public async Task <DeviceGuardConfig> SignIn(bool validateSubject = false, CancellationToken cancellationToken = default, IProgress <ProgressData> progress = default) { var factory = new MsixHeroClientFactory(); string refreshToken = null; EventHandler <string> gotRefreshToken = (_, s) => { refreshToken = s; }; progress?.Report(new ProgressData(0, "Signing-in...")); try { factory.GotRefreshToken += gotRefreshToken; var clientApp = PublicClientApplicationBuilder.Create("4dd963fd-7400-4ce3-bc90-0bed2b65820d") .WithRedirectUri("https://login.microsoftonline.com/common/oauth2/nativeclient") .WithHttpClientFactory(factory) .Build(); await clientApp.GetAccountsAsync().ConfigureAwait(true); var result = await clientApp.AcquireTokenInteractive(Scope).WithPrompt(Prompt.ForceLogin).ExecuteAsync(cancellationToken).ConfigureAwait(false); var tokens = new DeviceGuardConfig(result.AccessToken, refreshToken); if (validateSubject) { progress?.Report(new ProgressData(50, "Validating signing capabilities...")); var dgh = new DeviceGuardHelper(); var json = await this.CreateDeviceGuardJsonTokenFile(new DeviceGuardConfig(result.AccessToken, refreshToken), cancellationToken).ConfigureAwait(false); try { // set the result subject. tokens.Subject = await dgh.GetSubjectFromDeviceGuardSigning(json, cancellationToken).ConfigureAwait(false); } finally { if (json != null && File.Exists(json)) { File.Delete(json); } } } return(tokens); } finally { factory.GotRefreshToken -= gotRefreshToken; } }
public async Task <DeviceGuardConfig> SignIn(CancellationToken cancellationToken = default, IProgress <ProgressData> progress = null) { Logger.Info("Signing in to AzureAD..."); progress?.Report(new ProgressData(50, "Waiting for authentication...")); var tokens = new DeviceGuardConfig(); var pipeName = "msixhero-" + Guid.NewGuid().ToString("N"); await using (var namedPipeServer = new NamedPipeServerStream(pipeName, PipeDirection.In)) { var entry = (Assembly.GetEntryAssembly() ?? Assembly.GetExecutingAssembly()).Location; // ReSharper disable once AssignNullToNotNullAttribute var startPath = Path.Combine(Path.GetDirectoryName(entry), "DGSS", "msixhero-dgss.exe"); Logger.Debug($"Starting {startPath}..."); var process = new ProcessStartInfo( startPath, pipeName); var tcs = new TaskCompletionSource <int>(); var start = Process.Start(process); if (start == null) { throw new InvalidOperationException(); } start.EnableRaisingEvents = true; start.Exited += (sender, args) => { tcs.SetResult(start.ExitCode); }; await namedPipeServer.WaitForConnectionAsync(cancellationToken).ConfigureAwait(false); var bufferInt = new byte[4]; await namedPipeServer.ReadAsync(bufferInt, 0, bufferInt.Length, cancellationToken).ConfigureAwait(false); var bufferObj = new byte[BitConverter.ToInt32(bufferInt, 0)]; await namedPipeServer.ReadAsync(bufferObj, 0, bufferObj.Length, cancellationToken).ConfigureAwait(false); var text = System.Text.Encoding.UTF8.GetString(bufferObj); var obj = JObject.Parse(text); if (obj["exception"] != null) { var type = obj["exception"]["type"]?.Value <string>(); var message = obj["exception"]["message"]?.Value <string>(); var errorCode = obj["exception"]["errorCode"]?.Value <string>(); Logger.Error($"Got exception (type: {type}, error code: {errorCode}, message: {message}"); switch (type) { case nameof(AuthenticationException): throw new AuthenticationException(message); case nameof(MsalException): throw new MsalException(errorCode ?? "1", message); case nameof(MsalClientException): throw new MsalClientException(errorCode ?? "1", message); default: throw new Exception(message); } } tokens.AccessToken = obj["access_token"]?.Value <string>(); tokens.RefreshToken = obj["refresh_token"]?.Value <string>(); Logger.Info("Got access and refresh token!"); await tcs.Task.ConfigureAwait(false); } string tempJsonFile = null; try { var dgh = new DeviceGuardHelper(); progress?.Report(new ProgressData(75, "Verifying signing capabilities...")); tempJsonFile = await this.CreateDeviceGuardJsonTokenFile(tokens, cancellationToken).ConfigureAwait(false); progress?.Report(new ProgressData(98, "Verifying signing capabilities...")); var subject = await dgh.GetSubjectFromDeviceGuardSigning(tempJsonFile, cancellationToken).ConfigureAwait(false); tokens.Subject = subject; } finally { if (tempJsonFile != null) { Logger.Debug($"Removing {tempJsonFile}..."); ExceptionGuard.Guard(() => File.Delete(tempJsonFile)); } } return(tokens); }