//MSAL doesn't cache Service Principal into msal.cache public override Task <IAccessToken> Authenticate(AuthenticationParameters parameters, CancellationToken cancellationToken) { var spParameters = parameters as ServicePrincipalParameters; var onPremise = spParameters.Environment.OnPremise; var tenantId = onPremise ? AdfsTenant : (string.Equals(parameters.TenantId, OrganizationsTenant, StringComparison.OrdinalIgnoreCase) ? null : parameters.TenantId); var resource = spParameters.Environment.GetEndpoint(spParameters.ResourceId) ?? spParameters.ResourceId; var scopes = AuthenticationHelpers.GetScope(onPremise, resource); var clientId = spParameters.ApplicationId; var authority = spParameters.Environment.ActiveDirectoryAuthority; var requestContext = new TokenRequestContext(scopes); var options = new ClientCertificateCredentialOptions() { AuthorityHost = new Uri(authority) }; if (!string.IsNullOrEmpty(spParameters.Thumbprint)) { //Service Principal with Certificate ClientCertificateCredential certCredential; if (!ClientCertCredentialMap.TryGetValue(spParameters.ApplicationId, out certCredential)) { //first time login var certificate = AzureSession.Instance.DataStore.GetCertificate(spParameters.Thumbprint); certCredential = new ClientCertificateCredential(tenantId, spParameters.ApplicationId, certificate, options); var tokenTask = certCredential.GetTokenAsync(requestContext, cancellationToken); return(MsalAccessToken.GetAccessTokenAsync(tokenTask, () => { ClientCertCredentialMap[spParameters.ApplicationId] = certCredential; }, spParameters.TenantId, spParameters.ApplicationId)); } else { var tokenTask = certCredential.GetTokenAsync(requestContext, cancellationToken); return(MsalAccessToken.GetAccessTokenAsync(tokenTask, spParameters.TenantId, spParameters.ApplicationId)); } } else if (spParameters.Secret != null) { // service principal with secret var secretCredential = new ClientSecretCredential(tenantId, spParameters.ApplicationId, spParameters.Secret.ConvertToString(), options); var tokenTask = secretCredential.GetTokenAsync(requestContext, cancellationToken); return(MsalAccessToken.GetAccessTokenAsync( tokenTask, spParameters.TenantId, spParameters.ApplicationId)); } else { throw new MsalException(MsalError.AuthenticationFailed, string.Format(AuthenticationFailedMessage, clientId)); } }
//MSAL doesn't cache Service Principal into msal.cache public override Task <IAccessToken> Authenticate(AuthenticationParameters parameters, CancellationToken cancellationToken) { var spParameters = parameters as ServicePrincipalParameters; var onPremise = spParameters.Environment.OnPremise; var tenantId = onPremise ? AdfsTenant : (string.Equals(parameters.TenantId, OrganizationsTenant, StringComparison.OrdinalIgnoreCase) ? null : parameters.TenantId); var resource = spParameters.Environment.GetEndpoint(spParameters.ResourceId) ?? spParameters.ResourceId; var scopes = AuthenticationHelpers.GetScope(onPremise, resource); var clientId = spParameters.ApplicationId; var authority = spParameters.Environment.ActiveDirectoryAuthority; var requestContext = new TokenRequestContext(scopes); var options = new ClientCertificateCredentialOptions() { AuthorityHost = new Uri(authority), SendCertificateChain = spParameters.SendCertificateChain ?? default(bool) }; if (!string.IsNullOrEmpty(spParameters.Thumbprint)) { //Service Principal with Certificate var certificate = AzureSession.Instance.DataStore.GetCertificate(spParameters.Thumbprint); ClientCertificateCredential certCredential = new ClientCertificateCredential(tenantId, spParameters.ApplicationId, certificate, options); var parametersLog = $"- Thumbprint:'{spParameters.Thumbprint}', ApplicationId:'{spParameters.ApplicationId}', TenantId:'{tenantId}', Scopes:'{string.Join(",", scopes)}', AuthorityHost:'{options.AuthorityHost}'"; return(MsalAccessToken.GetAccessTokenAsync( nameof(ServicePrincipalAuthenticator), parametersLog, certCredential, requestContext, cancellationToken, spParameters.TenantId, spParameters.ApplicationId)); } else if (spParameters.Secret != null) { // service principal with secret var secretCredential = new ClientSecretCredential(tenantId, spParameters.ApplicationId, spParameters.Secret.ConvertToString(), options); var parametersLog = $"- ApplicationId:'{spParameters.ApplicationId}', TenantId:'{tenantId}', Scopes:'{string.Join(",", scopes)}', AuthorityHost:'{options.AuthorityHost}'"; return(MsalAccessToken.GetAccessTokenAsync( nameof(ServicePrincipalAuthenticator), parametersLog, secretCredential, requestContext, cancellationToken, spParameters.TenantId, spParameters.ApplicationId)); } else { throw new MsalException(MsalError.AuthenticationFailed, string.Format(AuthenticationFailedMessage, clientId)); } }
public virtual TokenCredential CreateClientCertificateCredential(string tenantId, string clientId, string certificatePath, ClientCertificateCredentialOptions options) { return(new ClientCertificateCredential(tenantId, clientId, certificatePath, options)); }
public virtual TokenCredential CreateClientSecretCredential(string tenantId, string clientId, SecureString secret, ClientCertificateCredentialOptions options) { return(new ClientSecretCredential(tenantId, clientId, secret.ConvertToString(), options)); }