private async Task <bool> AuthenticateByAAD(string userObjectID,
string username,
string tenantID,
string upn,
string endpoint)
{
bool ret = true;
UserID userID = new UserID();
userID.groups = new List <string>();
userID.uid = "99999999";
userID.gid = "99999999";
userID.isAdmin = "false";
userID.isAuthorized = "false";
if (!String.IsNullOrEmpty(tenantID))
{
var token = await _tokenCache.GetAccessTokenForAadGraph();
if (!String.IsNullOrEmpty(token))
{
OpenIDAuthentication config;
var scheme = Startup.GetAuthentication(username, out config);
if (!Object.ReferenceEquals(config, null) && config._bUseAadGraph)
{
string requestUrl = String.Format("{0}/myorganization/me/memberOf?api-version={2}",
config._graphBasePoint,
tenantID,
config._graphApiVersion);
HttpClient client = new HttpClient();
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, requestUrl);
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token);
HttpResponseMessage response = await client.SendAsync(request);
if (!response.IsSuccessStatusCode)
{
throw new HttpRequestException(response.ReasonPhrase);
}
string responseString = await response.Content.ReadAsStringAsync();
_logger.LogInformation("MemberOf information: {0}", responseString);
// string resourceURL = Startup.Configuration["AzureAd:ResourceURL"];
// var servicePointUri = new Uri(resourceURL);
// System.Uri serviceRoot = new Uri(servicePointUri, tenantID);
// var activeDirectoryClient = new ActiveDirectoryClient(serviceRoot, async => await _assertionCredential.AccessToken);
}
}
}
// Mark user as unauthorized.
// await AddUser(username, userID);
return(ret);
}
// GET: /<controller>/
public async Task <IActionResult> Index()
{
try
{
string token = await _tokenCache.GetAccessTokenForAadGraph();
// Call the Graph API and retrieve the user's profile.
string requestUrl = String.Format("{0}/{1}{2}?api-version={3}",
_aadConfig.GraphBaseEndpoint,
User.FindFirst(AzureADConstants.TenantIdClaimType).Value,
"/me",
_aadConfig.GraphApiVersion);
HttpClient client = new HttpClient();
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, requestUrl);
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token);
HttpResponseMessage response = await client.SendAsync(request);
if (!response.IsSuccessStatusCode)
{
throw new HttpRequestException(response.ReasonPhrase);
}
string responseString = await response.Content.ReadAsStringAsync();
var model = JsonConvert.DeserializeObject <AADUserProfile>(responseString);
model.token = token;
return(View(model));
}
catch (AdalException ex)
{
return(new RedirectResult("/Home/Error?message=Unable to get tokens; you may need to sign in again."));
}
catch (Exception ex)
{
return(new RedirectResult(String.Concat("/Home/Error?message=", ex.Message)));
}
}
