private AuthenticationContext CreateContext(AdalConfiguration config)
{
return new AuthenticationContext(config.AdEndpoint + config.AdDomain, config.ValidateAuthority, ProtectedFileTokenCache.Instance)
{
OwnerWindow = parentWindow
};
}
public ServicePrincipalAccessToken(AdalConfiguration configuration, AuthenticationResult authResult, ServicePrincipalTokenProvider tokenProvider, string appId)
{
Configuration = configuration;
AuthResult = authResult;
this.tokenProvider = tokenProvider;
this.appId = appId;
}
public IAccessToken GetAccessToken(AdalConfiguration config, ShowDialog promptBehavior, string userId, SecureString password,
AzureAccount.AccountType credentialType)
{
if (credentialType == AzureAccount.AccountType.User)
{
throw new ArgumentException(string.Format(Resources.InvalidCredentialType, "User"), "credentialType");
}
return new ServicePrincipalAccessToken(config, AcquireToken(config, userId, password), this, userId);
}
private AuthenticationResult Renew(AdalConfiguration config, string appId)
{
using (SecureString appKey = LoadAppKey(appId, config.AdDomain))
{
if (appKey == null)
{
throw new KeyNotFoundException(string.Format(Resources.ServiceKeyNotFound, appId));
}
return AcquireToken(config, appId, appKey);
}
}
public IAccessToken GetAccessToken(AdalConfiguration config, ShowDialog promptBehavior, string userId, SecureString password,
AzureAccount.AccountType credentialType)
{
switch (credentialType)
{
case AzureAccount.AccountType.User:
return userTokenProvider.GetAccessToken(config, promptBehavior, userId, password, credentialType);
case AzureAccount.AccountType.ServicePrincipal:
return servicePrincipalTokenProvider.GetAccessToken(config, promptBehavior, userId, password, credentialType);
default:
throw new ArgumentException(Resources.UnknownCredentialType, "credentialType");
}
}
public IAccessToken GetAccessToken(AdalConfiguration config, ShowDialog promptBehavior, string userId, SecureString password,
AzureAccount.AccountType credentialType)
{
switch (credentialType)
{
case AzureAccount.AccountType.User:
return(userTokenProvider.GetAccessToken(config, promptBehavior, userId, password, credentialType));
case AzureAccount.AccountType.ServicePrincipal:
return(servicePrincipalTokenProvider.GetAccessToken(config, promptBehavior, userId, password, credentialType));
default:
throw new ArgumentException(Resources.UnknownCredentialType, "credentialType");
}
}
private AuthenticationResult AcquireToken(AdalConfiguration config, string appId, SecureString appKey)
{
if (appKey == null)
{
return Renew(config, appId);
}
StoreAppKey(appId, config.AdDomain, appKey);
string authority = config.AdEndpoint + config.AdDomain;
var context = new AuthenticationContext(authority, config.ValidateAuthority,
ProtectedFileTokenCache.Instance);
var credential = new ClientCredential(appId, appKey);
return context.AcquireToken("https://management.core.windows.net/", credential);
}
private AuthenticationResult AcquireToken(AdalConfiguration config, string appId, SecureString appKey)
{
if (appKey == null)
{
return(Renew(config, appId));
}
StoreAppKey(appId, config.AdDomain, appKey);
string authority = config.AdEndpoint + config.AdDomain;
var context = new AuthenticationContext(authority, config.ValidateAuthority,
ProtectedFileTokenCache.Instance);
var credential = new ClientCredential(appId, appKey);
return(context.AcquireToken("https://management.core.windows.net/", credential));
}
// We have to run this in a separate thread to guarantee that it's STA. This method
// handles the threading details.
private AuthenticationResult AcquireToken(AdalConfiguration config, string userId = null)
{
AuthenticationResult result = null;
Exception ex = null;
var thread = new Thread(() =>
{
try
{
var context = CreateContext(config);
if (string.IsNullOrEmpty(userId))
{
ClearCookies();
result = context.AcquireToken(config.ResourceClientUri, config.ClientId,
config.ClientRedirectUri, PromptBehavior.Always, AdalConfiguration.EnableEbdMagicCookie);
}
else
{
result = context.AcquireToken(config.ResourceClientUri, config.ClientId,
config.ClientRedirectUri, userId, AdalConfiguration.EnableEbdMagicCookie);
}
}
catch (Exception threadEx)
{
ex = threadEx;
}
});
thread.SetApartmentState(ApartmentState.STA);
thread.Name = "AcquireTokenThread";
thread.Start();
thread.Join();
if (ex != null)
{
var adex = ex as ActiveDirectoryAuthenticationException;
if (adex != null)
{
if (adex.ErrorCode == ActiveDirectoryAuthenticationError.AuthenticationCanceled)
{
throw new AadAuthenticationCanceledException(adex.Message, adex);
}
}
throw new AadAuthenticationFailedException(GetExceptionMessage(ex), ex);
}
return(result);
}
private AuthenticationResult AquireToken(AdalConfiguration config, bool noPrompt, string userId, SecureString password)
{
AuthenticationResult result;
var context = CreateContext(config);
if (string.IsNullOrEmpty(userId))
{
var promptBehavior = PromptBehavior.Always;
if (noPrompt)
{
promptBehavior = PromptBehavior.Never;
}
else
{
ClearCookies();
}
result = context.AcquireToken(config.ResourceClientUri, config.ClientId,
config.ClientRedirectUri, promptBehavior);
}
else
{
var promptBehavior = PromptBehavior.Auto;
if (noPrompt)
{
promptBehavior = PromptBehavior.Never;
}
if (password == null)
{
result = context.AcquireToken(config.ResourceClientUri, config.ClientId,
config.ClientRedirectUri, promptBehavior,
new UserIdentifier(userId, UserIdentifierType.OptionalDisplayableId),
AdalConfiguration.EnableEbdMagicCookie);
}
else
{
UserCredential credential = new UserCredential(userId, password);
result = context.AcquireToken(config.ResourceClientUri, config.ClientId, credential);
}
}
return(result);
}
// We have to run this in a separate thread to guarantee that it's STA. This method
// handles the threading details.
private AuthenticationResult AcquireToken(AdalConfiguration config, ShowDialog promptBehavior, string userId,
SecureString password)
{
AuthenticationResult result = null;
Exception ex = null;
if (promptBehavior == ShowDialog.Never)
{
result = SafeAquireToken(config, promptBehavior, userId, password, out ex);
}
else
{
var thread = new Thread(() =>
{
result = SafeAquireToken(config, promptBehavior, userId, password, out ex);
});
thread.SetApartmentState(ApartmentState.STA);
thread.Name = "AcquireTokenThread";
thread.Start();
thread.Join();
}
if (ex != null)
{
var adex = ex as AdalException;
if (adex != null)
{
if (adex.ErrorCode == AdalError.AuthenticationCanceled)
{
throw new AadAuthenticationCanceledException(adex.Message, adex);
}
}
if (ex is AadAuthenticationException)
{
throw ex;
}
throw new AadAuthenticationFailedException(GetExceptionMessage(ex), ex);
}
return(result);
}
private AuthenticationResult DoAcquireToken(AdalConfiguration config, ShowDialog showDialog, string userId, SecureString password)
{
AuthenticationResult result;
var context = CreateContext(config);
if (string.IsNullOrEmpty(userId))
{
PromptBehavior promptBehavior = (PromptBehavior)Enum.Parse(typeof(PromptBehavior), showDialog.ToString());
if (promptBehavior != PromptBehavior.Never)
{
ClearCookies();
}
result = context.AcquireToken(config.ResourceClientUri, config.ClientId,
config.ClientRedirectUri, promptBehavior,
UserIdentifier.AnyUser, AdalConfiguration.EnableEbdMagicCookie);
}
else
{
PromptBehavior promptBehavior = (PromptBehavior)Enum.Parse(typeof(PromptBehavior), showDialog.ToString());
if (password == null)
{
result = context.AcquireToken(config.ResourceClientUri, config.ClientId,
config.ClientRedirectUri, promptBehavior,
new UserIdentifier(userId, UserIdentifierType.OptionalDisplayableId),
AdalConfiguration.EnableEbdMagicCookie);
}
else
{
UserCredential credential = new UserCredential(userId, password);
result = context.AcquireToken(config.ResourceClientUri, config.ClientId, credential);
}
}
return(result);
}
private AuthenticationResult SafeAquireToken(
AdalConfiguration config,
ShowDialog showDialog,
string userId,
SecureString password,
out Exception ex)
{
try
{
ex = null;
var promptBehavior = (PromptBehavior)Enum.Parse(typeof(PromptBehavior), showDialog.ToString());
return(DoAcquireToken(config, promptBehavior, userId, password));
}
catch (AdalException adalEx)
{
if (adalEx.ErrorCode == AdalError.UserInteractionRequired ||
adalEx.ErrorCode == AdalError.MultipleTokensMatched)
{
ex = new AadAuthenticationFailedWithoutPopupException(Resources.InvalidSubscriptionState, adalEx);
}
else if (adalEx.ErrorCode == AdalError.MissingFederationMetadataUrl)
{
ex = new AadAuthenticationFailedException(Resources.CredentialOrganizationIdMessage, adalEx);
}
else
{
ex = adalEx;
}
}
catch (Exception threadEx)
{
ex = threadEx;
}
return(null);
}
// We have to run this in a separate thread to guarantee that it's STA. This method
// handles the threading details.
private AuthenticationResult AcquireToken(AdalConfiguration config, ShowDialog promptBehavior, string userId, SecureString password)
{
AuthenticationResult result = null;
Exception ex = null;
var thread = new Thread(() =>
{
try
{
result = DoAcquireToken(config, promptBehavior, userId, password);
}
catch (AdalException adalEx)
{
if (adalEx.ErrorCode == AdalError.UserInteractionRequired ||
adalEx.ErrorCode == AdalError.MultipleTokensMatched)
{
ex = new AadAuthenticationFailedWithoutPopupException(Resources.InvalidSubscriptionState, adalEx);
}
else if (adalEx.ErrorCode == AdalError.MissingFederationMetadataUrl)
{
ex = new AadAuthenticationFailedException(Resources.CredentialOrganizationIdMessage, adalEx);
}
else
{
ex = adalEx;
}
}
catch (Exception threadEx)
{
ex = threadEx;
}
});
thread.SetApartmentState(ApartmentState.STA);
thread.Name = "AcquireTokenThread";
thread.Start();
thread.Join();
if (ex != null)
{
var adex = ex as AdalException;
if (adex != null)
{
if (adex.ErrorCode == AdalError.AuthenticationCanceled)
{
throw new AadAuthenticationCanceledException(adex.Message, adex);
}
}
if (ex is AadAuthenticationException)
{
throw ex;
}
throw new AadAuthenticationFailedException(GetExceptionMessage(ex), ex);
}
return result;
}
public IAccessToken GetAccessToken(AdalConfiguration config, ShowDialog promptBehavior, string userId, SecureString password)
{
return GetAccessToken(config, promptBehavior, userId, password, AzureAccount.AccountType.User);
}
private AuthenticationResult DoAcquireToken(AdalConfiguration config, ShowDialog showDialog, string userId, SecureString password)
{
AuthenticationResult result;
var context = CreateContext(config);
if (string.IsNullOrEmpty(userId))
{
PromptBehavior promptBehavior = (PromptBehavior)Enum.Parse(typeof(PromptBehavior), showDialog.ToString());
if (promptBehavior != PromptBehavior.Never)
{
ClearCookies();
}
result = context.AcquireToken(config.ResourceClientUri, config.ClientId,
config.ClientRedirectUri, promptBehavior,
UserIdentifier.AnyUser, AdalConfiguration.EnableEbdMagicCookie);
}
else
{
PromptBehavior promptBehavior = (PromptBehavior)Enum.Parse(typeof(PromptBehavior), showDialog.ToString());
if (password == null)
{
result = context.AcquireToken(config.ResourceClientUri, config.ClientId,
config.ClientRedirectUri, promptBehavior,
new UserIdentifier(userId, UserIdentifierType.OptionalDisplayableId),
AdalConfiguration.EnableEbdMagicCookie);
}
else
{
UserCredential credential = new UserCredential(userId, password);
result = context.AcquireToken(config.ResourceClientUri, config.ClientId, credential);
}
}
return result;
}
public IAccessToken GetAccessToken(AdalConfiguration config, ShowDialog promptBehavior, string userId, SecureString password,
AzureAccount.AccountType credentialType)
{
return this.accessToken;
}
public IAccessToken GetAccessToken(AdalConfiguration config, ShowDialog promptBehavior, string userId,
SecureString password)
{
return this.accessToken;
}
public IAccessToken GetAccessToken(AdalConfiguration config, ShowDialog promptBehavior, string userId, SecureString password)
{
throw new InvalidOperationException(string.Format(Resources.InvalidCredentialType, "ServicePrincipal"));
}
public IAccessToken GetNewToken(WindowsAzureSubscription subscription, string userId)
{
var config = new AdalConfiguration(subscription);
return new AdalAccessToken(AcquireToken(config, userId), this, config);
}
// We have to run this in a separate thread to guarantee that it's STA. This method
// handles the threading details.
private AuthenticationResult AcquireToken(AdalConfiguration config, string userId = null)
{
AuthenticationResult result = null;
Exception ex = null;
var thread = new Thread(() =>
{
try
{
var context = CreateContext(config);
if (string.IsNullOrEmpty(userId))
{
ClearCookies();
result = context.AcquireToken(config.ResourceClientUri, config.ClientId,
config.ClientRedirectUri, PromptBehavior.Always, AdalConfiguration.EnableEbdMagicCookie);
}
else
{
result = context.AcquireToken(config.ResourceClientUri, config.ClientId,
config.ClientRedirectUri, userId, AdalConfiguration.EnableEbdMagicCookie);
}
}
catch (Exception threadEx)
{
ex = threadEx;
}
});
thread.SetApartmentState(ApartmentState.STA);
thread.Name = "AcquireTokenThread";
thread.Start();
thread.Join();
if (ex != null)
{
var adex = ex as ActiveDirectoryAuthenticationException;
if (adex != null)
{
if (adex.ErrorCode == ActiveDirectoryAuthenticationError.AuthenticationCanceled)
{
throw new AadAuthenticationCanceledException(adex.Message, adex);
}
}
throw new AadAuthenticationFailedException(GetExceptionMessage(ex), ex);
}
return result;
}
public IAccessToken GetNewToken(WindowsAzureSubscription subscription, string userId)
{
var config = new AdalConfiguration(subscription);
return(new AdalAccessToken(AcquireToken(config, userId), this, config));
}
private AuthenticationResult SafeAquireToken(
AdalConfiguration config,
ShowDialog showDialog,
string userId,
SecureString password,
out Exception ex)
{
try
{
ex = null;
var promptBehavior = (PromptBehavior)Enum.Parse(typeof(PromptBehavior), showDialog.ToString());
return DoAcquireToken(config, promptBehavior, userId, password);
}
catch (AdalException adalEx)
{
if (adalEx.ErrorCode == AdalError.UserInteractionRequired ||
adalEx.ErrorCode == AdalError.MultipleTokensMatched)
{
ex = new AadAuthenticationFailedWithoutPopupException(Resources.InvalidSubscriptionState, adalEx);
}
else if (adalEx.ErrorCode == AdalError.MissingFederationMetadataUrl)
{
ex = new AadAuthenticationFailedException(Resources.CredentialOrganizationIdMessage, adalEx);
}
else
{
ex = adalEx;
}
}
catch (Exception threadEx)
{
ex = threadEx;
}
return null;
}
public IAccessToken GetNewToken(WindowsAzureEnvironment environment, string userId, SecureString password)
{
var config = new AdalConfiguration(environment);
return new AdalAccessToken(AcquireToken(config, false, userId, password), this, config);
}
public IAccessToken GetAccessToken(AdalConfiguration config, ShowDialog promptBehavior, string userId, SecureString password)
{
throw new InvalidOperationException(string.Format(Resources.InvalidCredentialType, "ServicePrincipal"));
}
public IAccessToken GetNewToken(WindowsAzureEnvironment environment, string userId, SecureString password)
{
var config = new AdalConfiguration(environment);
return(new AdalAccessToken(AcquireToken(config, false, userId, password), this, config));
}
public AdalAccessToken(AuthenticationResult authResult, AdalTokenProvider tokenProvider, AdalConfiguration configuration)
{
AuthResult = authResult;
this.tokenProvider = tokenProvider;
Configuration = configuration;
}
// We have to run this in a separate thread to guarantee that it's STA. This method
// handles the threading details.
private AuthenticationResult AcquireToken(AdalConfiguration config, bool tryRefresh, string userId = null, SecureString password = null)
{
AuthenticationResult result = null;
Exception ex = null;
var thread = new Thread(() =>
{
try
{
result = AquireToken(config, tryRefresh, userId, password);
}
catch (AdalException adalEx)
{
if (adalEx.ErrorCode == AdalError.UserInteractionRequired)
{
try
{
result = AquireToken(config, false, userId, password);
}
catch (Exception threadEx)
{
ex = threadEx;
}
}
else if (adalEx.ErrorCode == AdalError.MissingFederationMetadataUrl)
{
ex = new Exception(Resources.CredentialOrganizationIdMessage, adalEx);
}
else
{
ex = adalEx;
}
}
catch (Exception threadEx)
{
ex = threadEx;
}
});
thread.SetApartmentState(ApartmentState.STA);
thread.Name = "AcquireTokenThread";
thread.Start();
thread.Join();
if (ex != null)
{
var adex = ex as AdalException;
if (adex != null)
{
if (adex.ErrorCode == AdalError.AuthenticationCanceled)
{
throw new AadAuthenticationCanceledException(adex.Message, adex);
}
}
throw new AadAuthenticationFailedException(GetExceptionMessage(ex), ex);
}
return result;
}
public IAccessToken GetNewToken(WindowsAzureEnvironment environment)
{
var config = new AdalConfiguration(environment);
return(new AdalAccessToken(AcquireToken(config), this, config));
}
private AuthenticationResult AquireToken(AdalConfiguration config, bool noPrompt, string userId, SecureString password)
{
AuthenticationResult result;
var context = CreateContext(config);
if (string.IsNullOrEmpty(userId))
{
var promptBehavior = PromptBehavior.Always;
if (noPrompt)
{
promptBehavior = PromptBehavior.Never;
}
else
{
ClearCookies();
}
result = context.AcquireToken(config.ResourceClientUri, config.ClientId,
config.ClientRedirectUri, promptBehavior);
}
else
{
var promptBehavior = PromptBehavior.Auto;
if (noPrompt)
{
promptBehavior = PromptBehavior.Never;
}
if (password == null)
{
result = context.AcquireToken(config.ResourceClientUri, config.ClientId,
config.ClientRedirectUri, promptBehavior,
new UserIdentifier(userId, UserIdentifierType.OptionalDisplayableId),
AdalConfiguration.EnableEbdMagicCookie);
}
else
{
UserCredential credential = new UserCredential(userId, password);
result = context.AcquireToken(config.ResourceClientUri, config.ClientId, credential);
}
}
return result;
}
public AdalAccessToken(AuthenticationResult authResult, AdalTokenProvider tokenProvider, AdalConfiguration configuration)
{
AuthResult = authResult;
this.tokenProvider = tokenProvider;
Configuration = configuration;
}
public IAccessToken GetAccessToken(AdalConfiguration config, ShowDialog promptBehavior, string userId, SecureString password)
{
return(GetAccessToken(config, promptBehavior, userId, password, AzureAccount.AccountType.User));
}
public IAccessToken GetNewToken(WindowsAzureEnvironment environment)
{
var config = new AdalConfiguration(environment);
return new AdalAccessToken(AcquireToken(config), this, config);
}
// We have to run this in a separate thread to guarantee that it's STA. This method
// handles the threading details.
private AuthenticationResult AcquireToken(AdalConfiguration config, ShowDialog promptBehavior, string userId,
SecureString password)
{
AuthenticationResult result = null;
Exception ex = null;
if (promptBehavior == ShowDialog.Never)
{
result = SafeAquireToken(config, promptBehavior, userId, password, out ex);
}
else
{
var thread = new Thread(() =>
{
result = SafeAquireToken(config, promptBehavior, userId, password, out ex);
});
thread.SetApartmentState(ApartmentState.STA);
thread.Name = "AcquireTokenThread";
thread.Start();
thread.Join();
}
if (ex != null)
{
var adex = ex as AdalException;
if (adex != null)
{
if (adex.ErrorCode == AdalError.AuthenticationCanceled)
{
throw new AadAuthenticationCanceledException(adex.Message, adex);
}
}
if (ex is AadAuthenticationException)
{
throw ex;
}
throw new AadAuthenticationFailedException(GetExceptionMessage(ex), ex);
}
return result;
}
