public void MediaServicesCredentialsAcsEndPointCustomRetryPolicy()
{
string account = WindowsAzureMediaServicesTestConfiguration.MediaServiceAccountName;
string key = WindowsAzureMediaServicesTestConfiguration.MediaServiceAccountKey;
var retryStrategy = new Incremental(1, TimeSpan.FromSeconds(1), TimeSpan.FromSeconds(2));
var errorDetectionStrategy = new ErrorDetectionStrategyForRefreshToken();
MediaServicesCredentials credentials = new MediaServicesCredentials(account, key,
WindowsAzureMediaServicesTestConfiguration.MediaServicesAccessScope,
new List <string>
{
"http://dummyacsendpoint"
})
{
RefreshTokenRetryPolicy = new RetryPolicy(errorDetectionStrategy, retryStrategy)
};
Assert.IsNull(credentials.AccessToken);
Assert.IsTrue(credentials.TokenExpiration < DateTime.UtcNow);
try
{
credentials.RefreshToken();
}
catch (WebException)
{
Assert.IsTrue(errorDetectionStrategy.Invoked);
throw;
}
}
public static CloudMediaContext GetContext()
{
string accessToken;
DateTime tokenExpiration;
CloudMediaContext _context;
GetTokenInfo(out accessToken, out tokenExpiration);
MediaServicesCredentials credentials = new MediaServicesCredentials(MSAccount, MSPrimaryKey);
if (string.IsNullOrEmpty(credentials.AccessToken))
{
credentials.RefreshToken();
}
if (!string.IsNullOrEmpty(accessToken) && !tokenExpiration.Equals(DateTime.MaxValue))
{
credentials.AccessToken = accessToken;
credentials.TokenExpiration = tokenExpiration;
}
_context = new CloudMediaContext(credentials);
if (_context.Credentials.TokenExpiration != tokenExpiration)
{
SaveTokenInfo(_context.Credentials.AccessToken, _context.Credentials.TokenExpiration);
}
return(_context);
}
public void MediaServicesCredentialsAcsEndPointCustomRetryPolicy()
{
string account = WindowsAzureMediaServicesTestConfiguration.MediaServiceAccountName;
string key = WindowsAzureMediaServicesTestConfiguration.MediaServiceAccountKey;
var retryStrategy = new Incremental(1, TimeSpan.FromSeconds(1),TimeSpan.FromSeconds(2));
var errorDetectionStrategy = new ErrorDetectionStrategyForRefreshToken();
MediaServicesCredentials credentials = new MediaServicesCredentials(account, key,
WindowsAzureMediaServicesTestConfiguration.MediaServicesAccessScope,
new List<string>
{
"http://dummyacsendpoint"
})
{
RefreshTokenRetryPolicy = new RetryPolicy(errorDetectionStrategy, retryStrategy)
};
Assert.IsNull(credentials.AccessToken);
Assert.IsTrue(credentials.TokenExpiration < DateTime.UtcNow);
try
{
credentials.RefreshToken();
}
catch (WebException)
{
Assert.IsTrue(errorDetectionStrategy.Invoked);
throw;
}
}
public void MediaServicesCredentialsTestGetToken()
{
MediaServicesCredentials target = WindowsAzureMediaServicesTestConfiguration.CreateMediaServicesCredentials();
Assert.IsNull(target.AccessToken);
Assert.IsTrue(target.TokenExpiration < DateTime.UtcNow);
target.RefreshToken();
Assert.IsNotNull(target.AccessToken);
Assert.IsTrue(target.AccessToken.Length > 0);
Assert.IsTrue(target.TokenExpiration > DateTime.UtcNow.AddHours(1));
}
//
// The Client ID is used by the application to uniquely identify itself to Azure AD.
// The App Key is a credential used to authenticate the application to Azure AD. Azure AD supports password and certificate credentials.
// The Metadata Address is used by the application to retrieve the signing keys used by Azure AD.
// The AAD Instance is the instance of Azure, for example public Azure or Azure China.
// The Authority is the sign-in URL of the tenant.
// The Post Logout Redirect Uri is the URL where the user will be redirected after they sign out.
//
// This is the resource ID of the AAD Graph API. We'll need this to request a token to call the Graph API.
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = MediaLibraryWebApp.Configuration.ClientId,
Authority = MediaLibraryWebApp.Configuration.Authority,
PostLogoutRedirectUri = MediaLibraryWebApp.Configuration.PostLogoutRedirectUri,
Notifications = new OpenIdConnectAuthenticationNotifications()
{
//
// If there is a code in the OpenID Connect response, redeem it for an access token and refresh token, and store those away.
//
AuthorizationCodeReceived = (context) =>
{
var code = context.Code;
System.IdentityModel.Tokens.JwtSecurityToken jwtToken = context.JwtSecurityToken;
string userObjectID = context.AuthenticationTicket.Identity.FindFirst(MediaLibraryWebApp.Configuration.ClaimsObjectidentifier).Value;
Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential credential = new Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential(MediaLibraryWebApp.Configuration.ClientId, MediaLibraryWebApp.Configuration.AppKey);
NaiveSessionCache cache = new NaiveSessionCache(userObjectID);
AuthenticationContext authContext = new AuthenticationContext(MediaLibraryWebApp.Configuration.Authority, cache);
//Getting a token to connect with GraphApi later on userProfile page
AuthenticationResult graphAPiresult = authContext.AcquireTokenByAuthorizationCode(code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, MediaLibraryWebApp.Configuration.GraphResourceId);
//Getting a access token which can be used to configure auth restrictions for multiple tentants since audience will be same for each web app requesting this token
AuthenticationResult kdAPiresult = authContext.AcquireTokenByAuthorizationCode(code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, MediaLibraryWebApp.Configuration.KdResourceId);
string kdAccessToken = kdAPiresult.AccessToken;
//Initializing MediaServicesCredentials in order to obtain access token to be used to connect
var amsCredentials = new MediaServicesCredentials(MediaLibraryWebApp.Configuration.MediaAccount, MediaLibraryWebApp.Configuration.MediaKey);
//Forces to get access token
amsCredentials.RefreshToken();
//Adding token to a claim so it can be accessible within controller
context.AuthenticationTicket.Identity.AddClaim(new Claim(MediaLibraryWebApp.Configuration.ClaimsSignInJwtToken, jwtToken.RawData));
//Adding media services access token as claim so it can be accessible within controller
context.AuthenticationTicket.Identity.AddClaim(new Claim(MediaLibraryWebApp.Configuration.ClaimsAmsAcessToken, amsCredentials.AccessToken));
return(Task.FromResult(0));
}
}
});
}
private void RefreshAcsToken()
{
bool exit = false;
int timesToSwitchEndpointAndRetry = 1;
//first try preferred ACS
if (this.IsPreferredAcsEnabled() && (this.AcsInstance != AcsInstance.Longevity))
{
if (!this.IsPreferredAcsEndpoint(objMediaServicesCredentials))
{
this.SwitchAcsEndpointToPreferred();
objMediaServicesCredentials = this.CreateMediaServicesCredentials();
}
}
while (!exit)
{
try
{
bool isNullAcsToken = (objMediaServicesCredentials.AccessToken == null);
objMediaServicesCredentials.RefreshToken(); //ACS Token is constructed if not yet, by authenticating against ACS
exit = true;
if (isNullAcsToken)
{
Console.WriteLine("A new ACS token has been created.");
}
else
{
Console.WriteLine("The ACS token has been renewed.");
}
}
catch (Exception)
{
// we hit an error, switch the endpoint to try so that the next attempt will be on a different endpoint
SwitchAcsEndpoint();
timesToSwitchEndpointAndRetry--;
if (timesToSwitchEndpointAndRetry < 0)
{
Logger.Log("Have tried all available ACS instances and failed.", EventLogEntryType.Error);
throw new Exception("Have tried all available ACS instances and failed.");
}
// Create the new credentials instance with the next endpoint for the retry
objMediaServicesCredentials = this.CreateMediaServicesCredentials();
}
}
}
public void MediaServicesCredentialsPassingAcsEndPoint()
{
var context1 = WindowsAzureMediaServicesTestConfiguration.CreateCloudMediaContext();
string account = WindowsAzureMediaServicesTestConfiguration.MediaServiceAccountName;
string key = WindowsAzureMediaServicesTestConfiguration.MediaServiceAccountKey;
MediaServicesCredentials credentials = new MediaServicesCredentials(account, key, WindowsAzureMediaServicesTestConfiguration.MediaServicesAccessScope, WindowsAzureMediaServicesTestConfiguration.MediaServicesAcsBaseAddress);
Assert.IsNull(credentials.AccessToken);
Assert.IsTrue(credentials.TokenExpiration < DateTime.UtcNow);
credentials.RefreshToken();
Assert.IsNotNull(credentials.AccessToken);
Assert.IsTrue(credentials.AccessToken.Length > 0);
Assert.IsTrue(credentials.TokenExpiration > DateTime.UtcNow);
}
public void MediaServicesCredentialsAcsEndPointListWithWrongOneLast()
{
string account = WindowsAzureMediaServicesTestConfiguration.MediaServiceAccountName;
string key = WindowsAzureMediaServicesTestConfiguration.MediaServiceAccountKey;
MediaServicesCredentials credentials = new MediaServicesCredentials(account, key, WindowsAzureMediaServicesTestConfiguration.MediaServicesAccessScope, new List <string> {
WindowsAzureMediaServicesTestConfiguration.MediaServicesAcsBaseAddress, "http://dummyacsendpoint"
});
Assert.IsNull(credentials.AccessToken);
Assert.IsTrue(credentials.TokenExpiration < DateTime.UtcNow);
credentials.RefreshToken();
Assert.IsNotNull(credentials.AccessToken);
Assert.IsTrue(credentials.AccessToken.Length > 0);
Assert.IsTrue(credentials.TokenExpiration > DateTime.UtcNow);
}
//
// The Client ID is used by the application to uniquely identify itself to Azure AD.
// The App Key is a credential used to authenticate the application to Azure AD. Azure AD supports password and certificate credentials.
// The Metadata Address is used by the application to retrieve the signing keys used by Azure AD.
// The AAD Instance is the instance of Azure, for example public Azure or Azure China.
// The Authority is the sign-in URL of the tenant.
// The Post Logout Redirect Uri is the URL where the user will be redirected after they sign out.
//
// This is the resource ID of the AAD Graph API. We'll need this to request a token to call the Graph API.
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = MediaLibraryWebApp.Configuration.ClientId,
Authority = MediaLibraryWebApp.Configuration.Authority,
PostLogoutRedirectUri = MediaLibraryWebApp.Configuration.PostLogoutRedirectUri,
Notifications = new OpenIdConnectAuthenticationNotifications()
{
//
// If there is a code in the OpenID Connect response, redeem it for an access token and refresh token, and store those away.
//
AuthorizationCodeReceived = (context) =>
{
var code = context.Code;
ClientCredential credential = new ClientCredential(MediaLibraryWebApp.Configuration.ClientId, MediaLibraryWebApp.Configuration.AppKey);
string userObjectID = context.AuthenticationTicket.Identity.FindFirst(MediaLibraryWebApp.Configuration.ClaimsObjectidentifier).Value;
AuthenticationContext authContext = new AuthenticationContext(MediaLibraryWebApp.Configuration.Authority, new NaiveSessionCache(userObjectID));
AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode(code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, MediaLibraryWebApp.Configuration.GraphResourceId);
//Initializing MediaServicesCredentials in order to obtain access token to be used to connect
var amsCredentials = new MediaServicesCredentials(MediaLibraryWebApp.Configuration.MediaAccount, MediaLibraryWebApp.Configuration.MediaKey);
//Forces to get access token
amsCredentials.RefreshToken();
//Adding token to a claim so it can be accessible within controller
context.AuthenticationTicket.Identity.AddClaim(new Claim(MediaLibraryWebApp.Configuration.ClaimsJwtToken, result.AccessToken));
context.AuthenticationTicket.Identity.AddClaim(new Claim(MediaLibraryWebApp.Configuration.ClaimsAmsAcessToken, amsCredentials.AccessToken));
return(Task.FromResult(0));
}
}
});
}
public void MediaServicesCredentialsAcsEndPointListWithWrongOneFirst()
{
string account = WindowsAzureMediaServicesTestConfiguration.MediaServiceAccountName;
string key = WindowsAzureMediaServicesTestConfiguration.MediaServiceAccountKey;
MediaServicesCredentials credentials = new MediaServicesCredentials(account, key, WindowsAzureMediaServicesTestConfiguration.MediaServicesAccessScope, new List<string> { "http://dummyacsendpoint", WindowsAzureMediaServicesTestConfiguration.MediaServicesAcsBaseAddress});
Assert.IsNull(credentials.AccessToken);
Assert.IsTrue(credentials.TokenExpiration < DateTime.UtcNow);
credentials.RefreshToken();
Assert.IsNotNull(credentials.AccessToken);
Assert.IsTrue(credentials.AccessToken.Length > 0);
Assert.IsTrue(credentials.TokenExpiration > DateTime.UtcNow);
}
public void MediaServicesCredentialsPassingAcsEndPoint()
{
var context1 = WindowsAzureMediaServicesTestConfiguration.CreateCloudMediaContext();
string account = WindowsAzureMediaServicesTestConfiguration.MediaServiceAccountName;
string key = WindowsAzureMediaServicesTestConfiguration.MediaServiceAccountKey;
MediaServicesCredentials credentials = new MediaServicesCredentials(account, key,WindowsAzureMediaServicesTestConfiguration.MediaServicesAccessScope,WindowsAzureMediaServicesTestConfiguration.MediaServicesAcsBaseAddress);
Assert.IsNull(credentials.AccessToken);
Assert.IsTrue(credentials.TokenExpiration < DateTime.UtcNow);
credentials.RefreshToken();
Assert.IsNotNull(credentials.AccessToken);
Assert.IsTrue(credentials.AccessToken.Length > 0);
Assert.IsTrue(credentials.TokenExpiration > DateTime.UtcNow);
}