private static string GetInteractiveClientToken(PACClientInfo clientInfo, PromptBehavior behavior) { // Dummy endpoint just to get unauthorized response var client = new HttpClient(); var query = $"{clientInfo.ServiceUrl}/api/status/4799049A-E623-4B2A-818A-3A674E106DE5"; var request = new HttpRequestMessage(HttpMethod.Get, new Uri(query)); using (var response = client.SendAsync(request).GetAwaiter().GetResult()) { if (response.StatusCode == System.Net.HttpStatusCode.Unauthorized) { // Method below found here: https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/wiki/Acquiring-tokens-interactively---Public-client-application-flows var authParams = AuthenticationParameters.CreateFromUnauthorizedResponseAsync(response).GetAwaiter().GetResult(); var authContext = new AuthenticationContext(authParams.Authority); var authResult = authContext.AcquireTokenAsync( resourceUrl, clientInfo.ClientId.ToString(), new Uri(redirectUrl), new PlatformParameters(behavior)).GetAwaiter().GetResult(); return(authResult.AccessToken); } else { throw new Exception($"Unable to connect to the service for authorization information. {response.ReasonPhrase}"); } } }
private static string GetApplicationClientToken(PACClientInfo clientInfo) { var client = new HttpClient(); var values = new Dictionary <string, string> { { "grant_type", "client_credentials" }, { "client_id", clientInfo.ClientId.ToString() }, { "client_secret", clientInfo.ClientSec }, { "resource", resourceUrl } }; var body = new FormUrlEncodedContent(values); var authUrl = $"https://login.microsoftonline.com/{clientInfo.TenantId}/oauth2/token"; var response = client.PostAsync(authUrl, body).GetAwaiter().GetResult(); var responseString = response.Content.ReadAsStringAsync().GetAwaiter().GetResult(); if (!response.IsSuccessStatusCode) { dynamic respdata = new JavaScriptSerializer().Deserialize <dynamic>(responseString); var error = respdata["error_description"]; throw new Exception(response.ReasonPhrase + "\n" + error); } var token = responseString.Split(new string[] { "\"access_token\":\"" }, StringSplitOptions.RemoveEmptyEntries)[1]; token = token.Split(new string[] { "\"}" }, StringSplitOptions.RemoveEmptyEntries)[0]; return(token); }
public static HttpClient GetClient(PACClientInfo clientInfo, PromptBehavior behavior) { if (clientInfo.ClientId.Equals(Guid.Empty)) { throw new ArgumentNullException("clientId"); } if (string.IsNullOrEmpty(clientInfo.Token)) { if (!clientInfo.TenantId.Equals(Guid.Empty) && !string.IsNullOrEmpty(clientInfo.ClientSec)) { clientInfo.Token = GetApplicationClientToken(clientInfo); } else if (!string.IsNullOrEmpty(clientInfo.ServiceUrl)) { clientInfo.Token = GetInteractiveClientToken(clientInfo, behavior); } } if (!string.IsNullOrEmpty(clientInfo.Token)) { var client = new HttpClient(); client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", clientInfo.Token); client.DefaultRequestHeaders.Add("accept", "application/json,application/x-ms-sarif-v2"); client.DefaultRequestHeaders.Add("x-ms-tenant-id", clientInfo.TenantId.ToString()); return(client); } throw new ArgumentException("Not enough parameters to connect PAC Client"); }
public static AnalysisStatus GetAnalysisStatus(PACClientInfo clientinfo, string statusurl) { var client = GetClient(clientinfo, PromptBehavior.Auto); if (client == null) { return(null); } var status = client.GetAsync(statusurl).GetAwaiter().GetResult().Content.ReadAsStringAsync().GetAwaiter().GetResult(); var jss = new JavaScriptSerializer(); return(jss.Deserialize <AnalysisStatus>(status)); }
public static string UploadSolution(PACClientInfo clientinfo, Guid corrid, string filepath) { var client = GetClient(clientinfo, PromptBehavior.Auto); if (client == null) { return(null); } var apiUrl = $"{clientinfo.ServiceUrl}/api/upload"; var file = File.ReadAllBytes(filepath); var filename = Path.GetFileName(filepath); client.DefaultRequestHeaders.Add("x-ms-correlation-id", corrid.ToString()); var reqcontent = new MultipartFormDataContent(); reqcontent.Add(new ByteArrayContent(file), filename, filename); var result = client.PostAsync(apiUrl, reqcontent).GetAwaiter().GetResult(); return(result.Content.ReadAsStringAsync().GetAwaiter().GetResult().TrimStart('[').TrimEnd(']').Trim('"')); }
public static HttpResponseMessage SendAnalysis(PACClientInfo clientinfo, AnalysisArgs args) { var client = GetClient(clientinfo, PromptBehavior.Auto); if (client == null) { return(null); } var apiUrl = $"{clientinfo.ServiceUrl}/api/analyze"; var values = new Dictionary <string, string> { { "sasUriList", $"[{string.Join(", ", args.Solutions.Select(s => $"\"{s.UploadUrl}\""))}]" }, }; if (args.RuleSets != null && args.RuleSets.Count > 0) { values.Add("ruleSets", $"[{{{string.Join(", ", args.RuleSets.Select(s => $"\"id\": \"{s.Id}\""))}}}]"); } else if (args.Rules != null) { values.Add("ruleCodes", $"[{string.Join(", ", args.Rules.Select(r => $"{{\"code\": \"{r.Code}\", \"include\": \"true\"}}"))}]"); } if (args.FileExclusions != null) { values.Add("fileExclusions", $"[{string.Join(", ", args.FileExclusions.Select(f => $"\"{f}\""))}]"); } var bodystr = "{" + string.Join(",", values.Select(v => "\"" + v.Key + "\":" + v.Value)) + "}"; var body = new StringContent(bodystr, Encoding.UTF8); client.DefaultRequestHeaders.Add("x-ms-correlation-id", args.CorrId.ToString()); client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); if (!string.IsNullOrEmpty(clientinfo.Language)) { client.DefaultRequestHeaders.AcceptLanguage.Add(new StringWithQualityHeaderValue(clientinfo.Language)); } return(client.PostAsync(apiUrl, body).GetAwaiter().GetResult()); }