public async Task VerifyAnotherHostByInstanceDiscoveryAsync(string host, string tenant, CallState callState) { string instanceDiscoveryEndpoint = this.InstanceDiscoveryEndpoint; instanceDiscoveryEndpoint += ("?api-version=1.0&authorization_endpoint=" + AuthorizeEndpointTemplate); instanceDiscoveryEndpoint = instanceDiscoveryEndpoint.Replace("{host}", host); instanceDiscoveryEndpoint = instanceDiscoveryEndpoint.Replace("{tenant}", tenant); instanceDiscoveryEndpoint = HttpHelper.CheckForExtraQueryParameter(instanceDiscoveryEndpoint); ClientMetrics clientMetrics = new ClientMetrics(); try { IHttpWebRequest request = NetworkPlugin.HttpWebRequestFactory.Create(instanceDiscoveryEndpoint); request.Method = "GET"; HttpHelper.AddCorrelationIdHeadersToRequest(request, callState); AdalIdHelper.AddAsHeaders(request); clientMetrics.BeginClientMetricsRecord(request, callState); using (var response = await request.GetResponseSyncOrAsync(callState)) { HttpHelper.VerifyCorrelationIdHeaderInReponse(response, callState); InstanceDiscoveryResponse discoveryResponse = HttpHelper.DeserializeResponse <InstanceDiscoveryResponse>(response); clientMetrics.SetLastError(null); if (discoveryResponse.TenantDiscoveryEndpoint == null) { throw new AdalException(AdalError.AuthorityNotInValidList); } } } catch (WebException ex) { TokenResponse tokenResponse = OAuth2Response.ReadErrorResponse(ex.Response); clientMetrics.SetLastError(tokenResponse.ErrorCodes); if (tokenResponse.Error == "invalid_instance") { throw new AdalServiceException(AdalError.AuthorityNotInValidList, ex); } else { throw new AdalServiceException( AdalError.AuthorityValidationFailed, string.Format(CultureInfo.InvariantCulture, "{0}. {1}: {2}", AdalErrorMessage.AuthorityValidationFailed, tokenResponse.Error, tokenResponse.ErrorDescription), tokenResponse.ErrorCodes, ex); } } finally { clientMetrics.EndClientMetricsRecord(ClientMetricsEndpointType.InstanceDiscovery, callState); } }
// No return value. Modifies InstanceCache directly. private static async Task DiscoverAsync(Uri authority, bool validateAuthority, CallState callState) { string instanceDiscoveryEndpoint = string.Format( CultureInfo.InvariantCulture, "https://{0}/common/discovery/instance?api-version=1.1&authorization_endpoint={1}", WhitelistedAuthorities.Contains(authority.Host) ? authority.Host : DefaultTrustedAuthority, FormatAuthorizeEndpoint(authority.Host, GetTenant(authority))); var client = new AdalHttpClient(instanceDiscoveryEndpoint, callState); InstanceDiscoveryResponse discoveryResponse = null; try { discoveryResponse = await client.GetResponseAsync <InstanceDiscoveryResponse>().ConfigureAwait(false); if (validateAuthority && discoveryResponse.TenantDiscoveryEndpoint == null) { // hard stop here throw new AdalException(AdalError.AuthorityNotInValidList); } } catch (AdalServiceException ex) { // The pre-existing implementation (https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/pull/796/files#diff-e4febd8f40f03e71bcae0f990f9690eaL99) // has been coded in this way: it catches the AdalServiceException and then translate it into 2 validation-relevant exceptions. // So the following implementation absorbs these specific exceptions when the validateAuthority flag is false. // All other unexpected exceptions will still bubble up, as always. if (validateAuthority) { // hard stop here throw new AdalException( (ex.ErrorCode == "invalid_instance") ? AdalError.AuthorityNotInValidList : AdalError.AuthorityValidationFailed, ex); } } foreach (var entry in discoveryResponse?.Metadata ?? Enumerable.Empty <InstanceDiscoveryMetadataEntry>()) { foreach (var aliasedAuthority in entry?.Aliases ?? Enumerable.Empty <string>()) { InstanceCache.TryAdd(aliasedAuthority, entry); } } AddMetadataEntry(authority.Host); }
public async Task VerifyAnotherHostByInstanceDiscoveryAsync(string host, string tenant, CallState callState) { string instanceDiscoveryEndpoint = this.InstanceDiscoveryEndpoint; instanceDiscoveryEndpoint += ("?api-version=1.0&authorization_endpoint=" + AuthorizeEndpointTemplate); instanceDiscoveryEndpoint = instanceDiscoveryEndpoint.Replace("{host}", host); instanceDiscoveryEndpoint = instanceDiscoveryEndpoint.Replace("{tenant}", tenant); try { var client = new AdalHttpClient(instanceDiscoveryEndpoint, callState); InstanceDiscoveryResponse discoveryResponse = await client.GetResponseAsync <InstanceDiscoveryResponse>().ConfigureAwait(false); if (discoveryResponse.TenantDiscoveryEndpoint == null) { throw new AdalException(AdalError.AuthorityNotInValidList); } } catch (AdalServiceException ex) { throw new AdalException((ex.ErrorCode == "invalid_instance") ? AdalError.AuthorityNotInValidList : AdalError.AuthorityValidationFailed, ex); } }