public async Task <AuthenticationResult> RunAsync(CancellationToken cancellationToken = default) { Stopwatch sw = Stopwatch.StartNew(); ApiEvent apiEvent = InitializeApiEvent(AuthenticationRequestParameters.Account?.HomeAccountId?.Identifier); AuthenticationRequestParameters.RequestContext.ApiEvent = apiEvent; try { using (AuthenticationRequestParameters.RequestContext.CreateTelemetryHelper(apiEvent)) { try { AuthenticationRequestParameters.LogParameters(); LogRequestStarted(AuthenticationRequestParameters); AuthenticationResult authenticationResult = await ExecuteAsync(cancellationToken).ConfigureAwait(false); LogReturnedToken(authenticationResult); apiEvent.TenantId = authenticationResult.TenantId; apiEvent.AccountId = authenticationResult.UniqueId; apiEvent.WasSuccessful = true; authenticationResult.AuthenticationResultMetadata.DurationTotalInMs = sw.ElapsedMilliseconds; authenticationResult.AuthenticationResultMetadata.DurationInHttpInMs = apiEvent.DurationInHttpInMs; authenticationResult.AuthenticationResultMetadata.DurationInCacheInMs = apiEvent.DurationInCacheInMs; Metrics.IncrementTotalDurationInMs(authenticationResult.AuthenticationResultMetadata.DurationTotalInMs); return(authenticationResult); } catch (MsalException ex) { apiEvent.ApiErrorCode = ex.ErrorCode; AuthenticationRequestParameters.RequestContext.Logger.ErrorPii(ex); throw; } catch (Exception ex) { AuthenticationRequestParameters.RequestContext.Logger.ErrorPii(ex); throw; } } } finally { ServiceBundle.MatsTelemetryManager.Flush(AuthenticationRequestParameters.RequestContext.CorrelationId.AsMatsCorrelationId()); } }
protected RequestBase( IServiceBundle serviceBundle, AuthenticationRequestParameters authenticationRequestParameters, IAcquireTokenParameters acquireTokenParameters) { ServiceBundle = serviceBundle; AuthenticationRequestParameters = authenticationRequestParameters; if (authenticationRequestParameters.Scope == null || authenticationRequestParameters.Scope.Count == 0) { throw new ArgumentNullException(nameof(authenticationRequestParameters.Scope)); } ValidateScopeInput(authenticationRequestParameters.Scope); acquireTokenParameters.LogParameters(AuthenticationRequestParameters.RequestContext.Logger); }
public AuthCodeExchangeComponent( AuthenticationRequestParameters requestParams, AcquireTokenInteractiveParameters interactiveParameters, string authorizationCode, string pkceCodeVerifier, string clientInfo) { _requestParams = requestParams ?? throw new ArgumentNullException(nameof(requestParams)); _interactiveParameters = interactiveParameters ?? throw new ArgumentNullException(nameof(interactiveParameters)); _authorizationCode = authorizationCode ?? throw new ArgumentNullException(nameof(authorizationCode)); _pkceCodeVerifier = pkceCodeVerifier ?? throw new ArgumentNullException(nameof(pkceCodeVerifier)); _clientInfo = clientInfo; _tokenClient = new TokenClient(requestParams); _interactiveParameters.LogParameters(requestParams.RequestContext.Logger); }
public AuthorizationCodeRequest(AuthenticationRequestParameters authenticationRequestParameters) : base(authenticationRequestParameters) { if (string.IsNullOrWhiteSpace(authenticationRequestParameters.AuthorizationCode)) { throw new ArgumentNullException(nameof(authenticationRequestParameters.AuthorizationCode)); } PlatformPlugin.PlatformInformation.ValidateRedirectUri(authenticationRequestParameters.RedirectUri, AuthenticationRequestParameters.RequestContext); if (!string.IsNullOrWhiteSpace(authenticationRequestParameters.RedirectUri.Fragment)) { throw new ArgumentException(MsalErrorMessage.RedirectUriContainsFragment, nameof(authenticationRequestParameters.RedirectUri)); } LoadFromCache = false; }
public InteractiveRequest( IServiceBundle serviceBundle, AuthenticationRequestParameters authenticationRequestParameters, ApiEvent.ApiIds apiId, IEnumerable <string> extraScopesToConsent, UIBehavior uiBehavior, IWebUI webUi) : this( serviceBundle, authenticationRequestParameters, apiId, extraScopesToConsent, authenticationRequestParameters.Account?.Username, uiBehavior, webUi) { }
public NonInteractiveRegisterAccountRequest( IServiceBundle serviceBundle, AuthenticationRequestParameters authenticationRequestParameters, ApiEvent.ApiIds apiId, IEnumerable <string> extraScopesToConsent, UIBehavior uiBehavior, IWebUI webUi, string email) : base( serviceBundle, authenticationRequestParameters, apiId, extraScopesToConsent, uiBehavior, webUi) { Init(email); }
public InteractiveRequest( AuthenticationRequestParameters requestParams, AcquireTokenInteractiveParameters interactiveParameters, /* for test */ IAuthCodeRequestComponent authCodeRequestComponentOverride = null, /* for test */ ITokenRequestComponent authCodeExchangeComponentOverride = null, /* for test */ ITokenRequestComponent brokerExchangeComponentOverride = null) : base(requestParams?.RequestContext?.ServiceBundle, requestParams, interactiveParameters) { _requestParams = requestParams ?? throw new ArgumentNullException(nameof(requestParams)); _interactiveParameters = interactiveParameters ?? throw new ArgumentNullException(nameof(interactiveParameters)); _authCodeRequestComponentOverride = authCodeRequestComponentOverride; _authCodeExchangeComponentOverride = authCodeExchangeComponentOverride; _brokerInteractiveComponent = brokerExchangeComponentOverride; _serviceBundle = requestParams.RequestContext.ServiceBundle; _logger = requestParams.RequestContext.Logger; }
public async Task <AuthenticationResult> RunAsync(CancellationToken cancellationToken = default) { ApiEvent apiEvent = InitializeApiEvent(AuthenticationRequestParameters.Account?.HomeAccountId?.Identifier); AuthenticationRequestParameters.RequestContext.ApiEvent = apiEvent; try { using (AuthenticationRequestParameters.RequestContext.CreateTelemetryHelper(apiEvent)) { try { await PreRunAsync().ConfigureAwait(false); AuthenticationRequestParameters.LogParameters(); LogRequestStarted(AuthenticationRequestParameters); AuthenticationResult authenticationResult = await ExecuteAsync(cancellationToken).ConfigureAwait(false); LogReturnedToken(authenticationResult); apiEvent.TenantId = authenticationResult.TenantId; apiEvent.AccountId = authenticationResult.UniqueId; apiEvent.WasSuccessful = true; return(authenticationResult); } catch (MsalException ex) { apiEvent.ApiErrorCode = ex.ErrorCode; AuthenticationRequestParameters.RequestContext.Logger.ErrorPii(ex); throw; } catch (Exception ex) { AuthenticationRequestParameters.RequestContext.Logger.ErrorPii(ex); throw; } } } finally { ServiceBundle.MatsTelemetryManager.Flush(AuthenticationRequestParameters.RequestContext.CorrelationId.AsMatsCorrelationId()); } }
public NonInteractiveLoginRequest( IServiceBundle serviceBundle, AuthenticationRequestParameters authenticationRequestParameters, ApiEvent.ApiIds apiId, IEnumerable <string> extraScopesToConsent, UIBehavior uiBehavior, IWebUI webUi, string userName, string password) : base( serviceBundle, authenticationRequestParameters, apiId, extraScopesToConsent, uiBehavior, webUi) { Init(userName, password); }
private void LogRequestStarted(AuthenticationRequestParameters authenticationRequestParameters) { if (authenticationRequestParameters.RequestContext.Logger.IsLoggingEnabled(LogLevel.Info)) { int appHashCode = authenticationRequestParameters.AppConfig.GetHashCode(); string scopes = authenticationRequestParameters.Scope.AsSingleString(); string messageWithPii = string.Format( CultureInfo.InvariantCulture, "=== Token Acquisition ({3}) started:\n\tAuthority: {0}\n\tScope: {1}\n\tClientId: {2}\n\tAppHashCode: {4}", authenticationRequestParameters.AuthorityInfo?.CanonicalAuthority, scopes, authenticationRequestParameters.AppConfig.ClientId, GetType().Name, appHashCode); string messageWithoutPii = string.Format( CultureInfo.InvariantCulture, "=== Token Acquisition ({0}) started:\n\t Scopes: {1} AppHashCode: {2}", GetType().Name, scopes, appHashCode); if (authenticationRequestParameters.AuthorityInfo != null && KnownMetadataProvider.IsKnownEnvironment(authenticationRequestParameters.AuthorityInfo?.Host)) { messageWithoutPii += string.Format( CultureInfo.CurrentCulture, "\n\tAuthority Host: {0}", authenticationRequestParameters.AuthorityInfo?.Host); } authenticationRequestParameters.RequestContext.Logger.InfoPii(messageWithPii, messageWithoutPii); } if (authenticationRequestParameters.IsConfidentialClient && !CacheManager.TokenCacheInternal.IsTokenCacheSerialized()) { authenticationRequestParameters.RequestContext.Logger.Error("The default token cache provided by MSAL is not designed to be performant when used in confidential client applications. Please use token cache serialization. See https://aka.ms/msal-net-cca-token-cache-serialization."); } }
private void LogRequestStarted(AuthenticationRequestParameters authenticationRequestParameters) { if (authenticationRequestParameters.RequestContext.Logger.IsLoggingEnabled(LogLevel.Info)) { string scopes = authenticationRequestParameters.Scope.AsSingleString(); string messageWithPii = string.Format( CultureInfo.InvariantCulture, "=== Token Acquisition ({3}) started:\n\tAuthority: {0}\n\tScope: {1}\n\tClientId: {2}\n\t", authenticationRequestParameters.AuthorityInfo?.CanonicalAuthority, scopes, authenticationRequestParameters.AppConfig.ClientId, GetType().Name); string messageWithoutPii = string.Format( CultureInfo.InvariantCulture, "=== Token Acquisition ({0}) started:\n\t Scopes: {1}", GetType().Name, scopes); if (authenticationRequestParameters.AuthorityInfo != null && KnownMetadataProvider.IsKnownEnvironment(authenticationRequestParameters.AuthorityInfo?.Host)) { messageWithoutPii += string.Format( CultureInfo.CurrentCulture, "\n\tAuthority Host: {0}", authenticationRequestParameters.AuthorityInfo?.Host); } authenticationRequestParameters.RequestContext.Logger.InfoPii(messageWithPii, messageWithoutPii); } if (authenticationRequestParameters.IsConfidentialClient && !authenticationRequestParameters.IsClientCredentialRequest && !CacheManager.TokenCacheInternal.IsAppSubscribedToSerializationEvents()) { authenticationRequestParameters.RequestContext.Logger.Warning( "Only in-memory caching is used. The cache is not persisted and will be lost if the machine is restarted. It also does not scale for a web app or web API, where the number of users can grow large. In production, web apps and web APIs should use distributed caching like Redis. See https://aka.ms/msal-net-cca-token-cache-serialization"); } }
public InteractiveRequest(AuthenticationRequestParameters authenticationRequestParameters, string[] additionalScope, string loginHint, UiOptions?uiOptions, IWebUI webUI) : base(authenticationRequestParameters) { PlatformPlugin.PlatformInformation.ValidateRedirectUri(authenticationRequestParameters.RedirectUri, this.CallState); if (!string.IsNullOrWhiteSpace(authenticationRequestParameters.RedirectUri.Fragment)) { throw new ArgumentException(MsalErrorMessage.RedirectUriContainsFragment, "redirectUri"); } _additionalScope = new SortedSet <string>(); if (!MsalHelpers.IsNullOrEmpty(additionalScope)) { this._additionalScope = additionalScope.CreateSetFromArray(); } ValidateScopeInput(this._additionalScope); authenticationRequestParameters.LoginHint = loginHint; if (!string.IsNullOrWhiteSpace(authenticationRequestParameters.ExtraQueryParameters) && authenticationRequestParameters.ExtraQueryParameters[0] == '&') { authenticationRequestParameters.ExtraQueryParameters = authenticationRequestParameters.ExtraQueryParameters.Substring(1); } this._webUi = webUI; this._uiOptions = uiOptions; this.LoadFromCache = false; //no cache lookup and refresh for interactive. if (string.IsNullOrWhiteSpace(loginHint) && _uiOptions == UiOptions.ActAsCurrentUser) { throw new ArgumentException(MsalErrorMessage.LoginHintNullForUiOption, "loginHint"); } PlatformPlugin.BrokerHelper.PlatformParameters = authenticationRequestParameters.PlatformParameters; }
protected RequestBase(AuthenticationRequestParameters authenticationRequestParameters) { TokenCache = authenticationRequestParameters.TokenCache; // Log contains Pii authenticationRequestParameters.RequestContext.Logger.InfoPii(string.Format(CultureInfo.InvariantCulture, "=== Token Acquisition ({4}) started:\n\tAuthority: {0}\n\tScope: {1}\n\tClientId: {2}\n\tCache Provided: {3}", authenticationRequestParameters?.Authority?.CanonicalAuthority, authenticationRequestParameters.Scope.AsSingleString(), authenticationRequestParameters.ClientId, TokenCache != null, this.GetType().Name)); // Log does not contain Pii var msg = string.Format(CultureInfo.InvariantCulture, "=== Token Acquisition ({1}) started:\n\tCache Provided: {0}", TokenCache != null, this.GetType().Name); if (authenticationRequestParameters.Authority != null && AadAuthority.IsInTrustedHostList(authenticationRequestParameters.Authority.Host)) { msg += string.Format(CultureInfo.CurrentCulture, "\n\tAuthority Host: {0}", authenticationRequestParameters.Authority.Host); } authenticationRequestParameters.RequestContext.Logger.Info(msg); AuthenticationRequestParameters = authenticationRequestParameters; if (authenticationRequestParameters.Scope == null || authenticationRequestParameters.Scope.Count == 0) { throw new ArgumentNullException(nameof(authenticationRequestParameters.Scope)); } ValidateScopeInput(authenticationRequestParameters.Scope); LoadFromCache = (TokenCache != null); StoreToCache = (TokenCache != null); SupportADFS = false; AuthenticationRequestParameters.LogState(); Client.Telemetry.GetInstance().ClientId = AuthenticationRequestParameters.ClientId; }
public InteractiveRequest( IServiceBundle serviceBundle, AuthenticationRequestParameters authenticationRequestParameters, AcquireTokenInteractiveParameters interactiveParameters, IWebUI webUi) : base(serviceBundle, authenticationRequestParameters, interactiveParameters) { _webUi = webUi; // can be null just to generate the authorization uri _interactiveParameters = interactiveParameters; RedirectUriHelper.Validate(authenticationRequestParameters.RedirectUri); // todo(migration): can't this just come directly from interactive parameters instead of needing do to this? _extraScopesToConsent = new SortedSet <string>(); if (!_interactiveParameters.ExtraScopesToConsent.IsNullOrEmpty()) { _extraScopesToConsent = ScopeHelper.CreateSortedSetFromEnumerable(_interactiveParameters.ExtraScopesToConsent); } ValidateScopeInput(_extraScopesToConsent); _interactiveParameters.LogParameters(authenticationRequestParameters.RequestContext.Logger); }
public InteractiveRequest(AuthenticationRequestParameters authenticationRequestParameters, IEnumerable <string> extraScopesToConsent, string loginHint, UIBehavior UIBehavior, IWebUI webUI) : base(authenticationRequestParameters) { PlatformPlugin.PlatformInformation.ValidateRedirectUri(authenticationRequestParameters.RedirectUri, authenticationRequestParameters.RequestContext); if (!string.IsNullOrWhiteSpace(authenticationRequestParameters.RedirectUri.Fragment)) { throw new ArgumentException(MsalErrorMessage.RedirectUriContainsFragment, nameof(authenticationRequestParameters.RedirectUri)); } _extraScopesToConsent = new SortedSet <string>(); if (!MsalHelpers.IsNullOrEmpty(extraScopesToConsent)) { _extraScopesToConsent = extraScopesToConsent.CreateSetFromEnumerable(); } ValidateScopeInput(_extraScopesToConsent); authenticationRequestParameters.LoginHint = loginHint; if (!string.IsNullOrWhiteSpace(authenticationRequestParameters.ExtraQueryParameters) && authenticationRequestParameters.ExtraQueryParameters[0] == '&') { authenticationRequestParameters.ExtraQueryParameters = authenticationRequestParameters.ExtraQueryParameters.Substring(1); } _webUi = webUI; _UIBehavior = UIBehavior; LoadFromCache = false; //no cache lookup and refresh for interactive. var msg = "Additional scopes - " + _extraScopesToConsent.AsSingleString() + ";" + "UIBehavior - " + _UIBehavior.PromptValue; AuthenticationRequestParameters.RequestContext.Logger.Info(msg); AuthenticationRequestParameters.RequestContext.Logger.InfoPii(msg); }
public async Task <AuthenticationResult> RunAsync(CancellationToken cancellationToken = default) { Stopwatch sw = Stopwatch.StartNew(); ApiEvent apiEvent = InitializeApiEvent(AuthenticationRequestParameters.Account?.HomeAccountId?.Identifier); AuthenticationRequestParameters.RequestContext.ApiEvent = apiEvent; using (AuthenticationRequestParameters.RequestContext.CreateTelemetryHelper(apiEvent)) { try { AuthenticationRequestParameters.LogParameters(); LogRequestStarted(AuthenticationRequestParameters); AuthenticationResult authenticationResult = await ExecuteAsync(cancellationToken).ConfigureAwait(false); LogReturnedToken(authenticationResult); UpdateTelemetry(sw, apiEvent, authenticationResult); LogMetricsFromAuthResult(authenticationResult, AuthenticationRequestParameters.RequestContext.Logger); return(authenticationResult); } catch (MsalException ex) { apiEvent.ApiErrorCode = ex.ErrorCode; AuthenticationRequestParameters.RequestContext.Logger.ErrorPii(ex); throw; } catch (Exception ex) { AuthenticationRequestParameters.RequestContext.Logger.ErrorPii(ex); throw; } } }
public ClientCredentialRequest(AuthenticationRequestParameters authenticationRequestParameters) : base(authenticationRequestParameters) { }
public ClientCredentialRequest(AuthenticationRequestParameters authenticationRequestParameters, bool forceRefresh) : base(authenticationRequestParameters) { ForceRefresh = forceRefresh; }