public void ImportExport_ThrowException()
{
// Arrange
var cacheAccessor = NSubstitute.Substitute.For <ICacheAccessor>();
var cache = new MockTokenCache();
var storage = new MsalCacheStorage(
_storageCreationPropertiesBuilder.Build(),
cacheAccessor,
new TraceSourceLogger(new TraceSource("ts")));
var helper = new MsalCacheHelper(cache, storage, _logger);
byte[] dataToSave = Encoding.UTF8.GetBytes("Hello World 2");
var ex = new InvalidCastException();
cacheAccessor.Read().Throws(ex);
// Act
var actualEx = AssertException.Throws <InvalidCastException>(
() => helper.LoadUnencryptedTokenCache());
// Assert
Assert.AreEqual(ex, actualEx);
// Arrange
cacheAccessor.WhenForAnyArgs(c => c.Write(default)).Throw(ex);
/// <summary>
/// Notification that is triggered after token acquisition.
/// </summary>
/// <param name="args">Arguments related to the cache item impacted</param>
public override void AfterAccessNotification(TokenCacheNotificationArgs args)
{
MsalCacheHelper cacheStorage = GetMsalCacheStorage();
args.AssertNotNull(nameof(args));
try
{
if (args.HasStateChanged)
{
cacheStorage.SaveUnencryptedTokenCache(args.TokenCache.SerializeMsalV3());
}
}
catch (Exception)
{
cacheStorage.Clear();
throw;
}
finally
{
CrossPlatformLock localDispose = cacheLock;
cacheLock = null;
localDispose?.Dispose();
}
}
/// <inheritdoc />
public SharedTokenCacheProvider(IConfiguration config = null, ILogger logger = null)
{
_logger = logger;
_config = config ?? new ConfigurationBuilder().AddEnvironmentVariables().Build();
const string serviceName = "Microsoft.Developer.IdentityService";
const string clientId = "04b07795-8ddb-461a-bbee-02f9e1bf7b46";
var storageCreationPropertiesBuilder = new StorageCreationPropertiesBuilder(
Path.GetFileName(s_cacheFilePath),
Path.GetDirectoryName(s_cacheFilePath),
clientId)
.WithMacKeyChain(serviceName: serviceName, accountName: "MSALCache")
.WithLinuxKeyring(
schemaName: "msal.cache",
collection: "default",
secretLabel: "MSALCache",
attribute1: new KeyValuePair <string, string>("MsalClientID", serviceName),
attribute2: new KeyValuePair <string, string>("MsalClientVersion", "1.0.0.0"));
var authority = string.Format(CultureInfo.InvariantCulture,
AadAuthority.AadCanonicalAuthorityTemplate,
AadAuthority.DefaultTrustedHost,
"common");
_app = PublicClientApplicationBuilder
.Create(clientId)
.WithAuthority(new Uri(authority))
.Build();
var cacheStore = new MsalCacheStorage(storageCreationPropertiesBuilder.Build());
_cacheHelper = new MsalCacheHelper(_app.UserTokenCache, cacheStore);
_cacheHelper.RegisterCache(_app.UserTokenCache);
}
public void TestInitialize()
{
var storageBuilder = new StorageCreationPropertiesBuilder(
Path.GetFileName(CacheFilePath),
Path.GetDirectoryName(CacheFilePath));
storageBuilder = storageBuilder.WithMacKeyChain(
serviceName: "Microsoft.Developer.IdentityService.Test",
accountName: "MSALCacheTest");
// unit tests run on Linux boxes without LibSecret
storageBuilder.WithLinuxUnprotectedFile();
// 1. Use MSAL to create an instance of the Public Client Application
var app = PublicClientApplicationBuilder.Create(ClientId)
.Build();
// 3. Create the high level MsalCacheHelper based on properties and a logger
_cacheHelper = MsalCacheHelper.CreateAsync(
storageBuilder.Build(),
new TraceSource("MSAL.CacheExtension.Test"))
.GetAwaiter().GetResult();
// 4. Let the cache helper handle MSAL's cache
_cacheHelper.RegisterCache(app.UserTokenCache);
}
private async Task RegisterTokenCacheAsync(IPublicClientApplication app)
{
Context.Trace.WriteLine(
"Configuring Microsoft Authentication token cache to instance shared with Microsoft developer tools...");
if (!PlatformUtils.IsWindows() && !PlatformUtils.IsPosix())
{
string osType = PlatformUtils.GetPlatformInformation().OperatingSystemType;
Context.Trace.WriteLine($"Token cache integration is not supported on {osType}.");
return;
}
// We use the MSAL extension library to provide us consistent cache file access semantics (synchronisation, etc)
// as other Microsoft developer tools such as the Azure PowerShell CLI.
MsalCacheHelper helper = null;
try
{
var storageProps = CreateTokenCacheProps(useLinuxFallback: false);
helper = await MsalCacheHelper.CreateAsync(storageProps);
// Test that cache access is working correctly
helper.VerifyPersistence();
}
catch (MsalCachePersistenceException ex)
{
Context.Streams.Error.WriteLine("warning: cannot persist Microsoft authentication token cache securely!");
Context.Trace.WriteLine("Cannot persist Microsoft Authentication data securely!");
Context.Trace.WriteException(ex);
if (PlatformUtils.IsMacOS())
{
// On macOS sometimes the Keychain returns the "errSecAuthFailed" error - we don't know why
// but it appears to be something to do with not being able to access the keychain.
// Locking and unlocking (or restarting) often fixes this.
Context.Streams.Error.WriteLine(
"warning: there is a problem accessing the login Keychain - either manually lock and unlock the " +
"login Keychain, or restart the computer to remedy this");
}
else if (PlatformUtils.IsLinux())
{
// On Linux the SecretService/keyring might not be available so we must fall-back to a plaintext file.
Context.Streams.Error.WriteLine("warning: using plain-text fallback token cache");
Context.Trace.WriteLine("Using fall-back plaintext token cache on Linux.");
var storageProps = CreateTokenCacheProps(useLinuxFallback: true);
helper = await MsalCacheHelper.CreateAsync(storageProps);
}
}
if (helper is null)
{
Context.Streams.Error.WriteLine("error: failed to set up Microsoft Authentication token cache!");
Context.Trace.WriteLine("Failed to integrate with shared token cache!");
}
else
{
helper.RegisterCache(app.UserTokenCache);
Context.Trace.WriteLine("Microsoft developer tools token cache configured.");
}
}
private async Task RegisterVisualStudioTokenCacheAsync(IPublicClientApplication app)
{
Context.Trace.WriteLine("Configuring Visual Studio token cache...");
// We currently only support Visual Studio on Windows
if (PlatformUtils.IsWindows())
{
// The Visual Studio MSAL cache is located at "%LocalAppData%\.IdentityService\msal.cache" on Windows.
// We use the MSAL extension library to provide us consistent cache file access semantics (synchronisation, etc)
// as Visual Studio itself follows, as well as other Microsoft developer tools such as the Azure PowerShell CLI.
const string cacheFileName = "msal.cache";
string appData = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData);
string cacheDirectory = Path.Combine(appData, ".IdentityService");
var storageProps = new StorageCreationPropertiesBuilder(cacheFileName, cacheDirectory, app.AppConfig.ClientId).Build();
var helper = await MsalCacheHelper.CreateAsync(storageProps);
helper.RegisterCache(app.UserTokenCache);
Context.Trace.WriteLine("Visual Studio token cache configured.");
}
else
{
string osType = PlatformUtils.GetPlatformInformation().OperatingSystemType;
Context.Trace.WriteLine($"Visual Studio token cache integration is not supported on {osType}.");
}
}
public async Task StartAsync(CancellationToken cancellationToken)
{
// Initialize services that you need before app activation
await InitializeAsync();
// https://aka.ms/msal-net-token-cache-serialization
// this generates a file-system safe directory name to stick the cache in - or use something like Resources.AppDisplayName
// should also consider this root dir for other configuration data
var safeAppDirectoryName = System.IO.Path.GetInvalidFileNameChars().Aggregate(typeof(App).Assembly.GetName().Name, (current, c) => current.Replace(c, '-'));
var rootCacheDirectory = System.IO.Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData), safeAppDirectoryName, _config.IdentityCacheDirectoryName);
var storageCreationProperties = new StorageCreationPropertiesBuilder(_config.IdentityCacheFileName, rootCacheDirectory, _config.IdentityClientId).Build();
var cacheHelper = await MsalCacheHelper.CreateAsync(storageCreationProperties).ConfigureAwait(false);
_identityService.InitializeWithAadAndPersonalMsAccounts(_config.IdentityClientId, "http://localhost", cacheHelper);
var silentLoginSuccess = await _identityService.AcquireTokenSilentAsync();
if (!silentLoginSuccess || !_identityService.IsAuthorized())
{
_logInWindow = _serviceProvider.GetService(typeof(ILogInWindow)) as ILogInWindow;
_logInWindow.ShowWindow();
await StartupAsync();
return;
}
_shellWindow = _serviceProvider.GetService(typeof(IShellWindow)) as IShellWindow;
_navigationService.Initialize(_shellWindow.GetNavigationFrame());
_shellWindow.ShowWindow();
_navigationService.NavigateTo(typeof(MainViewModel).FullName);
// Tasks after activation
await StartupAsync();
}
private async Task InitializeAsync()
{
ConfidentialClientApplicationBuilder confClientBuilder = ConfidentialClientApplicationBuilder.Create(_options.ClientId).WithAuthority(_options.AuthorityHost.AbsoluteUri, _options.TenantId).WithHttpClientFactory(new HttpPipelineClientFactory(_options.Pipeline.HttpPipeline));
if (_options.Secret != null)
{
confClientBuilder.WithClientSecret(_options.Secret);
}
if (_options.CertificateProvider != null)
{
X509Certificate2 clientCertificate = await _options.CertificateProvider.GetCertificateAsync(true, default).ConfigureAwait(false);
confClientBuilder.WithCertificate(clientCertificate);
}
_client = confClientBuilder.Build();
if (_options.AttachSharedCache)
{
StorageCreationProperties storageProperties = new StorageCreationPropertiesBuilder(Constants.DefaultMsalTokenCacheName, Constants.DefaultMsalTokenCacheDirectory, _options.ClientId)
.WithMacKeyChain(Constants.DefaultMsalTokenCacheKeychainService, Constants.DefaultMsalTokenCacheKeychainAccount)
.WithLinuxKeyring(Constants.DefaultMsalTokenCacheKeyringSchema, Constants.DefaultMsalTokenCacheKeyringCollection, Constants.DefaultMsalTokenCacheKeyringLabel, Constants.DefaultMsaltokenCacheKeyringAttribute1, Constants.DefaultMsaltokenCacheKeyringAttribute2)
.Build();
MsalCacheHelper cacheHelper = await MsalCacheHelper.CreateAsync(storageProperties).ConfigureAwait(false);
cacheHelper.RegisterCache(_client.UserTokenCache);
}
}
public static IPublicClientApplication CreatePublicClient(
string authority = null,
string clientId = null,
string redirectUri = null,
string tenantId = null)
{
PublicClientApplicationBuilder builder = PublicClientApplicationBuilder.Create(clientId);
if (!string.IsNullOrEmpty(authority))
{
builder = builder.WithAuthority(authority);
}
if (!string.IsNullOrEmpty(redirectUri))
{
builder = builder.WithRedirectUri(redirectUri);
}
if (!string.IsNullOrEmpty(tenantId))
{
builder = builder.WithTenantId(tenantId);
}
IPublicClientApplication client = builder.WithLogging(
DebugLoggingMethod,
LogLevel.Info,
enablePiiLogging: false,
enableDefaultPlatformLogging: true).Build();
MsalCacheHelper cacheHelper = InitializeCacheHelper(clientId);
cacheHelper.RegisterCache(client.UserTokenCache);
return(client);
}
public async Task <AcquireTokenResult> AcquireTokenAsync()
{
var app = PublicClientApplicationBuilder.Create(_clientId).WithTenantId(_tenantId).WithDefaultRedirectUri().Build();
var storageCreationProperties = new StorageCreationPropertiesBuilder("tokenCache.dat", ".", _clientId).Build();
(await MsalCacheHelper.CreateAsync(storageCreationProperties)).RegisterCache(app.UserTokenCache);
var account = await GetAccountAsync(app);
AuthenticationResult authenticationResult;
try
{
authenticationResult = await app.AcquireTokenSilent(_scopes, account).ExecuteAsync();
}
catch (MsalUiRequiredException)
{
authenticationResult = await app.AcquireTokenWithDeviceCode(_scopes, deviceCodeResult =>
{
Console.WriteLine(deviceCodeResult.Message);
return(deviceCodeResult.VerificationUrl == null ? Task.CompletedTask : OpenBrowserAsync(deviceCodeResult.VerificationUrl));
}).ExecuteAsync();
}
return(new AcquireTokenResult(authenticationResult.AccessToken, ExtractObjectId(authenticationResult.IdToken)));
}
private static MsalCacheHelper CreateCacheHelperAsync(string clientId)
{
StorageCreationProperties storageProperties;
try
{
storageProperties =
new StorageCreationPropertiesBuilder(
"cache.plaintext",
System.AppContext.BaseDirectory,
clientId)
.WithLinuxUnprotectedFile()
.Build();
var cacheHelper = MsalCacheHelper.CreateAsync(storageProperties).Result;
return(cacheHelper);
}
catch (MsalCachePersistenceException e)
{
storageProperties =
new StorageCreationPropertiesBuilder(
"cache.plaintext",
System.AppContext.BaseDirectory,
clientId)
.WithLinuxUnprotectedFile()
.Build();
var cacheHelper = MsalCacheHelper.CreateAsync(storageProperties).Result;
cacheHelper.VerifyPersistence();
return(cacheHelper);
}
}
private void ConfigureCache(MsalCacheHelper cacheHelper)
{
if (cacheHelper != null)
{
// https://aka.ms/msal-net-token-cache-serialization
cacheHelper.RegisterCache(_client.UserTokenCache);
}
}
internal override async Task RegisterCache(bool async, ITokenCache tokenCache, CancellationToken cancellationToken)
{
MsalCacheHelper cacheHelper = await GetCacheHelperAsync(async, cancellationToken).ConfigureAwait(false);
cacheHelper.RegisterCache(tokenCache);
await base.RegisterCache(async, tokenCache, cancellationToken).ConfigureAwait(false);
}
private static async ValueTask <MsalCacheHelper> CreateCacheHelper(StorageCreationProperties storageProperties, bool async)
{
return(async
? await MsalCacheHelper.CreateAsync(storageProperties).ConfigureAwait(false)
#pragma warning disable AZC0102 // Do not use GetAwaiter().GetResult(). Use the TaskExtensions.EnsureCompleted() extension method instead.
: MsalCacheHelper.CreateAsync(storageProperties).GetAwaiter().GetResult());
#pragma warning restore AZC0102 // Do not use GetAwaiter().GetResult(). Use the TaskExtensions.EnsureCompleted() extension method instead.
}
private static async Task <MsalCacheHelper> GetProtectedCacheHelperAsync(bool async, string name)
{
StorageCreationProperties storageProperties = new StorageCreationPropertiesBuilder(name, Constants.DefaultMsalTokenCacheDirectory, s_msalCacheClientId)
.WithMacKeyChain(Constants.DefaultMsalTokenCacheKeychainService, name)
.WithLinuxKeyring(Constants.DefaultMsalTokenCacheKeyringSchema, Constants.DefaultMsalTokenCacheKeyringCollection, name, Constants.DefaultMsaltokenCacheKeyringAttribute1, Constants.DefaultMsaltokenCacheKeyringAttribute2)
.Build();
MsalCacheHelper cacheHelper = await CreateCacheHelper(async, storageProperties).ConfigureAwait(false);
return(cacheHelper);
}
private static async Task <MsalCacheHelper> GetFallbackCacheHelperAsync(bool async, string name)
{
StorageCreationProperties storageProperties = new StorageCreationPropertiesBuilder(name, Constants.DefaultMsalTokenCacheDirectory, s_msalCacheClientId)
.WithMacKeyChain(Constants.DefaultMsalTokenCacheKeychainService, name)
.WithLinuxUnprotectedFile()
.Build();
MsalCacheHelper cacheHelper = await CreateCacheHelper(async, storageProperties).ConfigureAwait(false);
return(cacheHelper);
}
public MicrosoftAuthentication(TeamsPresencePublisherOptions options)
{
var storageProperties =
new StorageCreationPropertiesBuilder("TeamsPresencePublisher.msalcache.bin", options.CacheFolder, ClientId)
.Build();
_msalCacheHelper = MsalCacheHelper.CreateAsync(storageProperties).GetAwaiter().GetResult();
_publicClientApplication = BuildPublicClientApplication();
AuthProvider = new InteractiveAuthenticationProvider(_publicClientApplication, s_scopes);
}
/// <summary>
/// Calls MSAL to get authentication token with AAD.
/// </summary>
/// <returns></returns>
/// <remarks>https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/Acquiring-tokens-interactively</remarks>
public async Task <VssCredentials> CreateVssCredentialsWithAadAsync()
{
// 1. Configuration
var app = PublicClientApplicationBuilder
.Create(VsoAadConstants.Client)
.WithTenantId(VsoAadConstants.MicrosoftTenantId)
.WithRedirectUri(VsoAadConstants.RedirectUri)
.Build();
// 2. Token cache
// https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-net-token-cache-serialization?tabs=desktop
// https://github.com/AzureAD/microsoft-authentication-extensions-for-dotnet/wiki/Cross-platform-Token-Cache
var storageProperties = new StorageCreationPropertiesBuilder(m_tokenCacheFileName, m_tokenCacheDirectory).Build();
var cacheHelper = await MsalCacheHelper.CreateAsync(storageProperties);
cacheHelper.RegisterCache(app.UserTokenCache);
// 3. Try silent authentication
var accounts = await app.GetAccountsAsync();
var scopes = new string[] { VsoAadConstants.Scope };
AuthenticationResult result = null;
try
{
result = await app.AcquireTokenSilent(scopes, accounts.FirstOrDefault())
.ExecuteAsync();
m_logger("[VssCredentialsFactory] Successfully acquired authentication token through silent AAD authentication.");
}
catch (MsalUiRequiredException)
{
// 4. Interactive Authentication
m_logger("[VssCredentialsFactory] Unable to acquire authentication token through silent AAD authentication.");
// On Windows, we can try Integrated Windows Authentication which will fallback to interactive auth if that fails
result = OperatingSystemHelper.IsWindowsOS
? await CreateVssCredentialsWithAadForWindowsAsync(app, scopes)
: await CreateVssCredentialsWithAadInteractiveAsync(app, scopes);
}
catch (Exception ex)
{
m_logger($"[VssCredentialsFactory] Unable to acquire credentials with AAD with the following exception: '{ex}'");
}
if (result == null)
{
// Something went wrong during AAD auth, return null
m_logger($"[VssCredentialsFactory] Unable to acquire AAD token.");
return(new VssAadCredential());
}
return(new VssAadCredential(new VssAadToken(VsoAadConstants.TokenType, result.AccessToken)));
}
private static async Task LoginWithMsalAsync(string[] args)
{
try
{
string resource = args[0];
string tenant = args[1];
Uri baseAuthority = new Uri(args[2]);
#pragma warning disable CA1305 // Specify IFormatProvider
bool validateAuthority = Convert.ToBoolean(args[3]);
#pragma warning restore CA1305 // Specify IFormatProvider
string clientId = args[4];
string cacheFileName = args[5];
string cacheDirectory = Path.Combine(MsalCacheHelper.UserRootDirectory, args[6]);
string serviceName = null;
string accountName = null;
if (args.Length > 7)
{
serviceName = args[7];
accountName = args[8];
}
(var scopes, var app, var helper) = await Utilities.GetPublicClientAsync(
resource,
tenant,
baseAuthority,
validateAuthority,
clientId,
cacheFileName,
cacheDirectory,
serviceName,
accountName
).ConfigureAwait(false);
if (s_helper == null)
{
s_helper = helper;
s_helper.CacheChanged += (s, e) =>
{
Console.WriteLine($"Cache Changed, Added: {e.AccountsAdded.Count()} Removed: {e.AccountsRemoved.Count()}");
};
}
var builder = app.AcquireTokenWithDeviceCode(scopes, Utilities.DeviceCodeCallbackAsync);
var authResult = await builder.ExecuteAsync().ConfigureAwait(false);
}
catch (Exception ex)
{
Console.WriteLine($"Error logging in with Msal: {ex}");
PrintUsage();
}
}
/// <summary>
/// Helper function to initialize the token cache for non-UWP apps. MSAL handles this automatically on UWP.
/// </summary>
/// <param name="provider">The instance of <see cref="MsalProvider"/> to init the cache for.</param>
/// <param name="storageProperties">Properties for configuring the storage cache.</param>
/// <param name="logger">Passing null uses the default TraceSource logger.</param>
/// <returns>A <see cref="Task"/> representing the result of the asynchronous operation.</returns>
public static async Task InitTokenCacheAsync(
this MsalProvider provider,
StorageCreationProperties storageProperties,
TraceSource logger = null)
{
#if !WINDOWS_UWP
// Token cache persistence (not required on UWP as MSAL does it for you)
var cacheHelper = await MsalCacheHelper.CreateAsync(storageProperties, logger);
cacheHelper.RegisterCache(provider.Client.UserTokenCache);
#endif
}
private async Task RegisterTokenCacheAsync(IPublicClientApplication app)
{
Context.Trace.WriteLine(
"Configuring Microsoft Authentication token cache to instance shared with Microsoft developer tools...");
if (!PlatformUtils.IsWindows() && !PlatformUtils.IsPosix())
{
string osType = PlatformUtils.GetPlatformInformation().OperatingSystemType;
Context.Trace.WriteLine($"Token cache integration is not supported on {osType}.");
return;
}
string clientId = app.AppConfig.ClientId;
// We use the MSAL extension library to provide us consistent cache file access semantics (synchronisation, etc)
// as other Microsoft developer tools such as the Azure PowerShell CLI.
MsalCacheHelper helper = null;
try
{
var storageProps = CreateTokenCacheProps(clientId, useLinuxFallback: false);
helper = await MsalCacheHelper.CreateAsync(storageProps);
// Test that cache access is working correctly
helper.VerifyPersistence();
}
catch (MsalCachePersistenceException ex)
{
Context.Streams.Error.WriteLine("warning: cannot persist Microsoft Authentication data securely!");
Context.Trace.WriteLine("Cannot persist Microsoft Authentication data securely!");
Context.Trace.WriteException(ex);
// On Linux the SecretService/keyring might not be available so we must fall-back to a plaintext file.
if (PlatformUtils.IsLinux())
{
Context.Trace.WriteLine("Using fall-back plaintext token cache on Linux.");
var storageProps = CreateTokenCacheProps(clientId, useLinuxFallback: true);
helper = await MsalCacheHelper.CreateAsync(storageProps);
}
}
if (helper is null)
{
Context.Streams.Error.WriteLine("error: failed to set up Microsoft Authentication token cache!");
Context.Trace.WriteLine("Failed to integrate with shared token cache!");
}
else
{
helper.RegisterCache(app.UserTokenCache);
Context.Trace.WriteLine("Microsoft developer tools token cache configured.");
}
}
private static async Task <MsalCacheHelper> CreateCacheHelperAsync()
{
StorageCreationProperties storageProperties;
try
{
storageProperties = new StorageCreationPropertiesBuilder(
Config.CacheFileName,
Config.CacheDir,
Config.ClientId)
.WithLinuxKeyring(
Config.LinuxKeyRingSchema,
Config.LinuxKeyRingCollection,
Config.LinuxKeyRingLabel,
Config.LinuxKeyRingAttr1,
Config.LinuxKeyRingAttr2)
.WithMacKeyChain(
Config.KeyChainServiceName,
Config.KeyChainAccountName)
.Build();
var cacheHelper = await MsalCacheHelper.CreateAsync(
storageProperties).ConfigureAwait(false);
cacheHelper.VerifyPersistence();
return(cacheHelper);
}
catch (Exception e)
{
Console.WriteLine($"WARNING! Libsecret is not usable. " +
$"Secrets will be stored in plaintext at {Path.Combine(Config.CacheDir, Config.CacheFileName)} !");
Console.WriteLine($"Libsecret exception: " + e);
storageProperties =
new StorageCreationPropertiesBuilder(
Config.CacheFileName,
Config.CacheDir,
Config.ClientId)
.WithLinuxUnprotectedFile()
.WithMacKeyChain(
Config.KeyChainServiceName,
Config.KeyChainAccountName)
.Build();
var cacheHelper = await MsalCacheHelper.CreateAsync(storageProperties).ConfigureAwait(false);
cacheHelper.VerifyPersistence();
return(cacheHelper);
}
}
private async Task InitializeAsync()
{
if (_attachSharedCache)
{
StorageCreationProperties storageProperties = new StorageCreationPropertiesBuilder(Constants.DefaultMsalTokenCacheName, Constants.DefaultMsalTokenCacheDirectory, _clientId)
.WithMacKeyChain(Constants.DefaultMsalTokenCacheKeychainService, Constants.DefaultMsalTokenCacheKeychainAccount)
.WithLinuxKeyring(Constants.DefaultMsalTokenCacheKeyringSchema, Constants.DefaultMsalTokenCacheKeyringCollection, Constants.DefaultMsalTokenCacheKeyringLabel, Constants.DefaultMsaltokenCacheKeyringAttribute1, Constants.DefaultMsaltokenCacheKeyringAttribute2)
.Build();
MsalCacheHelper cacheHelper = await MsalCacheHelper.CreateAsync(storageProperties).ConfigureAwait(false);
cacheHelper.RegisterCache(_client.UserTokenCache);
}
}
/// <summary>
/// Gets an aptly configured instance of the <see cref="MsalCacheStorage" /> class.
/// </summary>
/// <returns>An aptly configured instance of the <see cref="MsalCacheStorage" /> class.</returns>
private MsalCacheHelper GetMsalCacheStorage()
{
StorageCreationPropertiesBuilder builder = new StorageCreationPropertiesBuilder(Path.GetFileName(CacheFilePath), Path.GetDirectoryName(CacheFilePath), ClientId);
builder = builder.WithMacKeyChain(serviceName: "Microsoft.Developer.IdentityService", accountName: "MSALCache");
builder = builder.WithLinuxKeyring(
schemaName: "msal.cache",
collection: "default",
secretLabel: "MSALCache",
attribute1: new KeyValuePair <string, string>("MsalClientID", "Microsoft.Developer.IdentityService"),
attribute2: new KeyValuePair <string, string>("MsalClientVersion", "1.0.0.0"));
return(MsalCacheHelper.CreateAsync(builder.Build(), new TraceSource("Partner Center PowerShell")).ConfigureAwait(false).GetAwaiter().GetResult());
}
private static async Task <MsalCacheHelper> CreateCacheHelperAsync()
{
StorageCreationProperties storageProperties;
try
{
storageProperties = new StorageCreationPropertiesBuilder(
Config.CacheFileName,
Config.CacheDir)
.WithLinuxKeyring(
Config.LinuxKeyRingSchema,
Config.LinuxKeyRingCollection,
Config.LinuxKeyRingLabel,
Config.LinuxKeyRingAttr1,
Config.LinuxKeyRingAttr2)
.WithMacKeyChain(
Config.KeyChainServiceName,
Config.KeyChainAccountName)
.WithCacheChangedEvent( // do NOT use unless really necessary, high perf penalty!
Config.ClientId,
Config.Authority)
.Build();
var cacheHelper = await MsalCacheHelper.CreateAsync(
storageProperties).ConfigureAwait(false);
cacheHelper.VerifyPersistence();
return(cacheHelper);
}
catch (MsalCachePersistenceException e)
{
Console.WriteLine($"WARNING! Unable to encrypt tokens at rest." +
$" Saving tokens in plaintext at {Path.Combine(Config.CacheDir, Config.CacheFileName)} ! Please protect this directory or delete the file after use");
Console.WriteLine($"Encryption exception: " + e);
storageProperties =
new StorageCreationPropertiesBuilder(
Config.CacheFileName + ".plaintext", // do not use the same file name so as not to overwrite the encypted version
Config.CacheDir)
.WithUnprotectedFile()
.Build();
var cacheHelper = await MsalCacheHelper.CreateAsync(storageProperties).ConfigureAwait(false);
cacheHelper.VerifyPersistence();
return(cacheHelper);
}
}
private static async Task <MsalCacheHelper> GetProtectedCacheHelperAsync(bool async, CancellationToken cancellationToken)
{
using var asyncLock = await s_ProtectedCacheHelperLock.GetLockOrValueAsync(async, cancellationToken).ConfigureAwait(false);
if (asyncLock.HasValue)
{
return(asyncLock.Value);
}
MsalCacheHelper cacheHelper = await GetProtectedCacheHelperAsync(async, Constants.DefaultMsalTokenCacheName).ConfigureAwait(false);
asyncLock.SetValue(cacheHelper);
return(cacheHelper);
}
private async Task InitializeCacheAsync()
{
// Building StorageCreationProperties
var storageProperties =
new StorageCreationPropertiesBuilder(
CacheFileName,
CacheDir,
ClientId)
.Build();
// This hooks up the cross-platform cache into MSAL
var cacheHelper = await MsalCacheHelper.CreateAsync(storageProperties);
cacheHelper.RegisterCache(app.UserTokenCache);
}
private static MsalCacheHelper InitializeCacheHelper(string clientId)
{
StorageCreationPropertiesBuilder builder = new StorageCreationPropertiesBuilder(Path.GetFileName(CacheFilePath), Path.GetDirectoryName(CacheFilePath), clientId);
builder = builder.WithMacKeyChain(serviceName: "Microsoft.Developer.IdentityService", accountName: "MSALCache");
builder = builder.WithLinuxKeyring(
schemaName: "msal.cache",
collection: "default",
secretLabel: "MSALCache",
attribute1: new KeyValuePair <string, string>("MsalClientID", "Microsoft.Developer.IdentityService"),
attribute2: new KeyValuePair <string, string>("MsalClientVersion", "1.0.0.0"));
StorageCreationProperties storageCreationProperties = builder.Build();
return(MsalCacheHelper.CreateAsync(storageCreationProperties).ConfigureAwait(false).GetAwaiter().GetResult());
}
/// <summary>
/// Notification that is triggered before token acquisition.
/// </summary>
/// <param name="args">Arguments related to the cache item impacted</param>
public override void BeforeAccessNotification(TokenCacheNotificationArgs args)
{
MsalCacheHelper cacheStorage = GetMsalCacheHelper();
args.AssertNotNull(nameof(args));
try
{
args.TokenCache.DeserializeMsalV3(cacheStorage.LoadUnencryptedTokenCache());
}
catch (Exception)
{
cacheStorage.Clear();
throw;
}
}
private async Task <MsalCacheHelper> GetMsalCacheHelperAsync()
{
// There are options to set up the cache correctly using StorageCreationProperties on other OS's but that will need to be tested
// for now only support windows
if (helper == null && this.cacheEnabled && RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
{
var fileName = Path.GetFileName(cacheLocation);
var directory = Path.GetDirectoryName(cacheLocation);
var builder = new StorageCreationPropertiesBuilder(fileName, directory, this.clientId);
StorageCreationProperties creationProps = builder.Build();
helper = await MsalCacheHelper.CreateAsync(creationProps);
}
return(helper);
}
