public ServicePrincipalAccessToken(AdalConfiguration configuration, AuthenticationResult authResult, ServicePrincipalTokenProvider tokenProvider, string appId)
{
Configuration = configuration;
AuthResult = authResult;
this.tokenProvider = tokenProvider;
this.appId = appId;
}
private AuthenticationContext CreateContext(AdalConfiguration config)
{
return new AuthenticationContext(config.AdEndpoint + config.AdDomain, config.ValidateAuthority, ProtectedFileTokenCache.Instance)
{
OwnerWindow = parentWindow
};
}
public IAccessToken GetAccessToken(AdalConfiguration config, ShowDialog promptBehavior, string userId, SecureString password,
AzureAccount.AccountType credentialType)
{
if (credentialType == AzureAccount.AccountType.User)
{
throw new ArgumentException(string.Format(Resources.InvalidCredentialType, "User"), "credentialType");
}
return new ServicePrincipalAccessToken(config, AcquireToken(config, userId, password), this, userId);
}
private AuthenticationResult Renew(AdalConfiguration config, string appId)
{
using (SecureString appKey = LoadAppKey(appId, config.AdDomain))
{
if (appKey == null)
{
throw new KeyNotFoundException(string.Format(Resources.ServiceKeyNotFound, appId));
}
return AcquireToken(config, appId, appKey);
}
}
private AuthenticationResult AcquireToken(AdalConfiguration config, string appId, SecureString appKey)
{
if (appKey == null)
{
return Renew(config, appId);
}
StoreAppKey(appId, config.AdDomain, appKey);
string authority = config.AdEndpoint + config.AdDomain;
var context = new AuthenticationContext(authority, config.ValidateAuthority,
ProtectedFileTokenCache.Instance);
var credential = new ClientCredential(appId, appKey);
return context.AcquireToken("https://management.core.windows.net/", credential);
}
private AuthenticationResult AcquireToken(AdalConfiguration config, string appId, SecureString appKey)
{
if (appKey == null)
{
return(Renew(config, appId));
}
StoreAppKey(appId, config.AdDomain, appKey);
string authority = config.AdEndpoint + config.AdDomain;
var context = new AuthenticationContext(authority, config.ValidateAuthority,
ProtectedFileTokenCache.Instance);
var credential = new ClientCredential(appId, appKey);
return(context.AcquireToken("https://management.core.windows.net/", credential));
}
// We have to run this in a separate thread to guarantee that it's STA. This method
// handles the threading details.
private AuthenticationResult AcquireToken(AdalConfiguration config, ShowDialog promptBehavior, string userId,
SecureString password)
{
AuthenticationResult result = null;
Exception ex = null;
if (promptBehavior == ShowDialog.Never)
{
result = SafeAquireToken(config, promptBehavior, userId, password, out ex);
}
else
{
var thread = new Thread(() =>
{
result = SafeAquireToken(config, promptBehavior, userId, password, out ex);
});
thread.SetApartmentState(ApartmentState.STA);
thread.Name = "AcquireTokenThread";
thread.Start();
thread.Join();
}
if (ex != null)
{
var adex = ex as AdalException;
if (adex != null)
{
if (adex.ErrorCode == AdalError.AuthenticationCanceled)
{
throw new AadAuthenticationCanceledException(adex.Message, adex);
}
}
if (ex is AadAuthenticationException)
{
throw ex;
}
throw new AadAuthenticationFailedException(GetExceptionMessage(ex), ex);
}
return(result);
}
private AuthenticationResult SafeAquireToken(
AdalConfiguration config,
ShowDialog showDialog,
string userId,
SecureString password,
out Exception ex)
{
try
{
ex = null;
var promptBehavior = (PromptBehavior)Enum.Parse(typeof(PromptBehavior), showDialog.ToString());
return(DoAcquireToken(config, promptBehavior, userId, password));
}
catch (AdalException adalEx)
{
if (adalEx.ErrorCode == AdalError.UserInteractionRequired ||
adalEx.ErrorCode == AdalError.MultipleTokensMatched)
{
ex = new AadAuthenticationFailedWithoutPopupException(Resources.InvalidSubscriptionState, adalEx);
}
else if (adalEx.ErrorCode == AdalError.MissingFederationMetadataUrl)
{
ex = new AadAuthenticationFailedException(Resources.CredentialOrganizationIdMessage, adalEx);
}
else
{
ex = adalEx;
}
}
catch (Exception threadEx)
{
ex = threadEx;
}
return(null);
}
public IAccessToken GetAccessToken(AdalConfiguration config, ShowDialog promptBehavior, string userId, SecureString password,
AzureAccount.AccountType credentialType)
{
return this.accessToken;
}
public AdalAccessToken(AuthenticationResult authResult, UserTokenProvider tokenProvider, AdalConfiguration configuration)
{
AuthResult = authResult;
this.tokenProvider = tokenProvider;
Configuration = configuration;
}
// We have to run this in a separate thread to guarantee that it's STA. This method
// handles the threading details.
private AuthenticationResult AcquireToken(AdalConfiguration config, ShowDialog promptBehavior, string userId,
SecureString password)
{
AuthenticationResult result = null;
Exception ex = null;
if (promptBehavior == ShowDialog.Never)
{
result = SafeAquireToken(config, promptBehavior, userId, password, out ex);
}
else
{
var thread = new Thread(() =>
{
result = SafeAquireToken(config, promptBehavior, userId, password, out ex);
});
thread.SetApartmentState(ApartmentState.STA);
thread.Name = "AcquireTokenThread";
thread.Start();
thread.Join();
}
if (ex != null)
{
var adex = ex as AdalException;
if (adex != null)
{
if (adex.ErrorCode == AdalError.AuthenticationCanceled)
{
throw new AadAuthenticationCanceledException(adex.Message, adex);
}
}
if (ex is AadAuthenticationException)
{
throw ex;
}
throw new AadAuthenticationFailedException(GetExceptionMessage(ex), ex);
}
return result;
}
public AdalAccessToken(AuthenticationResult authResult, UserTokenProvider tokenProvider, AdalConfiguration configuration)
{
AuthResult = authResult;
this.tokenProvider = tokenProvider;
Configuration = configuration;
}
private AuthenticationResult DoAcquireToken(AdalConfiguration config, PromptBehavior promptBehavior, string userId,
SecureString password)
{
AuthenticationResult result;
var context = CreateContext(config);
if (string.IsNullOrEmpty(userId))
{
if (promptBehavior != PromptBehavior.Never)
{
ClearCookies();
}
result = context.AcquireToken(config.ResourceClientUri, config.ClientId,
config.ClientRedirectUri, promptBehavior,
UserIdentifier.AnyUser, AdalConfiguration.EnableEbdMagicCookie);
}
else
{
if (password == null)
{
result = context.AcquireToken(config.ResourceClientUri, config.ClientId,
config.ClientRedirectUri, promptBehavior,
new UserIdentifier(userId, UserIdentifierType.OptionalDisplayableId),
AdalConfiguration.EnableEbdMagicCookie);
}
else
{
UserCredential credential = new UserCredential(userId, password);
result = context.AcquireToken(config.ResourceClientUri, config.ClientId, credential);
}
}
return result;
}
private AuthenticationResult SafeAquireToken(
AdalConfiguration config,
ShowDialog showDialog,
string userId,
SecureString password,
out Exception ex)
{
try
{
ex = null;
var promptBehavior = (PromptBehavior)Enum.Parse(typeof(PromptBehavior), showDialog.ToString());
return DoAcquireToken(config, promptBehavior, userId, password);
}
catch (AdalException adalEx)
{
if (adalEx.ErrorCode == AdalError.UserInteractionRequired ||
adalEx.ErrorCode == AdalError.MultipleTokensMatched)
{
ex = new AadAuthenticationFailedWithoutPopupException(Resources.InvalidSubscriptionState, adalEx);
}
else if (adalEx.ErrorCode == AdalError.MissingFederationMetadataUrl)
{
ex = new AadAuthenticationFailedException(Resources.CredentialOrganizationIdMessage, adalEx);
}
else
{
ex = adalEx;
}
}
catch (Exception threadEx)
{
ex = threadEx;
}
return null;
}
