/// <summary> /// Creates an MSAL Confidential client application. /// </summary> private async Task <IConfidentialClientApplication> BuildConfidentialClientApplicationAsync() { if (!_applicationOptions.Instance.EndsWith("/", StringComparison.InvariantCulture)) { _applicationOptions.Instance += "/"; } string authority; IConfidentialClientApplication app; MicrosoftIdentityOptionsValidation microsoftIdentityOptionsValidation = new MicrosoftIdentityOptionsValidation(); if (microsoftIdentityOptionsValidation.ValidateClientSecret(_applicationOptions).Failed) { string msg = string.Format(CultureInfo.InvariantCulture, "Client secret cannot be null or whitespace, " + "and must be included in the configuration of the web app when calling a web API. " + "For instance, in the appsettings.json file. "); _logger.LogInformation(msg); throw new MsalClientException( "missing_client_credentials", msg); } try { var builder = ConfidentialClientApplicationBuilder .CreateWithApplicationOptions(_applicationOptions) .WithRedirectUri(CreateRedirectUri()) .WithHttpClientFactory(_httpClientFactory); if (_microsoftIdentityOptions.IsB2C) { authority = $"{ _applicationOptions.Instance}tfp/{_microsoftIdentityOptions.Domain}/{_microsoftIdentityOptions.DefaultUserFlow}"; builder.WithB2CAuthority(authority); app = builder.Build(); } else { authority = $"{ _applicationOptions.Instance}{_applicationOptions.TenantId}/"; builder.WithAuthority(authority); app = builder.Build(); } // Initialize token cache providers await _tokenCacheProvider.InitializeAsync(app.AppTokenCache).ConfigureAwait(false); await _tokenCacheProvider.InitializeAsync(app.UserTokenCache).ConfigureAwait(false); return(app); } catch (Exception ex) { _logger.LogInformation( ex, string.Format(CultureInfo.InvariantCulture, "Exception acquiring token for a confidential client. ")); throw; } }
/// <summary> /// Creates an MSAL Confidential client application. /// </summary> private async Task <IConfidentialClientApplication> BuildConfidentialClientApplicationAsync() { if (!_applicationOptions.Instance.EndsWith("/", StringComparison.InvariantCulture)) { _applicationOptions.Instance += "/"; } string authority; IConfidentialClientApplication app; MicrosoftIdentityOptionsValidation microsoftIdentityOptionsValidation = new MicrosoftIdentityOptionsValidation(); microsoftIdentityOptionsValidation.ValidateEitherClientCertificateOrClientSecret( _applicationOptions.ClientSecret, _microsoftIdentityOptions.ClientCertificates); try { var builder = ConfidentialClientApplicationBuilder .CreateWithApplicationOptions(_applicationOptions) .WithRedirectUri(CreateRedirectUri()) .WithHttpClientFactory(_httpClientFactory); if (_microsoftIdentityOptions.IsB2C) { authority = $"{_applicationOptions.Instance}tfp/{_microsoftIdentityOptions.Domain}/{_microsoftIdentityOptions.DefaultUserFlow}"; builder.WithB2CAuthority(authority); } else { authority = $"{_applicationOptions.Instance}{_applicationOptions.TenantId}/"; builder.WithAuthority(authority); } if (_microsoftIdentityOptions.ClientCertificates != null) { X509Certificate2 certificate = DefaultCertificateLoader.LoadFirstCertificate(_microsoftIdentityOptions.ClientCertificates); builder.WithCertificate(certificate); } app = builder.Build(); // Initialize token cache providers await _tokenCacheProvider.InitializeAsync(app.AppTokenCache).ConfigureAwait(false); await _tokenCacheProvider.InitializeAsync(app.UserTokenCache).ConfigureAwait(false); return(app); } catch (Exception ex) { _logger.LogInformation( ex, string.Format( CultureInfo.InvariantCulture, "Exception acquiring token for a confidential client. ")); throw; } }
/// <summary> /// Creates an MSAL confidential client application. /// </summary> private async Task <IConfidentialClientApplication> BuildConfidentialClientApplicationAsync() { var request = CurrentHttpContext?.Request; string?currentUri = null; if (!string.IsNullOrEmpty(_applicationOptions.RedirectUri)) { currentUri = _applicationOptions.RedirectUri; } if (request != null && string.IsNullOrEmpty(currentUri)) { currentUri = UriHelper.BuildAbsolute( request.Scheme, request.Host, request.PathBase, _microsoftIdentityOptions.CallbackPath.Value ?? string.Empty); } PrepareAuthorityInstanceForMsal(); MicrosoftIdentityOptionsValidation.ValidateEitherClientCertificateOrClientSecret( _applicationOptions.ClientSecret, _microsoftIdentityOptions.ClientCertificates); try { var builder = ConfidentialClientApplicationBuilder .CreateWithApplicationOptions(_applicationOptions) .WithHttpClientFactory(_httpClientFactory) .WithLogging( Log, ConvertMicrosoftExtensionsLogLevelToMsal(_logger), enablePiiLogging: _applicationOptions.EnablePiiLogging); // The redirect URI is not needed for OBO if (!string.IsNullOrEmpty(currentUri)) { builder.WithRedirectUri(currentUri); } string authority; if (_microsoftIdentityOptions.IsB2C) { authority = $"{_applicationOptions.Instance}{ClaimConstants.Tfp}/{_microsoftIdentityOptions.Domain}/{_microsoftIdentityOptions.DefaultUserFlow}"; builder.WithB2CAuthority(authority); } else { authority = $"{_applicationOptions.Instance}{_applicationOptions.TenantId}/"; builder.WithAuthority(authority); } if (_microsoftIdentityOptions.ClientCertificates != null) { X509Certificate2?certificate = DefaultCertificateLoader.LoadFirstCertificate(_microsoftIdentityOptions.ClientCertificates); builder.WithCertificate(certificate); } IConfidentialClientApplication app = builder.Build(); _application = app; // Initialize token cache providers await _tokenCacheProvider.InitializeAsync(app.AppTokenCache).ConfigureAwait(false); await _tokenCacheProvider.InitializeAsync(app.UserTokenCache).ConfigureAwait(false); return(app); } catch (Exception ex) { _logger.LogInformation( ex, IDWebErrorMessage.ExceptionAcquiringTokenForConfidentialClient); throw; } }
/// <summary> /// Creates an MSAL Confidential client application. /// </summary> private async Task <IConfidentialClientApplication> BuildConfidentialClientApplicationAsync() { var request = CurrentHttpContext.Request; string currentUri = UriHelper.BuildAbsolute( request.Scheme, request.Host, request.PathBase, _microsoftIdentityOptions.CallbackPath.Value ?? string.Empty); if (!_applicationOptions.Instance.EndsWith("/", StringComparison.InvariantCulture)) { _applicationOptions.Instance += "/"; } MicrosoftIdentityOptionsValidation.ValidateEitherClientCertificateOrClientSecret( _applicationOptions.ClientSecret, _microsoftIdentityOptions.ClientCertificates); try { var builder = ConfidentialClientApplicationBuilder .CreateWithApplicationOptions(_applicationOptions) .WithRedirectUri(currentUri) .WithHttpClientFactory(_httpClientFactory); string authority; if (_microsoftIdentityOptions.IsB2C) { authority = $"{_applicationOptions.Instance}tfp/{_microsoftIdentityOptions.Domain}/{_microsoftIdentityOptions.DefaultUserFlow}"; builder.WithB2CAuthority(authority); } else { authority = $"{_applicationOptions.Instance}{_applicationOptions.TenantId}/"; builder.WithAuthority(authority); } if (_microsoftIdentityOptions.ClientCertificates != null) { X509Certificate2?certificate = DefaultCertificateLoader.LoadFirstCertificate(_microsoftIdentityOptions.ClientCertificates); builder.WithCertificate(certificate); } IConfidentialClientApplication app = builder.Build(); // Initialize token cache providers await _tokenCacheProvider.InitializeAsync(app.AppTokenCache).ConfigureAwait(false); await _tokenCacheProvider.InitializeAsync(app.UserTokenCache).ConfigureAwait(false); return(app); } catch (Exception ex) { _logger.LogInformation( ex, string.Format( CultureInfo.InvariantCulture, IDWebErrorMessage.ExceptionAcquiringTokenForConfidentialClient)); throw; } }
/// <summary> /// Creates an MSAL confidential client application. /// </summary> private IConfidentialClientApplication BuildConfidentialClientApplication() { var httpContext = CurrentHttpContext; var request = httpContext?.Request; string?currentUri = null; if (!string.IsNullOrEmpty(_applicationOptions.RedirectUri)) { currentUri = _applicationOptions.RedirectUri; } if (request != null && string.IsNullOrEmpty(currentUri)) { currentUri = BuildCurrentUriFromRequest(httpContext !, request); } PrepareAuthorityInstanceForMsal(); MicrosoftIdentityOptionsValidation.ValidateEitherClientCertificateOrClientSecret( _applicationOptions.ClientSecret, _microsoftIdentityOptions.ClientCertificates); try { var builder = ConfidentialClientApplicationBuilder .CreateWithApplicationOptions(_applicationOptions) .WithHttpClientFactory(_httpClientFactory) .WithLogging( Log, ConvertMicrosoftExtensionsLogLevelToMsal(_logger), enablePiiLogging: _applicationOptions.EnablePiiLogging) .WithExperimentalFeatures(); // The redirect URI is not needed for OBO if (!string.IsNullOrEmpty(currentUri)) { builder.WithRedirectUri(currentUri); } string authority; if (_microsoftIdentityOptions.IsB2C) { authority = $"{_applicationOptions.Instance}{ClaimConstants.Tfp}/{_microsoftIdentityOptions.Domain}/{_microsoftIdentityOptions.DefaultUserFlow}"; builder.WithB2CAuthority(authority); } else { authority = $"{_applicationOptions.Instance}{_applicationOptions.TenantId}/"; builder.WithAuthority(authority); } if (_microsoftIdentityOptions.ClientCertificates != null) { X509Certificate2?certificate = DefaultCertificateLoader.LoadFirstCertificate(_microsoftIdentityOptions.ClientCertificates); builder.WithCertificate(certificate); } IConfidentialClientApplication app = builder.Build(); _application = app; // Initialize token cache providers _tokenCacheProvider.Initialize(app.AppTokenCache); _tokenCacheProvider.Initialize(app.UserTokenCache); return(app); } catch (Exception ex) { Logger.TokenAcquisitionError( _logger, IDWebErrorMessage.ExceptionAcquiringTokenForConfidentialClient, ex); throw; } }