/// <summary>
/// Log in to azure active directory in non-interactive mode using organizational id credentials.
/// </summary>
/// <param name="clientId">The active directory client id for this application.</param>
/// <param name="domain">The active directory domain or tenant id to authenticate with.</param>
/// <param name="username">The organizational account user name, given in the form of a user principal name (e.g. [email protected]).</param>
/// <param name="password">The organizational account password.</param>
/// <param name="serviceSettings">The active directory service details, including authentication endpoints and the intended token audience.</param>
/// <param name="cache">The token cache to target during authentication.</param>
/// <returns>A ServiceClientCredentials object that can be used to authenticate http requests using the given credentials.</returns>
public static async Task <ServiceClientCredentials> LoginSilentAsync(string clientId, string domain, string username, string password,
ActiveDirectoryServiceSettings serviceSettings, TokenCache cache)
{
var credentials = new UserCredential(username, password);
var authenticationContext = GetAuthenticationContext(domain, serviceSettings, cache);
try
{
var authResult = await authenticationContext.AcquireTokenAsync(serviceSettings.TokenAudience.ToString(),
clientId, credentials).ConfigureAwait(false);
return
(new TokenCredentials(
new UserTokenProvider(authenticationContext, clientId, serviceSettings.TokenAudience,
new UserIdentifier(username, UserIdentifierType.RequiredDisplayableId)),
authResult.TenantId,
authResult.UserInfo == null ? null : authResult.UserInfo.DisplayableId));
}
catch (AdalException ex)
{
throw new AuthenticationException(Resources.ErrorAcquiringToken, ex);
}
catch (FormatException ex)
{
throw new AuthenticationException(Resources.ErrorAcquiringToken, ex);
}
}
/// <summary>
/// Log in to Azure active directory with both user account and authentication credentials provided by the user. This call may display a
/// credentials dialog, depending on the supplied client settings and the state of the token cache and user cookies.
/// </summary>
/// <param name="domain">The domain to authenticate against.</param>
/// <param name="clientSettings">The client settings to use for authentication. These determine when a dialog will be displayed.</param>
/// <param name="serviceSettings">The settings for ad service, including endpoint and token audience</param>
/// <returns>A ServiceClientCredentials object that can be used to authenticate http requests using the given credentials.</returns>
public static async Task <ServiceClientCredentials> LoginWithPromptAsync(string domain,
ActiveDirectoryClientSettings clientSettings,
ActiveDirectoryServiceSettings serviceSettings)
{
return(await LoginWithPromptAsync(domain, clientSettings, serviceSettings,
UserIdentifier.AnyUser, TokenCache.DefaultShared).ConfigureAwait(false));
}
/// <summary>
/// Log in to Azure active directory with both user account and authentication credentials provided by the user. This call may display a
/// credentials dialog, depending on the supplied client settings and the state of the token cache and user cookies.
/// </summary>
/// <param name="domain">The domain to authenticate against.</param>
/// <param name="clientSettings">The client settings to use for authentication. These determine when a dialog will be displayed.</param>
/// <param name="serviceSettings">The settings for ad service, including endpoint and token audience</param>
/// <param name="cache">The token cache to target during authentication.</param>
/// <returns>A ServiceClientCredentials object that can be used to authenticate http requests using the given credentials.</returns>
public static async Task <ServiceClientCredentials> LoginWithPromptAsync(string domain,
ActiveDirectoryClientSettings clientSettings,
ActiveDirectoryServiceSettings serviceSettings, TokenCache cache)
{
return(await LoginWithPromptAsync(domain, clientSettings, serviceSettings,
UserIdentifier.AnyUser, cache));
}
/// <summary>
/// Log in to Azure active directory using the given username with authentication provided by the user. This call may display a credentials
/// dialog, depending on the supplied client settings and the state of the token cache and user cookies.
/// </summary>
/// <param name="domain">The domain to authenticate against.</param>
/// <param name="clientSettings">The client settings to use for authentication. These determine when a dialog will be displayed.</param>
/// <param name="serviceSettings">The settings for ad service, including endpoint and token audience</param>
/// <param name="username">The username to use for authentication.</param>
/// <returns>A ServiceClientCredentials object that can be used to authenticate http requests using the given credentials.</returns>
public static async Task <ServiceClientCredentials> LoginWithPromptAsync(string domain,
ActiveDirectoryClientSettings clientSettings,
ActiveDirectoryServiceSettings serviceSettings, string username)
{
return(await LoginWithPromptAsync(domain, clientSettings, serviceSettings,
new UserIdentifier(username, UserIdentifierType.RequiredDisplayableId), TokenCache.DefaultShared));
}
/// <summary>
/// Log in to Azure active directory with credentials provided by the user. This call may display a credentials
/// dialog, depending on the supplied client settings and the state of the token cache and user cookies.
/// </summary>
/// <param name="domain">The domain to authenticate against.</param>
/// <param name="clientSettings">The client settings to use for authentication. These determine when a dialog will be displayed.</param>
/// <param name="serviceSettings">The settings for ad service, including endpoint and token audience</param>
/// <param name="userId">The userid of the desired credentials</param>
/// <param name="cache">The token cache to target during authentication.</param>
/// <returns>A ServiceClientCredentials object that can be used to authenticate http requests using the given credentials.</returns>
public static async Task <ServiceClientCredentials> LoginWithPromptAsync(string domain, ActiveDirectoryClientSettings clientSettings,
ActiveDirectoryServiceSettings serviceSettings, UserIdentifier userId, TokenCache cache)
{
var authenticationContext = GetAuthenticationContext(domain, serviceSettings, cache);
TaskScheduler scheduler = TaskScheduler.FromCurrentSynchronizationContext();
var task = new Task <AuthenticationResult>(() =>
{
try
{
var result = authenticationContext.AcquireToken(
serviceSettings.TokenAudience.ToString(),
clientSettings.ClientId,
clientSettings.ClientRedirectUri,
clientSettings.PromptBehavior,
userId,
clientSettings.AdditionalQueryParameters);
return(result);
}
catch (Exception e)
{
throw new AuthenticationException(
string.Format(CultureInfo.CurrentCulture, Resources.ErrorAcquiringToken,
e.Message), e);
}
});
task.Start(scheduler);
var authResult = await task.ConfigureAwait(false);
var newUserId = new UserIdentifier(authResult.UserInfo.DisplayableId,
UserIdentifierType.RequiredDisplayableId);
return(new TokenCredentials(new UserTokenProvider(authenticationContext, clientSettings.ClientId,
serviceSettings.TokenAudience, newUserId)));
}
/// <summary>
/// Log in to azure active directory using device code authentication.
/// </summary>
/// <param name="clientId">The active directory client id for this application.</param>
/// <param name="domain">The active directory domain or tenant id to authenticate with.</param>
/// <param name="serviceSettings">The active directory service details, including authentication endpoints and the intended token audience.</param>
/// <param name="deviceCodeHandler">User provided callback to display device code request. if returns false no token will be acquired.</param>
/// <returns>A ServiceClientCredentials object that can be used to authenticate http requests using the given credentials.</returns>
public static async Task <ServiceClientCredentials> LoginByDeviceCodeAsync(
string clientId,
string domain,
ActiveDirectoryServiceSettings serviceSettings,
Func <DeviceCodeResult, bool> deviceCodeHandler)
{
return(await LoginByDeviceCodeAsync(clientId, domain, serviceSettings, TokenCache.DefaultShared, deviceCodeHandler));
}
private static AuthenticationContext GetAuthenticationContext(string domain, ActiveDirectoryServiceSettings serviceSettings, TokenCache cache)
{
return((cache == null)
? new AuthenticationContext(serviceSettings.AuthenticationEndpoint + domain,
serviceSettings.ValidateAuthority)
: new AuthenticationContext(serviceSettings.AuthenticationEndpoint + domain,
serviceSettings.ValidateAuthority,
cache));
}
public void AzureEnvironmentDoesNotDuplicateSlash(string inputUri)
{
var testEnvironment = new ActiveDirectoryServiceSettings
{
ValidateAuthority = true,
TokenAudience = new Uri("https://contoso.com/widgets/"),
AuthenticationEndpoint = new Uri(inputUri)
};
Assert.Equal(inputUri, testEnvironment.AuthenticationEndpoint.ToString());
}
/// <summary>
/// Creates ServiceClientCredentials for authenticating requests as an active directory application using certificate credential.
/// See <see href="https://azure.microsoft.com/en-us/documentation/articles/active-directory-devquickstarts-dotnet/">Active Directory Quickstart for .Net</see>
/// for detailed instructions on creating an Azure Active Directory application.
/// </summary>
/// <param name="domain">The active directory domain or tenantId to authenticate with.</param>
/// <param name="clientId">The active directory clientId for the application.</param>
/// <param name="certificate">The certificate associated with Active Directory application.</param>
/// <param name="password">The certificate password.</param>
/// <param name="settings">The active directory service side settings, including authority and token audience.</param>
/// <param name="cache">The token cache to target during authentication.</param>
/// <returns>A ServiceClientCredentials object that can authenticate http requests as the given application.</returns>
public static async Task <ServiceClientCredentials> LoginSilentAsync(string domain, string clientId, byte[] certificate, string password,
ActiveDirectoryServiceSettings settings, TokenCache cache)
{
#if !net452
return(await LoginSilentAsync(domain, new ClientAssertionCertificate(clientId, certificate, password),
settings, cache));
#else
return(await LoginSilentAsync(domain, new ClientAssertionCertificate(clientId,
new System.Security.Cryptography.X509Certificates.X509Certificate2(certificate)),
settings, cache));
#endif
}
private static AuthenticationContext GetAuthenticationContext(string domain, ActiveDirectoryServiceSettings serviceSettings, TokenCache cache, object ownerWindow)
{
var context = (cache == null
? new AuthenticationContext(serviceSettings.AuthenticationEndpoint + domain,
serviceSettings.ValidateAuthority)
: new AuthenticationContext(serviceSettings.AuthenticationEndpoint + domain,
serviceSettings.ValidateAuthority, cache));
if (ownerWindow != null)
{
context.OwnerWindow = ownerWindow;
}
return(context);
}
/// <summary>
/// Log in to Azure active directory with credentials provided by the user. This call may display a credentials
/// dialog, depending on the supplied client settings and the state of the token cache and user cookies.
/// </summary>
/// <param name="domain">The domain to authenticate against.</param>
/// <param name="clientSettings">The client settings to use for authentication. These determine when a dialog will be displayed.</param>
/// <param name="serviceSettings">The settings for ad service, including endpoint and token audience</param>
/// <param name="userId">The userid of the desired credentials</param>
/// <param name="cache">The token cache to target during authentication.</param>
/// <returns>A ServiceClientCredentials object that can be used to authenticate http requests using the given credentials.</returns>
public static async Task <ServiceClientCredentials> LoginWithPromptAsync(string domain, ActiveDirectoryClientSettings clientSettings,
ActiveDirectoryServiceSettings serviceSettings, UserIdentifier userId, TokenCache cache)
{
TaskScheduler scheduler;
if (SynchronizationContext.Current != null)
{
scheduler = TaskScheduler.FromCurrentSynchronizationContext();
}
else
{
scheduler = TaskScheduler.Current;
}
return(await LoginWithPromptAsync(domain, clientSettings, serviceSettings, userId, cache, () => { return scheduler; }).ConfigureAwait(false));
}
/// <summary>
/// Log in to azure active directory using device code authentication.
/// </summary>
/// <param name="clientId">The active directory client id for this application.</param>
/// <param name="domain">The active directory domain or tenant id to authenticate with.</param>
/// <param name="serviceSettings">The active directory service details, including authentication endpoints and the intended token audience.</param>
/// <param name="cache">The token cache to target during authentication.</param>
/// <param name="deviceCodeHandler">User provided callback to display device code request. if returns false no token will be acquired.</param>
/// <returns>A ServiceClientCredentials object that can be used to authenticate http requests using the given credentials.</returns>
public static async Task <ServiceClientCredentials> LoginByDeviceCodeAsync(
string clientId,
string domain,
ActiveDirectoryServiceSettings serviceSettings,
TokenCache cache,
Func <DeviceCodeResult, bool> deviceCodeHandler)
{
if (deviceCodeHandler == null)
{
throw new ArgumentException("deviceCodeHandler");
}
var authenticationContext = GetAuthenticationContext(domain, serviceSettings, cache);
try
{
DeviceCodeResult codeResult = await authenticationContext.AcquireDeviceCodeAsync(
serviceSettings.TokenAudience.ToString(),
clientId)
.ConfigureAwait(false);
if (deviceCodeHandler(codeResult))
{
AuthenticationResult authenticationResult = await authenticationContext.AcquireTokenByDeviceCodeAsync(codeResult)
.ConfigureAwait(false);
return(new TokenCredentials(
new UserTokenProvider(
authenticationContext,
clientId,
serviceSettings.TokenAudience,
new UserIdentifier(authenticationResult.UserInfo.DisplayableId, UserIdentifierType.RequiredDisplayableId)),
authenticationResult.TenantId,
authenticationResult.UserInfo == null ? null : authenticationResult.UserInfo.DisplayableId));
}
return(null);
}
catch (AdalException ex)
{
throw new AuthenticationException(Resources.ErrorAcquiringToken, ex);
}
catch (FormatException ex)
{
throw new AuthenticationException(Resources.ErrorAcquiringToken, ex);
}
}
/// <summary>
/// Creates ServiceClientCredentials for authenticating requests as an active directory application using client credentials.
/// See <see href="https://azure.microsoft.com/en-us/documentation/articles/active-directory-devquickstarts-dotnet/">Active Directory Quickstart for .Net</see>
/// for detailed instructions on creating an Azure Active Directory application.
/// </summary>
/// <param name="domain">The active directory domain or tenantId to authenticate with.</param>
/// <param name="clientId">The active directory clientId for the application.</param>
/// <param name="secret">The secret for this active directory application.</param>
/// <param name="settings">The active directory service side settings, including authority and token audience.</param>
/// <param name="cache">The token cache to target during authentication.</param>
/// <returns>A ServiceClientCredentials object that can authenticate http requests as the given application.</returns>
public static async Task <ServiceClientCredentials> LoginSilentAsync(string domain, string clientId, string secret,
ActiveDirectoryServiceSettings settings, TokenCache cache)
{
return(await LoginSilentAsync(domain, new ClientCredential(clientId, secret), settings, cache));
}
/// <summary>
/// Log in to azure active directory using device code authentication.
/// </summary>
/// <param name="clientId">The active directory client id for this application.</param>
/// <param name="domain">The active directory domain or tenant id to authenticate with.</param>
/// <param name="serviceSettings">The active directory service details, including authentication endpoints and the intended token audience.</param>
/// <param name="deviceCodeHandler">User provided callback to display device code request. if returns false no token will be acquired.</param>
/// <returns>A ServiceClientCredentials object that can be used to authenticate http requests using the given credentials.</returns>
public static async Task<ServiceClientCredentials> LoginByDeviceCodeAsync(
string clientId,
string domain,
ActiveDirectoryServiceSettings serviceSettings,
Func<DeviceCodeResult, bool> deviceCodeHandler)
{
return await LoginByDeviceCodeAsync(clientId, domain, serviceSettings, TokenCache.DefaultShared, deviceCodeHandler);
}
/// <summary>
/// For testing purposes only: allows testing token expiration.
/// </summary>
/// <param name="domain">The active directory domain or tenantId to authenticate with.</param>
/// <param name="clientId">The active directory clientId fo the application.</param>
/// <param name="credentialProvider">A source for the secure secret for this application.</param>
/// <param name="settings">The active directory service side settings, including authority and token audience.</param>
/// <param name="cache">The token cache to target during authentication.</param>
/// <param name="expiration">The token expiration.</param>
/// <returns>A ServiceClientCredentials object that can authenticate http requests as the given application.</returns>
internal static async Task <ServiceClientCredentials> LoginSilentAsync(string domain, string clientId,
IApplicationCredentialProvider credentialProvider, ActiveDirectoryServiceSettings settings, TokenCache cache, DateTimeOffset expiration)
{
var audience = settings.TokenAudience.ToString();
var context = GetAuthenticationContext(domain, settings, cache);
var credential = await credentialProvider.GetCredentialAsync(clientId);
var authResult = await context.AcquireTokenAsync(audience, credential);
return(new TokenCredentials(new ApplicationTokenProvider(context, audience, clientId,
credentialProvider, authResult, expiration)));
}
/// <summary>
/// Creates ServiceClientCredentials for authenticating requests as an active directory application.
/// See <see href="https://azure.microsoft.com/en-us/documentation/articles/active-directory-devquickstarts-dotnet/">Active Directory Quickstart for .Net</see>
/// for detailed instructions on creating an Azure Active Directory application.
/// </summary>
/// <param name="domain">The active directory domain or tenantId to authenticate with.</param>
/// <param name="clientId">The active directory clientId for the application.</param>
/// <param name="authenticationProvider">A source for the secure secret for this application.</param>
/// <param name="settings">The active directory service side settings, including authority and token audience.</param>
/// <param name="cache">The token cache to target during authentication.</param>
/// <returns>A ServiceClientCredentials object that can authenticate http requests as the given application.</returns>
public static async Task <ServiceClientCredentials> LoginSilentAsync(string domain, string clientId,
IApplicationAuthenticationProvider authenticationProvider, ActiveDirectoryServiceSettings settings, TokenCache cache)
{
var audience = settings.TokenAudience.ToString();
var context = GetAuthenticationContext(domain, settings, cache);
var authResult = await authenticationProvider.AuthenticateAsync(clientId, audience, context);
return(new TokenCredentials(new ApplicationTokenProvider(context, audience, clientId,
authenticationProvider, authResult)));
}
/// <summary>
/// For testing purposes only: allows testing token expiration.
/// </summary>
/// <param name="domain">The active directory domain or tenantId to authenticate with.</param>
/// <param name="clientId">The active directory clientId for the application.</param>
/// <param name="authenticationProvider">A source for the secure secret for this application.</param>
/// <param name="settings">The active directory service side settings, including authority and token audience.</param>
/// <param name="cache">The token cache to target during authentication.</param>
/// <param name="expiration">The token expiration.</param>
/// <returns>A ServiceClientCredentials object that can authenticate http requests as the given application.</returns>
internal static async Task<ServiceClientCredentials> LoginSilentAsync(string domain, string clientId,
IApplicationAuthenticationProvider authenticationProvider, ActiveDirectoryServiceSettings settings, TokenCache cache, DateTimeOffset expiration)
{
var audience = settings.TokenAudience.ToString();
var context = GetAuthenticationContext(domain, settings, cache);
var authResult = await authenticationProvider.AuthenticateAsync(clientId, audience, context);
return new TokenCredentials(new ApplicationTokenProvider(context, audience, clientId,
authenticationProvider, authResult, expiration));
}
/// <summary>
/// Creates ServiceClientCredentials for authenticating requests as an active directory application using a certificate credential.
/// See <see href="https://azure.microsoft.com/en-us/documentation/articles/active-directory-devquickstarts-dotnet/">Active Directory Quickstart for .Net</see>
/// for detailed instructions on creating an Azure Active Directory application.
/// </summary>
/// <param name="domain">The active directory domain or tenantId to authenticate with.</param>
/// <param name="certificate">The certificate associated with Active Directory application.</param>
/// <param name="settings">The active directory service side settings, including authority and token audience.</param>
/// <param name="cache">The token cache to target during authentication.</param>
/// <returns>A ServiceClientCredentials object that can authenticate http requests as the given application.</returns>
public static async Task<ServiceClientCredentials> LoginSilentAsync(string domain, ClientAssertionCertificate certificate,
ActiveDirectoryServiceSettings settings, TokenCache cache)
{
return await LoginSilentAsync(domain, certificate.ClientId,
new CertificateAuthenticationProvider((clientId) => Task.FromResult(certificate)), settings, cache);
}
/// <summary>
/// Creates ServiceClientCredentials for authenticating requests as an active directory application using a certificate credential. Uses the default token cache for authentication.
/// See <see href="https://azure.microsoft.com/en-us/documentation/articles/active-directory-devquickstarts-dotnet/">Active Directory Quickstart for .Net</see>
/// for detailed instructions on creating an Azure Active Directory application.
/// </summary>
/// <param name="domain">The active directory domain or tenantId to authenticate with.</param>
/// <param name="certificate">The certificate associated with Active Directory application.</param>
/// <param name="settings">The active directory service side settings, including authority and token audience.</param>
/// <returns>A ServiceClientCredentials object that can authenticate http requests as the given application.</returns>
public static async Task<ServiceClientCredentials> LoginSilentWithCertificateAsync(string domain, ClientAssertionCertificate certificate,
ActiveDirectoryServiceSettings settings)
{
return await LoginSilentAsync(domain, certificate, settings, TokenCache.DefaultShared);
}
/// <summary> /// Log in to azure active directory in non-interactive mode using organizational id credentials and the default token cache. /// </summary> /// <param name="clientId">The active directory client id for this application.</param> /// <param name="domain">The active directory domain or tenant id to authenticate with.</param> /// <param name="username">The organizational account user name, given in the form of a user principal name (e.g. [email protected]).</param> /// <param name="password">The organizational account password.</param> /// <param name="serviceSettings">The active directory service details, including authentication endpoints and the intended token audience.</param> /// <returns>A ServiceClientCredentials object that can be used to authenticate http requests using the given credentials.</returns> public static async Task <ServiceClientCredentials> LoginSilentAsync(string clientId, string domain, string username, string password, ActiveDirectoryServiceSettings serviceSettings) { return(await LoginSilentAsync(clientId, domain, username, password, serviceSettings, TokenCache.DefaultShared).ConfigureAwait(false)); }
/// <summary> /// Log in to azure active directory in non-interactive mode using organizational id credentials. /// </summary> /// <param name="clientId">The active directory client id for this application.</param> /// <param name="domain">The active directory domain or tenant id to authenticate with.</param> /// <param name="username">The organizational account user name, given in the form of a user principal name (e.g. [email protected]).</param> /// <param name="password">The organizational account password.</param> /// <param name="serviceSettings">The active directory service details, including authentication endpoints and the intended token audience.</param> /// <param name="cache">The token cache to target during authentication.</param> /// <returns>A ServiceClientCredentials object that can be used to authenticate http requests using the given credentials.</returns> public static async Task<ServiceClientCredentials> LoginSilentAsync(string clientId, string domain, string username, string password, ActiveDirectoryServiceSettings serviceSettings, TokenCache cache) { var credentials = new UserCredential(username, password); var authenticationContext = GetAuthenticationContext(domain, serviceSettings, cache); try { var authResult = await authenticationContext.AcquireTokenAsync(serviceSettings.TokenAudience.ToString(), clientId, credentials).ConfigureAwait(false); return new TokenCredentials( new UserTokenProvider(authenticationContext, clientId,serviceSettings.TokenAudience, new UserIdentifier(username, UserIdentifierType.RequiredDisplayableId)), authResult.TenantId, authResult.UserInfo == null ? null : authResult.UserInfo.DisplayableId); } catch (AdalException ex) { throw new AuthenticationException(Resources.ErrorAcquiringToken, ex); } catch(FormatException ex) { throw new AuthenticationException(Resources.ErrorAcquiringToken, ex); } }
/// <summary>
/// Create service client credentials using information cached from a previous login. Parameters are used to match existing tokens.
/// </summary>
/// <param name="clientId">The clientId to match when retrieving authentication tokens.</param>
/// <param name="domain">The active directory domain or tenant id to match when retrieving authentication tokens.</param>
/// <param name="username">The account username to match when retrieving authentication tokens.</param>
/// <param name="serviceSettings">The active directory service settings, including token authority and audience to match when retrieving tokens.</param>
/// <param name="cache">The token cache to target when retrieving tokens.</param>
/// <returns>A ServiceClientCredentials object that can be used to authenticate http requests using the retrieved credentials. If no
/// credentials can be retrieved, an authentication exception is thrown.</returns>
public static async Task<ServiceClientCredentials> CreateCredentialsFromCache(string clientId, string domain, string username,
ActiveDirectoryServiceSettings serviceSettings, TokenCache cache)
{
var userId = new UserIdentifier(username, UserIdentifierType.RequiredDisplayableId);
var authenticationContext = GetAuthenticationContext(domain, serviceSettings, cache);
try
{
await authenticationContext.AcquireTokenSilentAsync(serviceSettings.TokenAudience.ToString(),
clientId, userId).ConfigureAwait(false);
return
new TokenCredentials(new UserTokenProvider(authenticationContext, clientId,
serviceSettings.TokenAudience, userId));
}
catch (AdalException ex)
{
throw new AuthenticationException(Resources.ErrorAcquiringToken, ex);
}
}
/// <summary>
/// Create service client credentials using information cached from a previous login in the default token cache. Parameters are used to match
/// existing tokens.
/// </summary>
/// <param name="clientId">The clientId to match when retrieving authentication tokens.</param>
/// <param name="domain">The active directory domain or tenant id to match when retrieving authentication tokens.</param>
/// <param name="username">The account username to match when retrieving authentication tokens.</param>
/// <param name="serviceSettings">The active directory service settings, including token authority and audience to match when retrieving tokens.</param>
/// <returns>A ServiceClientCredentials object that can be used to authenticate http requests using the retrieved credentials. If no
/// credentials can be retrieved, an authentication exception is thrown.</returns>
public static async Task<ServiceClientCredentials> CreateCredentialsFromCache(string clientId, string domain,
string username, ActiveDirectoryServiceSettings serviceSettings)
{
return await CreateCredentialsFromCache(clientId, domain, username, serviceSettings, TokenCache.DefaultShared);
}
/// <summary>
/// Log in to azure active directory using device code authentication.
/// </summary>
/// <param name="clientId">The active directory client id for this application.</param>
/// <param name="domain">The active directory domain or tenant id to authenticate with.</param>
/// <param name="serviceSettings">The active directory service details, including authentication endpoints and the intended token audience.</param>
/// <param name="cache">The token cache to target during authentication.</param>
/// <param name="deviceCodeHandler">User provided callback to display device code request. if returns false no token will be acquired.</param>
/// <returns>A ServiceClientCredentials object that can be used to authenticate http requests using the given credentials.</returns>
public static async Task<ServiceClientCredentials> LoginByDeviceCodeAsync(
string clientId,
string domain,
ActiveDirectoryServiceSettings serviceSettings,
TokenCache cache,
Func<DeviceCodeResult, bool> deviceCodeHandler)
{
if(deviceCodeHandler == null)
{
throw new ArgumentException("deviceCodeHandler");
}
var authenticationContext = GetAuthenticationContext(domain, serviceSettings, cache);
try
{
DeviceCodeResult codeResult = await authenticationContext.AcquireDeviceCodeAsync(
serviceSettings.TokenAudience.ToString(),
clientId)
.ConfigureAwait(false);
if (deviceCodeHandler(codeResult))
{
AuthenticationResult authenticationResult = await authenticationContext.AcquireTokenByDeviceCodeAsync(codeResult)
.ConfigureAwait(false);
return new TokenCredentials(
new UserTokenProvider(
authenticationContext,
clientId,
serviceSettings.TokenAudience,
new UserIdentifier(authenticationResult.UserInfo.DisplayableId, UserIdentifierType.RequiredDisplayableId)));
}
return null;
}
catch (AdalException ex)
{
throw new AuthenticationException(Resources.ErrorAcquiringToken, ex);
}
catch (FormatException ex)
{
throw new AuthenticationException(Resources.ErrorAcquiringToken, ex);
}
}
/// <summary>
/// Creates ServiceClientCredentials for authenticating requests as an active directory application using a client credential.
/// See <see href="https://azure.microsoft.com/en-us/documentation/articles/active-directory-devquickstarts-dotnet/">Active Directory Quickstart for .Net</see>
/// for detailed instructions on creating an Azure Active Directory application.
/// </summary>
/// <param name="domain">The active directory domain or tenantId to authenticate with.</param>
/// <param name="credential">The client credential (client id and secret) for this active directory application.</param>
/// <param name="settings">The active directory service side settings, including authority and token audience.</param>
/// <param name="cache">The token cache to target during authentication.</param>
/// <returns>A ServiceClientCredentials object that can authenticate http requests as the given application.</returns>
public static async Task <ServiceClientCredentials> LoginSilentAsync(string domain, ClientCredential credential,
ActiveDirectoryServiceSettings settings, TokenCache cache)
{
return(await LoginSilentAsync(domain, credential.ClientId, new MemoryApplicationAuthenticationProvider(credential),
settings, cache));
}
/// <summary>
/// Log in to Azure active directory using the given username with authentication provided by the user. This call may display a credentials
/// dialog, depending on the supplied client settings and the state of the token cache and user cookies.
/// </summary>
/// <param name="domain">The domain to authenticate against.</param>
/// <param name="clientSettings">The client settings to use for authentication. These determine when a dialog will be displayed.</param>
/// <param name="serviceSettings">The settings for ad service, including endpoint and token audience</param>
/// <param name="username">The username to use for authentication.</param>
/// <param name="cache">The token cache to target during authentication.</param>
/// <returns>A ServiceClientCredentials object that can be used to authenticate http requests using the given credentials.</returns>
public static async Task<ServiceClientCredentials> LoginWithPromptAsync(string domain,
ActiveDirectoryClientSettings clientSettings,
ActiveDirectoryServiceSettings serviceSettings, string username, TokenCache cache)
{
return await LoginWithPromptAsync(domain, clientSettings, serviceSettings,
new UserIdentifier(username, UserIdentifierType.RequiredDisplayableId), cache);
}
/// <summary>
/// Log in to Azure active directory with credentials provided by the user. This call may display a credentials
/// dialog, depending on the supplied client settings and the state of the token cache and user cookies.
/// </summary>
/// <param name="domain">The domain to authenticate against.</param>
/// <param name="clientSettings">The client settings to use for authentication. These determine when a dialog will be displayed.</param>
/// <param name="serviceSettings">The settings for ad service, including endpoint and token audience</param>
/// <param name="taskScheduler">Scheduler needed to run the task</param>
/// <returns></returns>
public static async Task <ServiceClientCredentials> LoginWithPromptAsync(string domain, ActiveDirectoryClientSettings clientSettings,
ActiveDirectoryServiceSettings serviceSettings, Func <TaskScheduler> taskScheduler)
{
return(await LoginWithPromptAsync(domain, clientSettings, serviceSettings, UserIdentifier.AnyUser, TokenCache.DefaultShared, taskScheduler));
}
/// <summary>
/// Creates ServiceClientCredentials for authenticating requests as an active directory application using a client credential.
/// See <see href="https://azure.microsoft.com/en-us/documentation/articles/active-directory-devquickstarts-dotnet/">Active Directory Quickstart for .Net</see>
/// for detailed instructions on creating an Azure Active Directory application.
/// </summary>
/// <param name="domain">The active directory domain or tenantId to authenticate with.</param>
/// <param name="credential">The client credential (client id and secret) for this active directory application.</param>
/// <param name="settings">The active directory service side settings, including authority and token audience.</param>
/// <param name="cache">The token cache to target during authentication.</param>
/// <returns>A ServiceClientCredentials object that can authenticate http requests as the given application.</returns>
public static async Task<ServiceClientCredentials> LoginSilentAsync(string domain, ClientCredential credential,
ActiveDirectoryServiceSettings settings, TokenCache cache)
{
return await LoginSilentAsync(domain, credential.ClientId, new MemoryApplicationAuthenticationProvider(credential),
settings, cache);
}
/// <summary>
/// Creates ServiceClientCredentials for authenticating requests as an active directory application.
/// See <see href="https://azure.microsoft.com/en-us/documentation/articles/active-directory-devquickstarts-dotnet/">Active Directory Quickstart for .Net</see>
/// for detailed instructions on creating an Azure Active Directory application.
/// </summary>
/// <param name="domain">The active directory domain or tenantId to authenticate with.</param>
/// <param name="clientId">The active directory clientId fo the application.</param>
/// <param name="credentialProvider">A source for the secure secret for this application.</param>
/// <param name="settings">The active directory service side settings, including authority and token audience.</param>
/// <param name="cache">The token cache to target during authentication.</param>
/// <returns>A ServiceClientCredentials object that can authenticate http requests as the given application.</returns>
public static async Task<ServiceClientCredentials> LoginSilentAsync(string domain, string clientId,
IApplicationCredentialProvider credentialProvider, ActiveDirectoryServiceSettings settings, TokenCache cache)
{
var audience = settings.TokenAudience.ToString();
var context = GetAuthenticationContext(domain, settings, cache);
var credential = await credentialProvider.GetCredentialAsync(clientId);
var authResult = await context.AcquireTokenAsync(audience, credential);
return new TokenCredentials(new ApplicationTokenProvider(context, audience, clientId,
credentialProvider, authResult));
}
/// <summary>
/// Creates ServiceClientCredentials for authenticating requests as an active directory application. Uses the default shared token cache.
/// See <see href="https://azure.microsoft.com/en-us/documentation/articles/active-directory-devquickstarts-dotnet/">Active Directory Quickstart for .Net</see>
/// for detailed instructions on creating an Azure Active Directory application.
/// </summary>
/// <param name="domain">The active directory domain or tenantId to authenticate with.</param>
/// <param name="clientId">The active directory clientId for the application.</param>
/// <param name="authenticationProvider">A source for the secure secret for this application.</param>
/// <param name="settings">The active directory service side settings, including authority and token audience.</param>
/// <returns>A ServiceClientCredentials object that can authenticate http requests as the given application.</returns>
public static async Task<ServiceClientCredentials> LoginSilentAsync(string domain, string clientId,
IApplicationAuthenticationProvider authenticationProvider, ActiveDirectoryServiceSettings settings)
{
return await LoginSilentAsync(domain, clientId, authenticationProvider, settings, TokenCache.DefaultShared);
}
public ServiceClientCredentials GetServiceClientCredentials(AzureContext context, AzureEnvironment.Endpoint targetEndpoint)
{
if (context.Account == null)
{
throw new ArgumentException(Resources.ArmAccountNotFound);
}
if (context.Account.Type == AzureAccount.AccountType.Certificate)
{
throw new NotSupportedException(AzureAccount.AccountType.Certificate.ToString());
}
if (context.Account.Type == AzureAccount.AccountType.AccessToken)
{
return new TokenCredentials(context.Account.GetProperty(AzureAccount.Property.AccessToken));
}
string tenant = null;
if (context.Subscription != null && context.Account != null)
{
tenant = context.Subscription.GetPropertyAsArray(AzureSubscription.Property.Tenants)
.Intersect(context.Account.GetPropertyAsArray(AzureAccount.Property.Tenants))
.FirstOrDefault();
}
if (tenant == null && context.Tenant != null && context.Tenant.Id != Guid.Empty)
{
tenant = context.Tenant.Id.ToString();
}
if (tenant == null)
{
throw new ArgumentException(Resources.NoTenantInContext);
}
try
{
TracingAdapter.Information(Resources.UPNAuthenticationTrace,
context.Account.Id, context.Environment.Name, tenant);
// TODO: When we will refactor the code, need to add tracing
/*TracingAdapter.Information(Resources.UPNAuthenticationTokenTrace,
token.LoginType, token.TenantId, token.UserId);*/
var env = new ActiveDirectoryServiceSettings
{
AuthenticationEndpoint = context.Environment.GetEndpointAsUri(AzureEnvironment.Endpoint.ActiveDirectory),
TokenAudience = context.Environment.GetEndpointAsUri(context.Environment.GetTokenAudience(targetEndpoint)),
ValidateAuthority = !context.Environment.OnPremise
};
var tokenCache = AzureSession.TokenCache;
if (context.TokenCache != null && context.TokenCache.Length > 0)
{
tokenCache = new TokenCache(context.TokenCache);
}
ServiceClientCredentials result = null;
if (context.Account.Type == AzureAccount.AccountType.User)
{
result = Rest.Azure.Authentication.UserTokenProvider.CreateCredentialsFromCache(
AdalConfiguration.PowerShellClientId,
tenant,
context.Account.Id,
env,
tokenCache).ConfigureAwait(false).GetAwaiter().GetResult();
}
else if (context.Account.Type == AzureAccount.AccountType.ServicePrincipal)
{
if (context.Account.IsPropertySet(AzureAccount.Property.CertificateThumbprint))
{
result = ApplicationTokenProvider.LoginSilentAsync(
tenant,
context.Account.Id,
new CertificateApplicationCredentialProvider(
context.Account.GetProperty(AzureAccount.Property.CertificateThumbprint)),
env,
tokenCache).ConfigureAwait(false).GetAwaiter().GetResult();
}
else
{
result = ApplicationTokenProvider.LoginSilentAsync(
tenant,
context.Account.Id,
new KeyStoreApplicationCredentialProvider(tenant),
env,
tokenCache).ConfigureAwait(false).GetAwaiter().GetResult();
}
}
else
{
throw new NotSupportedException(context.Account.Type.ToString());
}
if (context.TokenCache != null && context.TokenCache.Length > 0)
{
context.TokenCache = tokenCache.Serialize();
}
return result;
}
catch (Exception ex)
{
TracingAdapter.Information(Resources.AdalAuthException, ex.Message);
throw new ArgumentException(Resources.InvalidArmContext, ex);
}
}
private static AuthenticationContext GetAuthenticationContext(string domain, ActiveDirectoryServiceSettings serviceSettings, TokenCache cache)
{
return (cache == null)
? new AuthenticationContext(serviceSettings.AuthenticationEndpoint + domain,
serviceSettings.ValidateAuthority)
: new AuthenticationContext(serviceSettings.AuthenticationEndpoint + domain,
serviceSettings.ValidateAuthority,
cache);
}
/// <summary>
/// Create service client credentials using information cached from a previous login in the default token cache. Parameters are used to match
/// existing tokens.
/// </summary>
/// <param name="clientId">The clientId to match when retrieving authentication tokens.</param>
/// <param name="domain">The active directory domain or tenant id to match when retrieving authentication tokens.</param>
/// <param name="username">The account username to match when retrieving authentication tokens.</param>
/// <param name="serviceSettings">The active directory service settings, including token authority and audience to match when retrieving tokens.</param>
/// <returns>A ServiceClientCredentials object that can be used to authenticate http requests using the retrieved credentials. If no
/// credentials can be retrieved, an authentication exception is thrown.</returns>
public static async Task <ServiceClientCredentials> CreateCredentialsFromCache(string clientId, string domain,
string username, ActiveDirectoryServiceSettings serviceSettings)
{
return(await CreateCredentialsFromCache(clientId, domain, username, serviceSettings, TokenCache.DefaultShared));
}
private static AuthenticationContext GetAuthenticationContext(string domain, ActiveDirectoryServiceSettings serviceSettings, TokenCache cache, object ownerWindow)
{
var context = (cache == null
? new AuthenticationContext(serviceSettings.AuthenticationEndpoint + domain,
serviceSettings.ValidateAuthority)
: new AuthenticationContext(serviceSettings.AuthenticationEndpoint + domain,
serviceSettings.ValidateAuthority, cache));
if (ownerWindow != null)
{
context.OwnerWindow = ownerWindow;
}
return context;
}
//public async Task<ServiceClientCredentials> LoginSilentAsync(string domain, string clientId)
//{
// return null;
//}
/// <summary>
/// Creates ServiceClientCredentials for authenticating requests as an active directory application using client credentials.
/// Uses the default token cache during authentication.
/// See <see href="https://azure.microsoft.com/en-us/documentation/articles/active-directory-devquickstarts-dotnet/"> Active Directory Quickstart for .Net</see>
/// for detailed instructions on creating an Azure Active Directory application.
/// </summary>
/// <param name="domain">The active directory domain or tenantId to authenticate with.</param>
/// <param name="clientId">The active directory clientId for the application.</param>
/// <param name="secret">The secret for this active directory application.</param>
/// <param name="settings">The active directory service side settings, including authority and token audience.</param>
/// <returns>A ServiceClientCredentials object that can authenticate http requests as the given application.</returns>
public static async Task <ServiceClientCredentials> LoginSilentAsync(string domain, string clientId, string secret,
ActiveDirectoryServiceSettings settings)
{
return(await LoginSilentAsync(domain, clientId, secret, settings, TokenCache.DefaultShared));
}
/// <summary>
/// Creates ServiceClientCredentials for authenticating requests as an active directory application using a certificate credential. Uses the default token cache for authentication.
/// See <see href="https://azure.microsoft.com/en-us/documentation/articles/active-directory-devquickstarts-dotnet/">Active Directory Quickstart for .Net</see>
/// for detailed instructions on creating an Azure Active Directory application.
/// </summary>
/// <param name="domain">The active directory domain or tenantId to authenticate with.</param>
/// <param name="certificate">The certificate associated with Active Directory application.</param>
/// <param name="settings">The active directory service side settings, including authority and token audience.</param>
/// <returns>A ServiceClientCredentials object that can authenticate http requests as the given application.</returns>
public static async Task <ServiceClientCredentials> LoginSilentWithCertificateAsync(string domain, ClientAssertionCertificate certificate,
ActiveDirectoryServiceSettings settings)
{
return(await LoginSilentAsync(domain, certificate, settings, TokenCache.DefaultShared));
}
/// <summary>
/// Log in to Azure active directory with credentials provided by the user. This call may display a credentials
/// dialog, depending on the supplied client settings and the state of the token cache and user cookies.
/// </summary>
/// <param name="domain">The domain to authenticate against.</param>
/// <param name="clientSettings">The client settings to use for authentication. These determine when a dialog will be displayed.</param>
/// <param name="serviceSettings">The settings for ad service, including endpoint and token audience</param>
/// <param name="userId">The userid of the desired credentials</param>
/// <param name="cache">The token cache to target during authentication.</param>
/// <returns>A ServiceClientCredentials object that can be used to authenticate http requests using the given credentials.</returns>
public static async Task<ServiceClientCredentials> LoginWithPromptAsync(string domain, ActiveDirectoryClientSettings clientSettings,
ActiveDirectoryServiceSettings serviceSettings, UserIdentifier userId, TokenCache cache)
{
var authenticationContext = GetAuthenticationContext(domain, serviceSettings, cache);
TaskScheduler scheduler = TaskScheduler.FromCurrentSynchronizationContext();
var task = new Task<AuthenticationResult>(() =>
{
try
{
var result = authenticationContext.AcquireToken(
serviceSettings.TokenAudience.ToString(),
clientSettings.ClientId,
clientSettings.ClientRedirectUri,
clientSettings.PromptBehavior,
userId,
clientSettings.AdditionalQueryParameters);
return result;
}
catch (Exception e)
{
throw new AuthenticationException(
string.Format(CultureInfo.CurrentCulture, Resources.ErrorAcquiringToken,
e.Message), e);
}
});
task.Start(scheduler);
var authResult = await task.ConfigureAwait(false);
var newUserId = new UserIdentifier(authResult.UserInfo.DisplayableId,
UserIdentifierType.RequiredDisplayableId);
return new TokenCredentials(new UserTokenProvider(authenticationContext, clientSettings.ClientId,
serviceSettings.TokenAudience, newUserId));
}
/// <summary>
/// Create service client credentials using information cached from a previous login. Parameters are used to match existing tokens.
/// </summary>
/// <param name="clientId">The clientId to match when retrieving authentication tokens.</param>
/// <param name="domain">The active directory domain or tenant id to match when retrieving authentication tokens.</param>
/// <param name="username">The account username to match when retrieving authentication tokens.</param>
/// <param name="serviceSettings">The active directory service settings, including token authority and audience to match when retrieving tokens.</param>
/// <param name="cache">The token cache to target when retrieving tokens.</param>
/// <returns>A ServiceClientCredentials object that can be used to authenticate http requests using the retrieved credentials. If no
/// credentials can be retrieved, an authentication exception is thrown.</returns>
public static async Task <ServiceClientCredentials> CreateCredentialsFromCache(string clientId, string domain, string username,
ActiveDirectoryServiceSettings serviceSettings, TokenCache cache)
{
var userId = new UserIdentifier(username, UserIdentifierType.RequiredDisplayableId);
var authenticationContext = GetAuthenticationContext(domain, serviceSettings, cache);
try
{
await authenticationContext.AcquireTokenSilentAsync(serviceSettings.TokenAudience.ToString(),
clientId, userId).ConfigureAwait(false);
return
(new TokenCredentials(new UserTokenProvider(authenticationContext, clientId,
serviceSettings.TokenAudience, userId)));
}
catch (AdalException ex)
{
throw new AuthenticationException(Resources.ErrorAcquiringToken, ex);
}
}
/// <summary>
/// For testing purposes only: allows testing token expiration.
/// </summary>
/// <param name="domain">The active directory domain or tenantId to authenticate with.</param>
/// <param name="clientId">The active directory clientId for the application.</param>
/// <param name="authenticationProvider">A source for the secure secret for this application.</param>
/// <param name="settings">The active directory service side settings, including authority and token audience.</param>
/// <param name="cache">The token cache to target during authentication.</param>
/// <param name="expiration">The token expiration.</param>
/// <returns>A ServiceClientCredentials object that can authenticate http requests as the given application.</returns>
internal static async Task <ServiceClientCredentials> LoginSilentAsync(string domain, string clientId,
IApplicationAuthenticationProvider authenticationProvider, ActiveDirectoryServiceSettings settings, TokenCache cache, DateTimeOffset expiration)
{
var audience = settings.TokenAudience.OriginalString;
var context = GetAuthenticationContext(domain, settings, cache);
var authResult = await authenticationProvider.AuthenticateAsync(clientId, audience, context);
return(new TokenCredentials(
new ApplicationTokenProvider(context, audience, clientId, authenticationProvider, authResult, expiration),
authResult.TenantId,
authResult.UserInfo == null ? null : authResult.UserInfo.DisplayableId));
}
/// <summary>
/// Creates ServiceClientCredentials for authenticating requests as an active directory application using certificate credentials.
/// Uses the default token cache during authentication.
/// See <see href="https://azure.microsoft.com/en-us/documentation/articles/active-directory-devquickstarts-dotnet/"> Active Directory Quickstart for .Net</see>
/// for detailed instructions on creating an Azure Active Directory application.
/// </summary>
/// <param name="domain">The active directory domain or tenantId to authenticate with.</param>
/// <param name="clientId">The active directory clientId for the application.</param>
/// <param name="certificate">The certificate associated with Active Directory application.</param>
/// <param name="password">The certificate password.</param>
/// <param name="settings">The active directory service side settings, including authority and token audience.</param>
/// <returns>A ServiceClientCredentials object that can authenticate http requests as the given application.</returns>
public static async Task <ServiceClientCredentials> LoginSilentAsync(string domain, string clientId, byte[] certificate, string password,
ActiveDirectoryServiceSettings settings)
{
return(await LoginSilentAsync(domain, clientId, certificate, password, settings, TokenCache.DefaultShared));
}
/// <summary>
/// Creates ServiceClientCredentials for authenticating requests as an active directory application using a client credential. Uses the default token cache for authentication.
/// See <see href="https://azure.microsoft.com/en-us/documentation/articles/active-directory-devquickstarts-dotnet/">Active Directory Quickstart for .Net</see>
/// for detailed instructions on creating an Azure Active Directory application.
/// </summary>
/// <param name="domain">The active directory domain or tenantId to authenticate with.</param>
/// <param name="credential">The client credential (client id and secret) for this active directory application.</param>
/// <param name="settings">The active directory service side settings, including authority and token audience.</param>
/// <returns>A ServiceClientCredentials object that can authenticate http requests as the given application.</returns>
public static async Task <ServiceClientCredentials> LoginSilentAsync(string domain, ClientCredential credential,
ActiveDirectoryServiceSettings settings)
{
return(await LoginSilentAsync(domain, credential, settings, TokenCache.DefaultShared).ConfigureAwait(false));
}
/// <summary>
/// Creates ServiceClientCredentials for authenticating requests as an active directory application using client credentials.
/// See <see href="https://azure.microsoft.com/en-us/documentation/articles/active-directory-devquickstarts-dotnet/">Active Directory Quickstart for .Net</see>
/// for detailed instructions on creating an Azure Active Directory application.
/// </summary>
/// <param name="domain">The active directory domain or tenantId to authenticate with.</param>
/// <param name="clientId">The active directory clientId for the application.</param>
/// <param name="secret">The secret for this active directory application.</param>
/// <param name="settings">The active directory service side settings, including authority and token audience.</param>
/// <param name="cache">The token cache to target during authentication.</param>
/// <returns>A ServiceClientCredentials object that can authenticate http requests as the given application.</returns>
public static async Task<ServiceClientCredentials> LoginSilentAsync(string domain, string clientId, string secret,
ActiveDirectoryServiceSettings settings, TokenCache cache)
{
return await LoginSilentAsync(domain, new ClientCredential(clientId, secret), settings, cache);
}
/// <summary>
/// Creates ServiceClientCredentials for authenticating requests as an active directory application using certificate credential.
/// See <see href="https://azure.microsoft.com/en-us/documentation/articles/active-directory-devquickstarts-dotnet/">Active Directory Quickstart for .Net</see>
/// for detailed instructions on creating an Azure Active Directory application.
/// </summary>
/// <param name="domain">The active directory domain or tenantId to authenticate with.</param>
/// <param name="clientId">The active directory clientId for the application.</param>
/// <param name="certificate">The certificate associated with Active Directory application.</param>
/// <param name="password">The certificate password.</param>
/// <param name="settings">The active directory service side settings, including authority and token audience.</param>
/// <param name="cache">The token cache to target during authentication.</param>
/// <returns>A ServiceClientCredentials object that can authenticate http requests as the given application.</returns>
public static async Task<ServiceClientCredentials> LoginSilentAsync(
string domain, string clientId, byte[] certificate, string password,
ActiveDirectoryServiceSettings settings, TokenCache cache)
{
#if PORTABLE
return await LoginSilentAsync(domain, new ClientAssertionCertificate(clientId, certificate, password),
settings, cache);
#else
return await LoginSilentAsync(domain, new ClientAssertionCertificate(clientId,
new System.Security.Cryptography.X509Certificates.X509Certificate2(certificate)),
settings, cache);
#endif
}
/// <summary>
/// Creates ServiceClientCredentials for authenticating requests as an active directory application using a certificate credential.
/// See <see href="https://azure.microsoft.com/en-us/documentation/articles/active-directory-devquickstarts-dotnet/">Active Directory Quickstart for .Net</see>
/// for detailed instructions on creating an Azure Active Directory application.
/// </summary>
/// <param name="domain">The active directory domain or tenantId to authenticate with.</param>
/// <param name="certificate">The certificate associated with Active Directory application.</param>
/// <param name="settings">The active directory service side settings, including authority and token audience.</param>
/// <param name="cache">The token cache to target during authentication.</param>
/// <returns>A ServiceClientCredentials object that can authenticate http requests as the given application.</returns>
public static async Task <ServiceClientCredentials> LoginSilentAsync(string domain, ClientAssertionCertificate certificate,
ActiveDirectoryServiceSettings settings, TokenCache cache)
{
return(await LoginSilentAsync(domain, certificate.ClientId,
new CertificateAuthenticationProvider((clientId) => Task.FromResult(certificate)), settings, cache));
}
/// <summary>
/// Log in to Azure active directory with both user account and authentication credentials provided by the user. This call may display a
/// credentials dialog, depending on the supplied client settings and the state of the token cache and user cookies.
/// </summary>
/// <param name="domain">The domain to authenticate against.</param>
/// <param name="clientSettings">The client settings to use for authentication. These determine when a dialog will be displayed.</param>
/// <param name="serviceSettings">The settings for ad service, including endpoint and token audience</param>
/// <param name="cache">The token cache to target during authentication.</param>
/// <returns>A ServiceClientCredentials object that can be used to authenticate http requests using the given credentials.</returns>
public static async Task<ServiceClientCredentials> LoginWithPromptAsync(string domain,
ActiveDirectoryClientSettings clientSettings,
ActiveDirectoryServiceSettings serviceSettings, TokenCache cache)
{
return await LoginWithPromptAsync(domain, clientSettings, serviceSettings,
UserIdentifier.AnyUser, cache);
}
/// <summary>
/// Creates ServiceClientCredentials for authenticating requests as an active directory application. Uses the default shared token cache.
/// See <see href="https://azure.microsoft.com/en-us/documentation/articles/active-directory-devquickstarts-dotnet/">Active Directory Quickstart for .Net</see>
/// for detailed instructions on creating an Azure Active Directory application.
/// </summary>
/// <param name="domain">The active directory domain or tenantId to authenticate with.</param>
/// <param name="clientId">The active directory clientId for the application.</param>
/// <param name="authenticationProvider">A source for the secure secret for this application.</param>
/// <param name="settings">The active directory service side settings, including authority and token audience.</param>
/// <returns>A ServiceClientCredentials object that can authenticate http requests as the given application.</returns>
public static async Task <ServiceClientCredentials> LoginSilentAsync(string domain, string clientId,
IApplicationAuthenticationProvider authenticationProvider, ActiveDirectoryServiceSettings settings)
{
return(await LoginSilentAsync(domain, clientId, authenticationProvider, settings, TokenCache.DefaultShared));
}
/// <summary>
/// Creates ServiceClientCredentials for authenticating requests as an active directory application using client credentials.
/// Uses the default token cache during authentication.
/// See <see href="https://azure.microsoft.com/en-us/documentation/articles/active-directory-devquickstarts-dotnet/"> Active Directory Quickstart for .Net</see>
/// for detailed instructions on creating an Azure Active Directory application.
/// </summary>
/// <param name="domain">The active directory domain or tenantId to authenticate with.</param>
/// <param name="clientId">The active directory clientId for the application.</param>
/// <param name="secret">The secret for this active directory application.</param>
/// <param name="settings">The active directory service side settings, including authority and token audience.</param>
/// <returns>A ServiceClientCredentials object that can authenticate http requests as the given application.</returns>
public static async Task<ServiceClientCredentials> LoginSilentAsync(string domain, string clientId, string secret,
ActiveDirectoryServiceSettings settings)
{
return await LoginSilentAsync(domain, clientId, secret, settings, TokenCache.DefaultShared);
}
/// <summary>
/// Creates ServiceClientCredentials for authenticating requests as an active directory application using certificate credentials.
/// Uses the default token cache during authentication.
/// See <see href="https://azure.microsoft.com/en-us/documentation/articles/active-directory-devquickstarts-dotnet/"> Active Directory Quickstart for .Net</see>
/// for detailed instructions on creating an Azure Active Directory application.
/// </summary>
/// <param name="domain">The active directory domain or tenantId to authenticate with.</param>
/// <param name="clientId">The active directory clientId for the application.</param>
/// <param name="certificate">The certificate associated with Active Directory application.</param>
/// <param name="password">The certificate password.</param>
/// <param name="settings">The active directory service side settings, including authority and token audience.</param>
/// <returns>A ServiceClientCredentials object that can authenticate http requests as the given application.</returns>
public static async Task<ServiceClientCredentials> LoginSilentAsync(string domain, string clientId, byte[] certificate, string password,
ActiveDirectoryServiceSettings settings)
{
return await LoginSilentAsync(domain, clientId, certificate, password, settings, TokenCache.DefaultShared);
}
/// <summary>
/// Creates ServiceClientCredentials for authenticating requests as an active directory application.
/// See <see href="https://azure.microsoft.com/en-us/documentation/articles/active-directory-devquickstarts-dotnet/">Active Directory Quickstart for .Net</see>
/// for detailed instructions on creating an Azure Active Directory application.
/// </summary>
/// <param name="domain">The active directory domain or tenantId to authenticate with.</param>
/// <param name="clientId">The active directory clientId for the application.</param>
/// <param name="authenticationProvider">A source for the secure secret for this application.</param>
/// <param name="settings">The active directory service side settings, including authority and token audience.</param>
/// <param name="cache">The token cache to target during authentication.</param>
/// <returns>A ServiceClientCredentials object that can authenticate http requests as the given application.</returns>
public static async Task<ServiceClientCredentials> LoginSilentAsync(string domain, string clientId,
IApplicationAuthenticationProvider authenticationProvider, ActiveDirectoryServiceSettings settings, TokenCache cache)
{
var audience = settings.TokenAudience.ToString();
var context = GetAuthenticationContext(domain, settings, cache);
var authResult = await authenticationProvider.AuthenticateAsync(clientId, audience, context);
return new TokenCredentials(
new ApplicationTokenProvider(context, audience, clientId,authenticationProvider, authResult),
authResult.TenantId,
authResult.UserInfo == null ? null : authResult.UserInfo.DisplayableId);
}
