); TracingAdapter.Information($"{DateTime.Now:T} - [UsernamePasswordAuthenticator] Calling UsernamePasswordCredential.AuthenticateAsync - TenantId:'{tenantId}', Scopes:'{string.Join(",", scopes)}', AuthorityHost:'{authority}', UserId:'{upParameters.UserId}'"); var authTask = passwordCredential.AuthenticateAsync(requestContext, cancellationToken); return(MsalAccessToken.GetAccessTokenAsync( authTask, passwordCredential, requestContext, cancellationToken)); } else { throw new InvalidOperationException(Resources.MissingPasswordAndNoCache); } }
public override Task <IAccessToken> Authenticate(AuthenticationParameters parameters, CancellationToken cancellationToken) { var interactiveParameters = parameters as InteractiveParameters; var onPremise = interactiveParameters.Environment.OnPremise; //null instead of "organizations" should be passed to Azure.Identity to support MSA account var tenantId = onPremise ? AdfsTenant : (string.Equals(parameters.TenantId, OrganizationsTenant, StringComparison.OrdinalIgnoreCase) ? null : parameters.TenantId); var tokenCacheProvider = interactiveParameters.TokenCacheProvider; var resource = interactiveParameters.Environment.GetEndpoint(interactiveParameters.ResourceId) ?? interactiveParameters.ResourceId; var scopes = AuthenticationHelpers.GetScope(onPremise, resource); var clientId = AuthenticationHelpers.PowerShellClientId; var requestContext = new TokenRequestContext(scopes); var authority = interactiveParameters.Environment.ActiveDirectoryAuthority; AzureSession.Instance.TryGetComponent(nameof(PowerShellTokenCache), out PowerShellTokenCache tokenCache); var options = new InteractiveBrowserCredentialOptions() { ClientId = clientId, TenantId = tenantId, TokenCache = tokenCache.TokenCache, AuthorityHost = new Uri(authority), RedirectUri = GetReplyUrl(onPremise, interactiveParameters), }; var browserCredential = new InteractiveBrowserCredential(options); var source = new CancellationTokenSource(); source.CancelAfter(TimeSpan.FromMinutes(5)); var authTask = browserCredential.AuthenticateAsync(requestContext, source.Token); return(MsalAccessToken.GetAccessTokenAsync( authTask, browserCredential, requestContext, source.Token)); }