/// <summary> /// Acquires an IUserIdentity from Azure Active Directory using the argument authorizationCode. /// </summary> /// <param name="authorizationCode">An authorization code provided by Azure Active Directory used to retrieve an IUserIdentity</param> /// <returns>Returns an IUserIdentity representing a successfully authenticated Azure Active Directory user who has privileges for this configured application</returns> public static IUserIdentity GetAuthenticatedUserIDentity(string authorizationCode) { var authenticationContext = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext(string.Format("https://login.windows.net/{0}", AAD.TENANT_ID)); var clientCredential = new Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential(AAD.CLIENT_ID, AAD.CLIENT_KEY); var authenticationResult = authenticationContext.AcquireTokenByAuthorizationCode(authorizationCode, new Uri(AAD.REPLY_URL), clientCredential); return new UserIdentity(authenticationResult.UserInfo); }
public static async Task <string> SendGraphGetRequest(AuthenticationResult authResult, string api, string query, string tenant, string adminClientId, string adminClientSecret) { var authContext = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext("https://login.microsoftonline.com/" + tenant); var credential = new Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential(adminClientId, adminClientSecret); // Here you ask for a token using the web app's clientId as the scope, since the web app and service share the same clientId. // AcquireTokenSilentAsync will return a token from the token cache, and throw an exception if it cannot do so. //var authContext = new AuthenticationContext(authority, new NaiveSessionCache(userObjectId)); //// We don't care which policy is used to access the TaskService, so let's use the most recent policy //var mostRecentPolicy = authTicket.Identity.FindFirst(AcrClaimType).Value; //var result = await authContext.AcquireTokenSilentAsync(new string[] { clientId }, credential, UserIdentifier.AnyUser, mostRecentPolicy); //// First, use ADAL to acquire a token using the app's identity (the credential) //// The first parameter is the resource we want an access_token for; in this case, the Graph API. var result = authContext.AcquireToken("https://graph.windows.net", credential); // For B2C user managment, be sure to use the beta Graph API version. var http = new HttpClient(); var url = "https://graph.windows.net/" + tenant + api + "?" + "api-version=beta"; if (!string.IsNullOrEmpty(query)) { url += "&" + query; } //Console.ForegroundColor = ConsoleColor.Cyan; //Console.WriteLine("GET " + url); //Console.WriteLine("Authorization: Bearer " + result.AccessToken.Substring(0, 80) + "..."); //Console.WriteLine(""); // Append the access token for the Graph API to the Authorization header of the request, using the Bearer scheme. var request = new HttpRequestMessage(HttpMethod.Get, url); //request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", authResult.Token); request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken); var response = await http.SendAsync(request); if (!response.IsSuccessStatusCode) { string error = await response.Content.ReadAsStringAsync(); object formatted = JsonConvert.DeserializeObject(error); throw new WebException("Error Calling the Graph API: \n" + JsonConvert.SerializeObject(formatted, Formatting.Indented)); } //Console.ForegroundColor = ConsoleColor.Green; //Console.WriteLine((int)response.StatusCode + ": " + response.ReasonPhrase); //Console.WriteLine(""); return(await response.Content.ReadAsStringAsync()); }
private async Task <string> GetAppTokenAsync() { // *****ADAL code Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationResult tokenResult = null; string userObjectID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value; Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext authContext = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext(authority, false); Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential credential = new Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential(clientId, appKey); tokenResult = await authContext.AcquireTokenAsync(resAzureGraphAPI, credential); return(tokenResult.AccessToken); }
static void InitializeAzureKeyVaultProvider() { //TODO: Determine the exact name of environment variable created by ARM template. change the following two lines accordingly. string clientId = System.Environment.GetEnvironmentVariable("applicationADID"); //System.Configuration.ConfigurationManager.AppSettings["AuthClientId"]; string clientSecret = System.Environment.GetEnvironmentVariable("applicationADSecret"); //System.Configuration.ConfigurationManager.AppSettings["applicationADSecret"]; //Change the above lines to get the ID and Secret set correctly. _clientCredential = new Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential(clientId, clientSecret); Microsoft.SqlServer.Management.AlwaysEncrypted.AzureKeyVaultProvider.SqlColumnEncryptionAzureKeyVaultProvider azureKeyVaultProvider = new Microsoft.SqlServer.Management.AlwaysEncrypted.AzureKeyVaultProvider.SqlColumnEncryptionAzureKeyVaultProvider(GetToken); System.Collections.Generic.Dictionary <string, System.Data.SqlClient.SqlColumnEncryptionKeyStoreProvider> providers = new System.Collections.Generic.Dictionary <string, System.Data.SqlClient.SqlColumnEncryptionKeyStoreProvider>(); providers.Add(Microsoft.SqlServer.Management.AlwaysEncrypted.AzureKeyVaultProvider.SqlColumnEncryptionAzureKeyVaultProvider.ProviderName, azureKeyVaultProvider); System.Data.SqlClient.SqlConnection.RegisterColumnEncryptionKeyStoreProviders(providers); }
/// <summary> /// get the bearer token for adding to authorization header /// </summary> /// <returns></returns> private async static Task <string> GetBearerToken() { try { string authContextURL = "https://login.windows.net/" + tenantId; var authenticationContext = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext(authContextURL); var cred = new Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential(clientId, clientKey); var result = await authenticationContext.AcquireTokenAsync("https://management.azure.com/", cred); if (result == null) { throw new InvalidOperationException("Failed to obtain the JWT token"); } string token = result.AccessToken; return(token); } catch (Exception ex) { throw ex; } }
private static async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedNotification notification) { // The user's objectId is extracted from the claims provided in the id_token, and used to cache tokens in ADAL // The authority is constructed by appending your B2C directory's name to "https://login.microsoftonline.com/" // The client credential is where you provide your application secret, and is used to authenticate the application to Azure AD var userObjectId = notification.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value; var audience = notification.AuthenticationTicket.Identity.FindFirst("aud").Value; if (audience == Auth.Config.ExternalUsersClientId) { var authority = string.Format(CultureInfo.InvariantCulture, Auth.Config.AadInstance, Auth.Config.ExternalUsersTenant, string.Empty, string.Empty); var credential = new ClientCredential(Auth.Config.ExternalUsersClientId, Auth.Config.ExternalUsersClientSecret); // We don't care which policy is used to access the TaskService, so let's use the most recent policy var mostRecentPolicy = notification.AuthenticationTicket.Identity.FindFirst(Auth.Config.AcrClaimType).Value; // The Authentication Context is ADAL's primary class, which represents your connection to your B2C directory // ADAL uses an in-memory token cache by default. In this case, we've extended the default cache to use a simple per-user session cache var authContext = new AuthenticationContext(authority, new NaiveSessionCache(userObjectId)); // Here you ask for a token using the web app's clientId as the scope, since the web app and service share the same clientId. // The token will be stored in the ADAL token cache, for use in our controllers await authContext.AcquireTokenByAuthorizationCodeAsync(notification.Code, new Uri(Auth.Config.RedirectUri), credential, new[] { Auth.Config.ExternalUsersClientId }, mostRecentPolicy); } else { var authority = string.Format(CultureInfo.InvariantCulture, Auth.Config.AadInstance, Auth.Config.InternalUsersTenant, string.Empty, string.Empty); var credential = new Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential(Auth.Config.InternalUsersClientId, Auth.Config.InternalUsersClientSecret); // The Authentication Context is ADAL's primary class, which represents your connection to your B2C directory // ADAL uses an in-memory token cache by default. In this case, we've extended the default cache to use a simple per-user session cache var authContext = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext(authority); // Here you ask for a token using the web app's clientId as the scope, since the web app and service share the same clientId. // The token will be stored in the ADAL token cache, for use in our controllers await authContext.AcquireTokenByAuthorizationCodeAsync(notification.Code, new Uri(Auth.Config.RedirectUri), credential); } }
public static async Task testAsync() { Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential cred = new Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential(PBIConfig.ClientId, PBIConfig.ClientSecret); Microsoft.IdentityModel.Clients.ActiveDirectory.UserIdentifier user = new Microsoft.IdentityModel.Clients.ActiveDirectory.UserIdentifier("43e514c7-cc35-4226-93a3-eb83a2852ad5", Microsoft.IdentityModel.Clients.ActiveDirectory.UserIdentifierType.OptionalDisplayableId); var res = await TokenService.AuthContext.AcquireTokenSilentAsync(PBIConfig.ResourceUrl, cred, user); string token = "AQABAAAAAACEfexXxjamQb3OeGQ4Gugv71VOKGNVXNJGkcjBwMuqpryMOp69ZfOaiQ4be_oP3tt2JIQ4U0p5lJpCgdbV5V9eeNseQzaQMxqlPogHyD-FJuH2BCfWEOorBav1Z6Zh6qV7vGYxQmte6oNh-lqV8N1H3cFFqVBbYwQsPsA3RevZ3HJ8phgxf_mRBlx6OsWR-8_LeP8QgDcVUXEbdw93ZCA6v5wX0v8J5Z8yp5YIgvdrPA2LQlSfmhM5u5Vedauue-m0YvtxgZpXwAfyX2NHLP3QRP_5_D224Tv_Au7kOETRbMRBKmrCCQzBbjRC-g3FCWuWyAIYbTJFoqmEcndPGiEWAjny6VYD2lsZTRBbSXAeA0Kqa1loQ8A4QnTAECJBMY0IWppVGzDCvgAO_kT_qwYRqP9fR9YVCeTsF9d4rFMq4Nil-8bc7GDfKcJpa0Z52DxYrIsIYiM9WSuX1Xf0vVpgpY7QFn-YDbuLrlf--bp9wJJ_BHmguHhzWxw6b5rYyqL0IaVlk-1SrmvPy4IoUgslyrF6azQaKLb4EIvkimXC_kmiRVOcFii7wyefO0pikNq3JllpmDQ-FvoqTehNZVvlF4d3dYmISYhzS1xk8ghklb3Br0RrhLj88Yyf47SNFli3YD79nFIxs8v3fybdyxqhp54gCqJN0kf2jkmitX8gR1KH5nwG1pdFDRt9Z3nidIYgAA"; string url = "https://api.powerbi.com/v1.0/myorg/admin/groups"; HttpWebRequest request = (HttpWebRequest)WebRequest.Create(url); request.ContentType = "application/json"; request.MediaType = "application/json"; request.Accept = "application/json"; request.ContentLength = 0; request.Method = "GET"; request.Headers.Add("Authorization", String.Format("Bearer {0}", token)); HttpWebResponse response = (HttpWebResponse)request.GetResponse(); string responseContent = (new StreamReader(response.GetResponseStream())).ReadToEnd(); }
public static async Task<string> SendGraphGetRequest(AuthenticationResult authResult, string api, string query, string tenant, string adminClientId, string adminClientSecret) { var authContext = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext("https://login.microsoftonline.com/" + tenant); var credential = new Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential(adminClientId, adminClientSecret); // Here you ask for a token using the web app's clientId as the scope, since the web app and service share the same clientId. // AcquireTokenSilentAsync will return a token from the token cache, and throw an exception if it cannot do so. //var authContext = new AuthenticationContext(authority, new NaiveSessionCache(userObjectId)); //// We don't care which policy is used to access the TaskService, so let's use the most recent policy //var mostRecentPolicy = authTicket.Identity.FindFirst(AcrClaimType).Value; //var result = await authContext.AcquireTokenSilentAsync(new string[] { clientId }, credential, UserIdentifier.AnyUser, mostRecentPolicy); //// First, use ADAL to acquire a token using the app's identity (the credential) //// The first parameter is the resource we want an access_token for; in this case, the Graph API. var result = authContext.AcquireToken("https://graph.windows.net", credential); // For B2C user managment, be sure to use the beta Graph API version. var http = new HttpClient(); var url = "https://graph.windows.net/" + tenant + api + "?" + "api-version=beta"; if (!string.IsNullOrEmpty(query)) { url += "&" + query; } //Console.ForegroundColor = ConsoleColor.Cyan; //Console.WriteLine("GET " + url); //Console.WriteLine("Authorization: Bearer " + result.AccessToken.Substring(0, 80) + "..."); //Console.WriteLine(""); // Append the access token for the Graph API to the Authorization header of the request, using the Bearer scheme. var request = new HttpRequestMessage(HttpMethod.Get, url); //request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", authResult.Token); request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken); var response = await http.SendAsync(request); if (!response.IsSuccessStatusCode) { string error = await response.Content.ReadAsStringAsync(); object formatted = JsonConvert.DeserializeObject(error); throw new WebException("Error Calling the Graph API: \n" + JsonConvert.SerializeObject(formatted, Formatting.Indented)); } //Console.ForegroundColor = ConsoleColor.Green; //Console.WriteLine((int)response.StatusCode + ": " + response.ReasonPhrase); //Console.WriteLine(""); return await response.Content.ReadAsStringAsync(); }