public AuthHelper(string authority, string appId, string appSecret, SessionTokenCache tokenCache)
{
Authority = authority;
AppId = appId;
AppSecret = appSecret;
TokenCache = tokenCache;
}
private async Task AddAccessToken(System.Net.Http.HttpRequestMessage request)
{
// Load the app config from web.config
string appId = ConfigurationManager.AppSettings["ida:AppId"];
string appSecret = ConfigurationManager.AppSettings["ida:AppSecret"];
string redirectUri = ConfigurationManager.AppSettings["ida:RedirectUri"];
// Get the current user's ID
string userId = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value;
// Get the user's token cache
SessionTokenCache tokenCache = new SessionTokenCache(userId, HttpContext);
ConfidentialClientApplication cca = new ConfidentialClientApplication(
appId, redirectUri, new ClientCredential(appSecret), tokenCache);
// Call AcquireTokenSilentAsync, which will return the cached
// access token if it has not expired. If it has expired, it will
// handle using the refresh token to get a new one.
string[] scopes = { "User.Read", "Mail.Send" };
AuthenticationResult result = await cca.AcquireTokenSilentAsync(scopes);
// Set the token on the request
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", result.Token);
}
public static async Task <string> GetAccessToken(HttpContextBase HttpContext)
{
string accessToken = null;
// Load the app config from web.config
string appId = ConfigurationManager.AppSettings["ida:AppId"];
string appPassword = ConfigurationManager.AppSettings["ida:AppPassword"];
string redirectUri = ConfigurationManager.AppSettings["ida:RedirectUri"];
string[] scopes = ConfigurationManager.AppSettings["ida:AppScopes"]
.Replace(' ', ',').Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
// Get the current user's ID
string userId = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value;
if (!string.IsNullOrEmpty(userId))
{
// Get the user's token cache
SessionTokenCache tokenCache = new SessionTokenCache(userId, HttpContext);
ConfidentialClientApplication cca = new ConfidentialClientApplication(
appId, redirectUri, new ClientCredential(appPassword), tokenCache.GetMsalCacheInstance(), null);
// Call AcquireTokenSilentAsync, which will return the cached
// access token if it has not expired. If it has expired, it will
// handle using the refresh token to get a new one.
AuthenticationResult result = await cca.AcquireTokenSilentAsync(scopes, cca.Users.First());
accessToken = result.AccessToken;
}
return(accessToken);
}
private async Task SendIncidentEmail(Incident incidentData)
{
string userObjId = ClaimsPrincipal.Current.FindFirst(Settings.AAD_OBJECTID_CLAIMTYPE).Value;
//The email is the UPN of the user from the claim
string emailAddress = getUserEmailAddressFromClaims(ClaimsPrincipal.Current);
SessionTokenCache tokenCache = new SessionTokenCache(userObjId, HttpContext);
string tenantId = ClaimsPrincipal.Current.FindFirst(Settings.AAD_TENANTID_CLAIMTYPE).Value;
string authority = string.Format(Settings.AAD_INSTANCE, tenantId, "");
AuthHelper authHelper = new AuthHelper(authority, Settings.AAD_APP_ID, Settings.AAD_APP_SECRET, tokenCache);
string accessToken = await authHelper.GetUserAccessToken(Url.Action("Create", "Incident", null, Request.Url.Scheme));
EmailMessage msg = getEmailBodyContent(incidentData, emailAddress);
using (var client = new HttpClient())
{
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
// New code:
StringContent msgContent = new StringContent(JsonConvert.SerializeObject(msg), System.Text.Encoding.UTF8, "application/json");
msgContent.Headers.ContentType = new MediaTypeWithQualityHeaderValue("application/json");
HttpResponseMessage response = await client.PostAsync(Settings.GRAPH_SENDMESSAGE_URL, msgContent);
if (response.IsSuccessStatusCode)
{
string resultString = await response.Content.ReadAsStringAsync();
}
}
}
public ActionResult Index()
{
if (Request.IsAuthenticated)
{
string userName = ClaimsPrincipal.Current.FindFirst("name").Value;
string userId = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value;
if (string.IsNullOrEmpty(userName) || string.IsNullOrEmpty(userId))
{
// Invalid principal, sign out
return(RedirectToAction("SignOut"));
}
// Since we cache tokens in the session, if the server restarts
// but the browser still has a cached cookie, we may be
// authenticated but not have a valid token cache. Check for this
// and force signout.
SessionTokenCache tokenCache = new SessionTokenCache(userId, HttpContext);
if (!tokenCache.HasData())
{
// Cache is empty, sign out
return(RedirectToAction("SignOut"));
}
ViewBag.UserName = userName;
}
return(View());
}
private async Task <Models.ContactValue> GetContacts()
{
Models.ContactValue contacts = null;
try
{
string userObjId = System.Security.Claims.ClaimsPrincipal.Current.FindFirst(Settings.AAD_OBJECTID_CLAIMTYPE).Value;
SessionTokenCache tokenCache = new SessionTokenCache(userObjId, HttpContext);
string tenantId = System.Security.Claims.ClaimsPrincipal.Current.FindFirst(Settings.AAD_TENANTID_CLAIMTYPE).Value;
string authority = string.Format(Settings.AAD_INSTANCE, tenantId, "");
AuthHelper authHelper = new AuthHelper(authority, Settings.AAD_APP_ID, Settings.AAD_APP_SECRET, tokenCache);
string accessToken = await authHelper.GetUserAccessToken(Url.Action("Create", "Incident", null, Request.Url.Scheme));
using (var client = new HttpClient())
{
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
HttpResponseMessage response = await client.GetAsync(Settings.GRAPH_CONTACTS_URL);
if (response.IsSuccessStatusCode)
{
string resultString = await response.Content.ReadAsStringAsync();
contacts = JsonConvert.DeserializeObject <Models.ContactValue>(resultString); // [8] für mw
}
}
}
catch (Exception ex)
{
ViewBag.Error = "An error has occurred. Details: " + ex.Message;
}
return(contacts);
}
public async Task <string> GetUserAccessTokenAsync()
{
string signedInUserID = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value;
HttpContextWrapper httpContext = new HttpContextWrapper(HttpContext.Current);
TokenCache userTokenCache = new SessionTokenCache(signedInUserID, httpContext).GetMsalCacheInstance();
ConfidentialClientApplication cca = new ConfidentialClientApplication(
appId,
redirectUri,
new ClientCredential(appSecret),
userTokenCache,
null);
try
{
AuthenticationResult result = await cca.AcquireTokenSilentAsync(scopes.Split(new char[] { ' ' }), cca.Users.First());
return(result.AccessToken);
}
catch (Exception)
{
HttpContext.Current.Request.GetOwinContext().Authentication.Challenge(
new AuthenticationProperties()
{
RedirectUri = "/"
},
OpenIdConnectAuthenticationDefaults.AuthenticationType);
throw new Exception();
}
}
// Get an access token. First tries to get the token from the token cache.
public async Task <string> GetUserAccessTokenAsync()
{
string signedInUserID = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value;
HttpContextBase httpContextBase = HttpContext.Current.GetOwinContext().Environment["System.Web.HttpContextBase"] as HttpContextBase;
SessionTokenCache tokenCache = new SessionTokenCache(signedInUserID, httpContextBase);
//var cachedItems = tokenCache.ReadItems(); // see what's in the cache
AuthenticationContext authContext = new AuthenticationContext(SettingsHelper.Authority, tokenCache);
ClientCredential clientCredential = new ClientCredential(SettingsHelper.ClientId, SettingsHelper.ClientSecret);
string userObjectId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
UserIdentifier userId = new UserIdentifier(userObjectId, UserIdentifierType.UniqueId);
try
{
AuthenticationResult result = await authContext.AcquireTokenSilentAsync(SettingsHelper.GraphResourceId, clientCredential, userId);
return(result.AccessToken);
}
// Unable to retrieve the access token silently.
catch (AdalException ex)
{
HttpContext.Current.Request.GetOwinContext().Authentication.Challenge(
new AuthenticationProperties()
{
RedirectUri = "/"
},
OpenIdConnectAuthenticationDefaults.AuthenticationType);
throw new Exception(Resource.Error_AuthChallengeNeeded + $" {ex.Message}");
}
}
public async Task <ActionResult> Create(FormCollection collection)
{
try
{
string userObjId = System.Security.Claims.ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
SessionTokenCache tokenCache = new SessionTokenCache(userObjId, HttpContext);
string accessToken = await SampleAuthProvider.Instance.GetUserAccessTokenAsync();
await ExcelApiHelper.CreateToDoItem(
accessToken,
collection["Title"],
collection["PriorityDD"],
collection["StatusDD"],
collection["PercentComplete"],
collection["StartDate"],
collection["EndDate"],
collection["Notes"]);
return(RedirectToAction("Index"));
}
catch
{
return(View());
}
}
public async Task <string> GetUserAccessTokenAsync()
{
string signedInUserID = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value;
tokenCache = new SessionTokenCache(
signedInUserID,
HttpContext.Current.GetOwinContext().Environment["System.Web.HttpContextBase"] as HttpContextBase);
ConfidentialClientApplication cca = new ConfidentialClientApplication(
appId,
redirectUri,
new ClientCredential(appSecret),
tokenCache);
try
{
AuthenticationResult result = await cca.AcquireTokenSilentAsync(scopes.Split(new char[] { ' ' }));
return(result.Token);
}
// Unable to retrieve the access token silently.
catch (MsalSilentTokenAcquisitionException)
{
HttpContext.Current.Request.GetOwinContext().Authentication.Challenge(
new AuthenticationProperties()
{
RedirectUri = "/"
},
OpenIdConnectAuthenticationDefaults.AuthenticationType);
throw new Exception("Caller needs to authenticate.");
}
}
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
// The `Authority` represents the Microsoft v2.0 authentication and authorization service.
// The `Scope` describes the permissions that your app will need. See https://azure.microsoft.com/documentation/articles/active-directory-v2-scopes/
ClientId = appId,
//Authority = "https://login.microsoftonline.com/common/v2.0",
Authority = "https://login.microsoftonline.com/{0}",
PostLogoutRedirectUri = redirectUri,
RedirectUri = redirectUri,
Scope = "openid email profile offline_access " + graphScopes,
TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = false,
// In a real application you would use IssuerValidator for additional checks,
// like making sure the user's organization has signed up for your app.
// IssuerValidator = (issuer, token, tvp) =>
// {
// if (MyCustomTenantValidation(issuer))
// return issuer;
// else
// throw new SecurityTokenInvalidIssuerException("Invalid issuer");
// },
},
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthorizationCodeReceived = async(context) =>
{
var code = context.Code;
string signedInUserID = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value;
TokenCache userTokenCache = new SessionTokenCache(signedInUserID,
context.OwinContext.Environment["System.Web.HttpContextBase"] as HttpContextBase).GetMsalCacheInstance();
ConfidentialClientApplication cca = new ConfidentialClientApplication(
appId,
redirectUri,
new ClientCredential(appSecret),
userTokenCache,
null);
string[] scopes = graphScopes.Split(new char[] { ' ' });
AuthenticationResult result = await cca.AcquireTokenByAuthorizationCodeAsync(code, scopes);
},
AuthenticationFailed = (context) =>
{
context.HandleResponse();
context.Response.Redirect("/Error?message=" + context.Exception.Message);
return(Task.FromResult(0));
}
}
});
}
static void AddToCache(string uri, string token)
{
var cache = new SessionTokenCache(
SessionTokenCacheLocation,
new ConsoleLogger(),
CancellationToken.None);
cache [new Uri(uri)] = token;
}
//
// GET: ToDoList
public async Task <ActionResult> Index()
{
string userObjId = System.Security.Claims.ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
SessionTokenCache tokenCache = new SessionTokenCache(userObjId, HttpContext);
string accessToken = await SampleAuthProvider.Instance.GetUserAccessTokenAsync();
return(View(await ExcelApiHelper.GetDonations(accessToken)));
}
// Gets an access token and its expiration date. First tries to get the token from the token cache.
public async Task <string> GetUserAccessTokenAsync()
{
// Initialize the cache.
HttpContextBase context = HttpContext.Current.GetOwinContext().Environment["System.Web.HttpContextBase"] as HttpContextBase;
tokenCache = new SessionTokenCache(
ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value,
context).GetMsalCacheInstance();
//var cachedItems = tokenCache.ReadItems(appId); // see what's in the cache
if (!redirectUri.EndsWith("/"))
{
redirectUri = redirectUri + "/";
}
string[] segments = context.Request.Path.Split(new char[] { '/' });
ConfidentialClientApplication cca = new ConfidentialClientApplication(
appId,
redirectUri + segments[1],
new ClientCredential(appSecret),
tokenCache,
null);
bool?isAdmin = HttpContext.Current.Session["IsAdmin"] as bool?;
string allScopes = nonAdminScopes;
if (isAdmin.GetValueOrDefault())
{
allScopes += " " + adminScopes;
}
string[] scopes = allScopes.Split(new char[] { ' ' });
try
{
AuthenticationResult result = await cca.AcquireTokenSilentAsync(scopes, cca.Users.First());
return(result.AccessToken);
}
// Unable to retrieve the access token silently.
catch (Exception)
{
HttpContext.Current.Request.GetOwinContext().Authentication.Challenge(
new AuthenticationProperties()
{
RedirectUri = redirectUri + segments[1]
},
OpenIdConnectAuthenticationDefaults.AuthenticationType);
throw new ServiceException(
new Error
{
Code = GraphErrorCode.AuthenticationFailure.ToString(),
Message = Resource.Error_AuthChallengeNeeded,
});
}
}
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = appId,
Authority = authority + "/v2.0",
Scope = "openid offline_access profile " + scopes,
RedirectUri = postLogoutRedirectUri,
PostLogoutRedirectUri = postLogoutRedirectUri,
TokenValidationParameters = new TokenValidationParameters
{
// For demo purposes only, see below
ValidateIssuer = false
// In a real multitenant app, you would add logic to determine whether the
// issuer was from an authorized tenant
//ValidateIssuer = true,
//IssuerValidator = (issuer, token, tvp) =>
//{
// if (MyCustomTenantValidation(issuer))
// {
// return issuer;
// }
// else
// {
// throw new SecurityTokenInvalidIssuerException("Invalid issuer");
// }
//}
},
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthorizationCodeReceived = async(notification) =>
{
// Get the user's object id (used to name the token cache)
ClaimsPrincipal principal = new ClaimsPrincipal(notification.AuthenticationTicket.Identity);
string userObjId = AuthHelper.GetUserId(principal);
// Create a token cache
HttpContextBase httpContext = notification.OwinContext.Get <HttpContextBase>(typeof(HttpContextBase).FullName);
SessionTokenCache tokenCache = new SessionTokenCache(userObjId, httpContext);
// Exchange the auth code for a token
AuthHelper authHelper = new AuthHelper(authority, appId, appSecret, tokenCache);
var response = await authHelper.GetTokensFromAuthority("authorization_code", notification.Code,
notification.Request.Uri.ToString());
}
}
});
}
private async Task <string> GetAccessToken()
{
string userObjId = AuthHelper.GetUserId(System.Security.Claims.ClaimsPrincipal.Current);
SessionTokenCache tokenCache = new SessionTokenCache(userObjId, HttpContext);
string tenantId = System.Security.Claims.ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
string authority = "common";
AuthHelper authHelper = new AuthHelper(authority, ConfigurationManager.AppSettings["ida:AppId"], ConfigurationManager.AppSettings["ida:AppSecret"], tokenCache);
return(await authHelper.GetUserAccessToken(Url.Action("Index", "Home", null, Request.Url.Scheme)));
}
//
// GET: ToDoList
public async Task <ActionResult> Index()
{
string userObjId = System.Security.Claims.ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
SessionTokenCache tokenCache = new SessionTokenCache(userObjId, HttpContext);
string tenantId = System.Security.Claims.ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
string authority = string.Format(ConfigurationManager.AppSettings["ida:AADInstance"], tenantId, "");
AuthHelper authHelper = new AuthHelper(authority, ConfigurationManager.AppSettings["ida:AppId"], ConfigurationManager.AppSettings["ida:AppSecret"], tokenCache);
string accessToken = await authHelper.GetUserAccessToken(Url.Action("Index", "Home", null, Request.Url.Scheme));
return(View(await ExcelApiHelper.GetDonations(accessToken)));
}
/// <summary>
/// Gets an access token and its expiration date. First tries to get the token from the token cache.
/// </summary>
/// <param name="userId">optional parameter to get the access token using a user Id</param>
/// <returns></returns>
public async Task <string> GetUserAccessTokenAsync(string userId)
{
// user Id will be passed when trying to authenticate a notification
var currentUserId = !string.IsNullOrEmpty(userId) ? userId : ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value;
HttpContextBase context = HttpContext.Current.GetOwinContext().Environment["System.Web.HttpContextBase"] as HttpContextBase;
TokenCache = new SessionTokenCache(
currentUserId).GetMsalCacheInstance();
if (!_redirectUri.EndsWith("/"))
{
_redirectUri = _redirectUri + "/";
}
string[] segments = context?.Request.Path.Split('/');
ConfidentialClientApplication cca = new ConfidentialClientApplication(_appId, _redirectUri + segments?[1], new ClientCredential(_appSecret), TokenCache, null);
bool?isAdmin = HttpContext.Current.Session["IsAdmin"] as bool?;
string allScopes = _nonAdminScopes;
if (isAdmin.GetValueOrDefault())
{
allScopes += " " + _adminScopes;
}
string[] scopes = allScopes.Split(' ');
try
{
var accounts = await cca.GetAccountsAsync();
AuthenticationResult result = await cca.AcquireTokenSilentAsync(scopes, accounts.First());
return(result.AccessToken);
}
// Unable to retrieve the access token silently.
catch (Exception)
{
HttpContext.Current.Request.GetOwinContext().Authentication.Challenge(
new AuthenticationProperties {
RedirectUri = _redirectUri + segments?[1]
},
OpenIdConnectAuthenticationDefaults.AuthenticationType);
throw new ServiceException(
new Error
{
Code = GraphErrorCode.AuthenticationFailure.ToString(),
Message = "Caller needs to authenticate.",
});
}
}
private async Task <string> GetToken()
{
string userObjId = AuthHelper.GetUserId(System.Security.Claims.ClaimsPrincipal.Current);
SessionTokenCache tokenCache = new SessionTokenCache(userObjId, HttpContext);
var authority = ConfigurationManager.AppSettings["ida:AADInstance"] + "common";
var appId = ConfigurationManager.AppSettings["ida:AppId"];
var appSecret = ConfigurationManager.AppSettings["ida:AppSecret"];
AuthHelper authHelper = new AuthHelper(authority, appId, appSecret, tokenCache);
var redirectUri = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"];
return(await authHelper.GetUserAccessToken(redirectUri));
}
public async Task <FileResult> GetChart()
{
string userObjId = System.Security.Claims.ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
SessionTokenCache tokenCache = new SessionTokenCache(userObjId, HttpContext);
string tenantId = System.Security.Claims.ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
string authority = "common";
AuthHelper authHelper = new AuthHelper(authority, ConfigurationManager.AppSettings["ida:AppId"], ConfigurationManager.AppSettings["ida:AppSecret"], tokenCache);
string accessToken = await authHelper.GetUserAccessToken(Url.Action("Index", "Home", null, Request.Url.Scheme));
return(await RESTAPIHelper.getChartImage(accessToken));
}
public void SignOut()
{
if (Request.IsAuthenticated)
{
string userObjectId = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value;
SessionTokenCache tokenCache = new SessionTokenCache(userObjectId, HttpContext);
HttpContext.GetOwinContext().Authentication.SignOut(OpenIdConnectAuthenticationDefaults.AuthenticationType, CookieAuthenticationDefaults.AuthenticationType);
}
HttpContext.GetOwinContext().Authentication.SignOut(CookieAuthenticationDefaults.AuthenticationType);
Response.Redirect("/");
}
public async Task <string> GetTokenForApplication()
{
string signedInUserID = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value;
string tenantID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
string userObjectID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
string authority = aadInstance + tenantID;
SessionTokenCache tokenCache = new SessionTokenCache(userObjectID, HttpContext);
AuthHelper authHelper = new AuthHelper(authority, clientId, appKey, tokenCache);
string accessToken = await authHelper.GetUserAccessToken(Url.Action("Index", "Home", null, Request.Url.Scheme));
return(accessToken);
}
/// <summary>
/// Handle authorization codes by creating a token cache then requesting and storing an access token
/// for the user.
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
private async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedNotification context)
{
string userId = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value;
TokenCache userTokenCache = new SessionTokenCache(
userId, context.OwinContext.Environment["System.Web.HttpContextBase"] as HttpContextBase).GetMsalCacheInstance();
// A ConfidentialClientApplication is a server-side client application that can securely store a client secret,
// which is not accessible by the user.
ConfidentialClientApplication cca = new ConfidentialClientApplication(
clientId, redirectUri, new ClientCredential(clientSecret), userTokenCache, null);
string[] scopes = this.scopes.Split(new char[] { ' ' });
AuthenticationResult result = await cca.AcquireTokenByAuthorizationCodeAsync(context.Code, scopes);
}
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = appId,
Authority = "https://login.microsoftonline.com/common/v2.0",
PostLogoutRedirectUri = redirectUri,
RedirectUri = redirectUri,
Scope = "openid email profile offline_access " + graphScopes,
TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = false,
},
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthorizationCodeReceived = async(context) =>
{
var code = context.Code;
string signedInUserID = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value;
TokenCache userTokenCache = new SessionTokenCache(
signedInUserID,
context.OwinContext.Environment["System.Web.HttpContextBase"] as HttpContextBase
).GetMsalCacheInstance();
ConfidentialClientApplication cca = new ConfidentialClientApplication(
appId,
redirectUri,
new ClientCredential(appSecret),
userTokenCache,
null);
string[] scopes = graphScopes.Split(new char[] { ' ' });
AuthenticationResult result = await cca.AcquireTokenByAuthorizationCodeAsync(code, scopes);
},
AuthenticationFailed = (context) =>
{
context.HandleResponse();
context.Response.Redirect("/Error?message=" + context.Exception.Message);
return(Task.FromResult(0));
}
}
}
);
}
public void SignOut()
{
if (Request.IsAuthenticated)
{
// Get the user's token cache and clear it
string userObjId = AuthHelper.GetUserId(ClaimsPrincipal.Current);
SessionTokenCache tokenCache = new SessionTokenCache(userObjId, HttpContext);
tokenCache.Clear();
}
// Send an OpenID Connect sign-out request.
HttpContext.GetOwinContext().Authentication.SignOut(
CookieAuthenticationDefaults.AuthenticationType);
Response.Redirect("/");
}
public async Task <ActionResult> Graph()
{
string userObjId = AuthHelper.GetUserId(ClaimsPrincipal.Current);
SessionTokenCache tokenCache = new SessionTokenCache(userObjId, HttpContext);
string authority = string.Format(ConfigurationManager.AppSettings["ida:AADInstance"], "common/", "");
AuthHelper authHelper = new AuthHelper(authority, ConfigurationManager.AppSettings["ida:AppId"],
ConfigurationManager.AppSettings["ida:AppSecret"], tokenCache);
ViewBag.AccessToken = await authHelper.GetUserAccessToken(Url.Action("Index", "Home", null, Request.Url.Scheme));
return(View());
}
public void SignOut()
{
if (Request.IsAuthenticated)
{
string userId = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value;
if (!string.IsNullOrEmpty(userId))
{
// Get the user's token cache and clear it
SessionTokenCache tokenCache = new SessionTokenCache(userId, HttpContext);
tokenCache.Clear();
}
}
HttpContext.GetOwinContext().Authentication.SignOut(CookieAuthenticationDefaults.AuthenticationType);
Response.Redirect("/");
}
// Here we clear the token cache and end the session with the web app.
public void SignOut()
{
if (Request.IsAuthenticated)
{
// Get the user's token cache and clear it.
string userObjectId = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value;
SessionTokenCache tokenCache = new SessionTokenCache(userObjectId, HttpContext);
tokenCache.Clear(userObjectId);
}
// Send an OpenID Connect sign-out request.
HttpContext.GetOwinContext().Authentication.SignOut(
CookieAuthenticationDefaults.AuthenticationType);
Response.Redirect("/");
}
public void SignOut()
{
if (Request.IsAuthenticated)
{
// Get the user's token cache and clear it
string userObjId = System.Security.Claims.ClaimsPrincipal.Current
.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
SessionTokenCache tokenCache = new SessionTokenCache(userObjId, HttpContext);
tokenCache.Clear();
}
// Send an OpenID Connect sign-out request.
HttpContext.GetOwinContext().Authentication.SignOut(
CookieAuthenticationDefaults.AuthenticationType);
Response.Redirect("/");
}
public async Task <ActionResult> Index()
{
// Get an access token for the request.
string userObjId = AuthHelper.GetUserId(System.Security.Claims.ClaimsPrincipal.Current);
SessionTokenCache tokenCache = new SessionTokenCache(userObjId, HttpContext);
string authority = string.Format(ConfigurationManager.AppSettings["ida:AADInstance"], "common", "/v2.0");
AuthHelper authHelper = new AuthHelper(authority, ConfigurationManager.AppSettings["ida:AppId"], ConfigurationManager.AppSettings["ida:AppSecret"], tokenCache);
string accessToken = await authHelper.GetUserAccessToken("/Notebook/Index");
// Make the request.
var repository = new NotebookRepository(accessToken);
var myNotebooks = await repository.GetNotebooks();
return(View(myNotebooks));
}