private async Task <IdentityToken> TryAuthenticateAsync(JwtTokenExtractor toBotFromChannelExtractor,
JwtTokenExtractor toBotFromEmulatorExtractor,
string scheme,
string token,
CancellationToken cancellationToken)
{
// then auth is disabled
if (await this.credentialProvider.IsAuthenticationDisabledAsync())
{
return(new IdentityToken(true, null));
}
ClaimsIdentity identity = null;
string appId = null;
identity = await toBotFromChannelExtractor.GetIdentityAsync(scheme, token);
if (identity != null)
{
appId = toBotFromChannelExtractor.GetAppIdFromClaimsIdentity(identity);
}
// No identity? If we're allowed to, fall back to MSA
// This code path is used by the emulator
if (identity == null && !this.disableEmulatorTokens)
{
identity = await toBotFromEmulatorExtractor.GetIdentityAsync(scheme, token);
if (identity != null)
{
appId = toBotFromEmulatorExtractor.GetAppIdFromEmulatorClaimsIdentity(identity);
}
}
if (identity != null)
{
if (await credentialProvider.IsValidAppIdAsync(appId) == false) // keep context
{
// not valid appid, drop the identity
identity = null;
}
else
{
var password = await credentialProvider.GetAppPasswordAsync(appId); // Keep context
if (password != null)
{
// add password as claim so that it is part of ClaimsIdentity and accessible by ConnectorClient()
identity.AddClaim(new Claim(ClaimsIdentityEx.AppPasswordClaim, password));
}
}
}
if (identity != null)
{
return(new IdentityToken(true, identity));
}
return(new IdentityToken(false, null));
}
internal async Task <IdentityToken> TryAuthenticateAsync(HttpRequestMessage request,
CancellationToken token)
{
// then auth is disabled
if (await this.credentialProvider.IsAuthenticationDisabledAsync())
{
return(new IdentityToken(true, null));
}
ClaimsIdentity identity = null;
string appId = null;
var tokenExtractor = GetTokenExtractor();
// Try to get identity from token as issued by channel
identity = await tokenExtractor.GetIdentityAsync(request);
if (identity != null)
{
appId = tokenExtractor.GetAppIdFromClaimsIdentity(identity);
}
// No identity? If we're allowed to, fall back to emulator path
if (identity == null && !this.disableEmulatorTokens)
{
tokenExtractor = new JwtTokenExtractor(JwtConfig.ToBotFromEmulatorTokenValidationParameters, JwtConfig.ToBotFromEmulatorOpenIdMetadataUrl);
identity = await tokenExtractor.GetIdentityAsync(request);
if (identity != null)
{
appId = tokenExtractor.GetAppIdFromEmulatorClaimsIdentity(identity);
}
}
if (identity != null)
{
if (await credentialProvider.IsValidAppIdAsync(appId) == false) // keep context
{
// not valid appid, drop the identity
identity = null;
}
else
{
var password = await credentialProvider.GetAppPasswordAsync(appId); // Keep context
if (password != null)
{
// add password as claim so that it is part of ClaimsIdentity and accessible by ConnectorClient()
identity.AddClaim(new Claim(ClaimsIdentityEx.AppPasswordClaim, password));
}
}
}
if (identity != null)
{
Thread.CurrentPrincipal = new ClaimsPrincipal(identity);
// Inside of ASP.NET this is required
if (HttpContext.Current != null)
{
HttpContext.Current.User = Thread.CurrentPrincipal;
}
return(new IdentityToken(true, identity));
}
return(new IdentityToken(false, null));
}