public static void ClearUserCache() { var userClaims = ClaimsPrincipal.Current.Identity as System.Security.Claims.ClaimsIdentity; // this is the tenant-specific authorization URL for the Azure AD v2 endpoint string tokenIssuerAuthority = ClaimsPrincipal.Current.FindFirst("iss").Value; // TenantId is the current organization's ID in Azure AD string tenantId = userClaims?.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid")?.Value; // objectidentifier is GUID-based identifier for Azure AD User Account of current user string currentUserId = userClaims?.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier")?.Value; // parse together Home Account ID for current user string homeAccountId = currentUserId + "." + tenantId; var appConfidential = ConfidentialClientApplicationBuilder.Create(clientId) .WithClientSecret(clientSecret) .WithRedirectUri(redirectUri) .WithAuthority(tokenIssuerAuthority) .Build(); // We only clear the user's tokens. MSALPerUserMemoryTokenCache userTokenCache = new MSALPerUserMemoryTokenCache(appConfidential.UserTokenCache); var user = appConfidential.GetAccountAsync(homeAccountId).Result; appConfidential.RemoveAsync(user); }
public static string GetAccessToken(string[] scopes) { var userClaims = ClaimsPrincipal.Current.Identity as System.Security.Claims.ClaimsIdentity; // this is the tenant-specific authorization URL for the Azure AD v2 endpoint string tokenIssuerAuthority = ClaimsPrincipal.Current.FindFirst("iss").Value; // TenantId is the current organization's ID in Azure AD string tenantId = userClaims?.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid")?.Value; // objectidentifier is GUID-based identifier for Azure AD User Account of current user string currentUserId = userClaims?.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier")?.Value; // parse together Home Account ID for current user string homeAccountId = currentUserId + "." + tenantId; var appConfidential = ConfidentialClientApplicationBuilder.Create(clientId) .WithClientSecret(clientSecret) .WithRedirectUri(redirectUri) .WithAuthority(tokenIssuerAuthority) .Build(); MSALPerUserMemoryTokenCache userTokenCache = new MSALPerUserMemoryTokenCache(appConfidential.UserTokenCache); try { var user = appConfidential.GetAccountAsync(homeAccountId).Result; AuthenticationResult authResult = appConfidential.AcquireTokenSilent(scopes, user).ExecuteAsync().Result; // return access token back to user return(authResult.AccessToken); } catch { // handle scenario when the user is signed-in browser but msalcache.json is not present on the local system // clear cache for current user in token cache ClearUserCache(); // sign out and redirect to home page string callbackUrl = redirectUri + "EmbedInfo/Embed"; HttpContext.Current.GetOwinContext().Authentication.SignOut( new AuthenticationProperties { RedirectUri = callbackUrl }, OpenIdConnectAuthenticationDefaults.AuthenticationType, CookieAuthenticationDefaults.AuthenticationType); } // return null when token acquisition fails return(null); }
private static async Task OnAuthorizationCodeCallback(AuthorizationCodeReceivedNotification context) { ClaimsIdentity userClaims = context.AuthenticationTicket.Identity; string userName = userClaims.Name; string tenantId = userClaims.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value; // Create URL for tenant-specific authority string tenantSpecificAuthority = tenantCommonAuthority.Replace("common", tenantId); var appConfidential = ConfidentialClientApplicationBuilder.Create(clientId) .WithClientSecret(clientSecret) .WithRedirectUri(redirectUri) .WithAuthority(tenantSpecificAuthority) .Build(); MSALPerUserMemoryTokenCache userTokenCache = new MSALPerUserMemoryTokenCache(appConfidential.UserTokenCache); string[] scopes = PowerBIPermissionScopes.ReadUserWorkspaces; IAccount user = appConfidential.GetAccountAsync(userName).Result; var authResult = await appConfidential.AcquireTokenByAuthorizationCode(scopes, context.Code).ExecuteAsync(); }