예제 #1
0
        public bool TryCreateDeviceAuthChallengeResponse(HttpResponseHeaders headers, Uri endpointUri, out string responseHeader)
        {
            if (!DeviceAuthHelper.IsDeviceAuthChallenge(headers))
            {
                responseHeader = string.Empty;
                return(false);
            }

            //Bypassing challenge
            responseHeader = DeviceAuthHelper.GetBypassChallengeResponse(headers);
            return(true);
        }
예제 #2
0
        public bool TryCreateDeviceAuthChallengeResponse(HttpResponseHeaders responseHeaders, Uri endpointUri, out string responseHeader)
        {
            responseHeader = string.Empty;
            X509Certificate2 certificate = null;

            if (!DeviceAuthHelper.IsDeviceAuthChallenge(responseHeaders))
            {
                return(false);
            }
            if (!DeviceAuthHelper.CanOSPerformPKeyAuth())
            {
                responseHeader = DeviceAuthHelper.GetBypassChallengeResponse(responseHeaders);
                return(true);
            }

            IDictionary <string, string> challengeData = DeviceAuthHelper.ParseChallengeData(responseHeaders);

            if (!challengeData.TryGetValue("SubmitUrl", out string submitUrl))
            {
                submitUrl = endpointUri.AbsoluteUri;
            }

            try
            {
                certificate = FindCertificate(challengeData);
            }
            catch (MsalException ex)
            {
                if (ex.ErrorCode == MsalError.DeviceCertificateNotFound)
                {
                    responseHeader = DeviceAuthHelper.GetBypassChallengeResponse(responseHeaders);
                    return(true);
                }
            }

            DeviceAuthJWTResponse responseJWT = GetDeviceAuthJwtResponse(submitUrl, challengeData["nonce"], certificate);

            byte[] signedResponse = SignWithCertificate(responseJWT, certificate);

            FormatResponseHeader(responseJWT, signedResponse, challengeData, out responseHeader);

            return(true);
        }