public AcquireTokenOnBehalfHandler(Authenticator authenticator, TokenCache tokenCache, string resource, ClientKey clientKey, UserAssertion userAssertion, bool callSync) : base(authenticator, tokenCache, resource, clientKey, TokenSubjectType.UserPlusClient, callSync) { if (userAssertion == null) { throw new ArgumentNullException("userAssertion"); } this.userAssertion = userAssertion; this.DisplayableId = userAssertion.UserName; this.assertionHash = PlatformSpecificHelper.CreateSha256Hash(userAssertion.Assertion); this.SupportADFS = true; }
private void LogReturnedToken(AuthenticationResult result) { if (result.AccessToken != null) { string accessTokenHash = PlatformSpecificHelper.CreateSha256Hash(result.AccessToken); string logMessage; if (result.RefreshToken != null) { string refreshTokenHash = PlatformSpecificHelper.CreateSha256Hash(result.RefreshToken); logMessage = string.Format("Access Token with hash '{0}' and Refresh Token with hash '{1}' returned", accessTokenHash, refreshTokenHash); } else { logMessage = string.Format("Access Token with hash '{0}' returned", accessTokenHash); } Logger.Verbose(this.CallState, logMessage); } }
private void LogReturnedToken(AuthenticationResult result) { if (result.AccessToken != null) { string accessTokenHash = PlatformSpecificHelper.CreateSha256Hash(result.AccessToken); string refreshTokenHash; if (result.RefreshToken != null) { refreshTokenHash = PlatformSpecificHelper.CreateSha256Hash(result.RefreshToken); } else { refreshTokenHash = "[No Refresh Token]"; } Logger.Information(this.CallState, "=== Token Acquisition finished successfully. An access token was retuned:\n\tAccess Token Hash: {0}\n\tRefresh Token Hash: {1}\n\tExpiration Time: {2}\n\tUser Hash: {3}\n\t", accessTokenHash, refreshTokenHash, result.ExpiresOn, result.UserInfo != null ? PlatformSpecificHelper.CreateSha256Hash(result.UserInfo.UniqueId) : "null"); } }
protected override async Task PreTokenRequest() { await base.PreTokenRequest(); if (this.userAssertion == null) { UserRealmDiscoveryResponse userRealmResponse = await UserRealmDiscoveryResponse.CreateByDiscoveryAsync(this.Authenticator.UserRealmUri, this.userCredential.UserName, this.CallState); Logger.Information(this.CallState, "User with hash '{0}' detected as '{1}'", PlatformSpecificHelper.CreateSha256Hash(this.userCredential.UserName), userRealmResponse.AccountType); if (string.Compare(userRealmResponse.AccountType, "federated", StringComparison.OrdinalIgnoreCase) == 0) { if (string.IsNullOrWhiteSpace(userRealmResponse.FederationMetadataUrl)) { throw new AdalException(AdalError.MissingFederationMetadataUrl); } WsTrustAddress wsTrustAddress = await MexParser.FetchWsTrustAddressFromMexAsync(userRealmResponse.FederationMetadataUrl, this.userCredential.UserAuthType, this.CallState); Logger.Information(this.CallState, "WS-Trust endpoint '{0}' fetched from MEX at '{1}'", wsTrustAddress.Uri, userRealmResponse.FederationMetadataUrl); WsTrustResponse wsTrustResponse = await WsTrustRequest.SendRequestAsync(wsTrustAddress, this.userCredential, this.CallState); Logger.Information(this.CallState, "Token of type '{0}' acquired from WS-Trust endpoint", wsTrustResponse.TokenType); // We assume that if the response token type is not SAML 1.1, it is SAML 2 this.userAssertion = new UserAssertion(wsTrustResponse.Token, (wsTrustResponse.TokenType == WsTrustResponse.Saml1Assertion) ? OAuthGrantType.Saml11Bearer : OAuthGrantType.Saml20Bearer); } else if (string.Compare(userRealmResponse.AccountType, "managed", StringComparison.OrdinalIgnoreCase) == 0) { // handle password grant flow for the managed user if (this.userCredential.PasswordToCharArray() == null) { throw new AdalException(AdalError.PasswordRequiredForManagedUserError); } } else { throw new AdalException(AdalError.UnknownUserType); } } }
protected override async Task PreRunAsync() { await base.PreRunAsync(); if (this.userCredential != null) { // We cannot move the following lines to UserCredential as one of these calls in async. // It cannot be moved to constructor or property or a pure sync or async call. This is why we moved it here which is an async call already. if (string.IsNullOrWhiteSpace(this.userCredential.UserName)) { #if ADAL_NET this.userCredential.UserName = PlatformSpecificHelper.GetUserPrincipalName(); #else this.userCredential.UserName = await PlatformSpecificHelper.GetUserPrincipalNameAsync(); #endif if (string.IsNullOrWhiteSpace(userCredential.UserName)) { Logger.Information(this.CallState, "Could not find UPN for logged in user"); throw new AdalException(AdalError.UnknownUser); } Logger.Verbose(this.CallState, "Logged in user with hash '{0}' detected", PlatformSpecificHelper.CreateSha256Hash(userCredential.UserName)); } this.DisplayableId = userCredential.UserName; } else if (this.userAssertion != null) { this.DisplayableId = userAssertion.UserName; } }