/// <summary> /// Creates an MSAL Confidential client application. /// </summary> private async Task <IConfidentialClientApplication> BuildConfidentialClientApplicationAsync() { if (!_applicationOptions.Instance.EndsWith("/", StringComparison.InvariantCulture)) { _applicationOptions.Instance += "/"; } string authority; IConfidentialClientApplication app; MicrosoftIdentityOptionsValidation microsoftIdentityOptionsValidation = new MicrosoftIdentityOptionsValidation(); if (microsoftIdentityOptionsValidation.ValidateClientSecret(_applicationOptions).Failed) { string msg = string.Format(CultureInfo.InvariantCulture, "Client secret cannot be null or whitespace, " + "and must be included in the configuration of the web app when calling a web API. " + "For instance, in the appsettings.json file. "); _logger.LogInformation(msg); throw new MsalClientException( "missing_client_credentials", msg); } try { var builder = ConfidentialClientApplicationBuilder .CreateWithApplicationOptions(_applicationOptions) .WithRedirectUri(CreateRedirectUri()) .WithHttpClientFactory(_httpClientFactory); if (_microsoftIdentityOptions.IsB2C) { authority = $"{ _applicationOptions.Instance}tfp/{_microsoftIdentityOptions.Domain}/{_microsoftIdentityOptions.DefaultUserFlow}"; builder.WithB2CAuthority(authority); app = builder.Build(); } else { authority = $"{ _applicationOptions.Instance}{_applicationOptions.TenantId}/"; builder.WithAuthority(authority); app = builder.Build(); } // Initialize token cache providers await _tokenCacheProvider.InitializeAsync(app.AppTokenCache).ConfigureAwait(false); await _tokenCacheProvider.InitializeAsync(app.UserTokenCache).ConfigureAwait(false); return(app); } catch (Exception ex) { _logger.LogInformation( ex, string.Format(CultureInfo.InvariantCulture, "Exception acquiring token for a confidential client. ")); throw; } }
/// <summary> /// Creates an MSAL Confidential client application /// </summary> /// <param name="claimsPrincipal"></param> /// <returns></returns> private IConfidentialClientApplication BuildConfidentialClientApplication() { var request = CurrentHttpContext.Request; var azureAdOptions = _azureAdOptions; var applicationOptions = _applicationOptions; string currentUri = UriHelper.BuildAbsolute( request.Scheme, request.Host, request.PathBase, azureAdOptions.CallbackPath ?? string.Empty); string authority = $"{applicationOptions.Instance}{applicationOptions.TenantId}/"; var app = ConfidentialClientApplicationBuilder .CreateWithApplicationOptions(applicationOptions) .WithRedirectUri(currentUri) .WithAuthority(authority) .Build(); // Initialize token cache providers _tokenCacheProvider?.InitializeAsync(app.AppTokenCache); _tokenCacheProvider?.InitializeAsync(app.UserTokenCache); return(app); }
/// <summary> /// Creates an MSAL Confidential client application. /// </summary> private async Task <IConfidentialClientApplication> BuildConfidentialClientApplicationAsync() { if (!_applicationOptions.Instance.EndsWith("/", StringComparison.InvariantCulture)) { _applicationOptions.Instance += "/"; } string authority; IConfidentialClientApplication app; MicrosoftIdentityOptionsValidation microsoftIdentityOptionsValidation = new MicrosoftIdentityOptionsValidation(); microsoftIdentityOptionsValidation.ValidateEitherClientCertificateOrClientSecret( _applicationOptions.ClientSecret, _microsoftIdentityOptions.ClientCertificates); try { var builder = ConfidentialClientApplicationBuilder .CreateWithApplicationOptions(_applicationOptions) .WithRedirectUri(CreateRedirectUri()) .WithHttpClientFactory(_httpClientFactory); if (_microsoftIdentityOptions.IsB2C) { authority = $"{_applicationOptions.Instance}tfp/{_microsoftIdentityOptions.Domain}/{_microsoftIdentityOptions.DefaultUserFlow}"; builder.WithB2CAuthority(authority); } else { authority = $"{_applicationOptions.Instance}{_applicationOptions.TenantId}/"; builder.WithAuthority(authority); } if (_microsoftIdentityOptions.ClientCertificates != null) { X509Certificate2 certificate = DefaultCertificateLoader.LoadFirstCertificate(_microsoftIdentityOptions.ClientCertificates); builder.WithCertificate(certificate); } app = builder.Build(); // Initialize token cache providers await _tokenCacheProvider.InitializeAsync(app.AppTokenCache).ConfigureAwait(false); await _tokenCacheProvider.InitializeAsync(app.UserTokenCache).ConfigureAwait(false); return(app); } catch (Exception ex) { _logger.LogInformation( ex, string.Format( CultureInfo.InvariantCulture, "Exception acquiring token for a confidential client. ")); throw; } }
/// <summary> /// Creates an MSAL Confidential client application /// </summary> /// <param name="claimsPrincipal"></param> /// <returns></returns> private async Task <IConfidentialClientApplication> BuildConfidentialClientApplicationAsync() { var request = CurrentHttpContext.Request; string currentUri = UriHelper.BuildAbsolute( request.Scheme, request.Host, request.PathBase, _microsoftIdentityOptions.CallbackPath.Value ?? string.Empty); if (!_applicationOptions.Instance.EndsWith("/")) { _applicationOptions.Instance += "/"; } string authority; IConfidentialClientApplication app; try { if (_microsoftIdentityOptions.IsB2C) { authority = $"{ _applicationOptions.Instance}tfp/{_microsoftIdentityOptions.Domain}/{_microsoftIdentityOptions.DefaultUserFlow}"; app = ConfidentialClientApplicationBuilder .CreateWithApplicationOptions(_applicationOptions) .WithRedirectUri(currentUri) .WithB2CAuthority(authority) .Build(); } else { authority = $"{ _applicationOptions.Instance}{_applicationOptions.TenantId}/"; app = ConfidentialClientApplicationBuilder .CreateWithApplicationOptions(_applicationOptions) .WithRedirectUri(currentUri) .WithAuthority(authority) .Build(); } // Initialize token cache providers await _tokenCacheProvider.InitializeAsync(app.AppTokenCache).ConfigureAwait(false); await _tokenCacheProvider.InitializeAsync(app.UserTokenCache).ConfigureAwait(false); return(app); } catch (Exception ex) { _logger.LogInformation(ex, "Exception acquiring token for a confidential client. "); throw; } }
/// <summary> /// Creates an MSAL Confidential client application /// </summary> /// <param name="claimsPrincipal"></param> /// <returns></returns> private IConfidentialClientApplication BuildConfidentialClientApplication() { var request = CurrentHttpContext.Request; var microsoftIdentityOptions = _microsoftIdentityOptions; var applicationOptions = _applicationOptions; string currentUri = UriHelper.BuildAbsolute( request.Scheme, request.Host, request.PathBase, microsoftIdentityOptions.CallbackPath.Value ?? string.Empty); if (!applicationOptions.Instance.EndsWith("/")) { applicationOptions.Instance += "/"; } string authority; IConfidentialClientApplication app = null; if (microsoftIdentityOptions.IsB2C) { authority = $"{applicationOptions.Instance}tfp/{microsoftIdentityOptions.Domain}/{microsoftIdentityOptions.DefaultUserFlow}"; app = ConfidentialClientApplicationBuilder .CreateWithApplicationOptions(applicationOptions) .WithRedirectUri(currentUri) .WithB2CAuthority(authority) .Build(); } else { authority = $"{applicationOptions.Instance}{applicationOptions.TenantId}/"; app = ConfidentialClientApplicationBuilder .CreateWithApplicationOptions(applicationOptions) .WithRedirectUri(currentUri) .WithAuthority(authority) .Build(); } // Initialize token cache providers _tokenCacheProvider?.InitializeAsync(app.AppTokenCache); _tokenCacheProvider?.InitializeAsync(app.UserTokenCache); return(app); }
private async Task <IConfidentialClientApplication> GetOrCreateApplication() { if (_confidentialClientApplication == null) { ConfidentialClientApplicationOptions options = new ConfidentialClientApplicationOptions() { ClientId = AppServicesAuthenticationInformation.ClientId, ClientSecret = AppServicesAuthenticationInformation.ClientSecret, Instance = AppServicesAuthenticationInformation.Issuer, }; _confidentialClientApplication = ConfidentialClientApplicationBuilder.CreateWithApplicationOptions(options) .WithHttpClientFactory(_httpClientFactory) .Build(); await _tokenCacheProvider.InitializeAsync(_confidentialClientApplication.AppTokenCache).ConfigureAwait(false); await _tokenCacheProvider.InitializeAsync(_confidentialClientApplication.UserTokenCache).ConfigureAwait(false); } return(_confidentialClientApplication); }
public static async Task <IConfidentialClientApplication> BuildConfidentialClientApplication() { IConfidentialClientApplication clientapp = ConfidentialClientApplicationBuilder.Create(AuthenticationConfig.ClientId) .WithClientSecret(AuthenticationConfig.ClientSecret) .WithRedirectUri(AuthenticationConfig.RedirectUri) .WithAuthority(new Uri(AuthenticationConfig.Authority)) .Build(); // After the ConfidentialClientApplication is created, we overwrite its default UserTokenCache serialization with our implementation IMsalTokenCacheProvider memoryTokenCacheProvider = CreateTokenCacheSerializer(); await memoryTokenCacheProvider.InitializeAsync(clientapp.UserTokenCache); return(clientapp); }
static async Task Main(string[] args) { string clientId = "812287fd-3ea3-49c6-b4ab-e8d41dea1f17"; string clientSecret = "[Enter here the secret register with your application]"; string tenant = "msidentitysamplestesting.onmicrosoft.com"; string[] scopes = new[] { "api://2d96f90e-a1a7-4ef5-b15c-87758986eb1a/.default" }; CacheImplementationDemo cacheImplementation = CacheImplementationDemo.InMemory; // Create the token cache (4 possible implementations) IMsalTokenCacheProvider msalTokenCacheProvider = CreateTokenCache(cacheImplementation); // Create the confidential client application IConfidentialClientApplication app; app = ConfidentialClientApplicationBuilder.Create(clientId) .WithClientSecret(clientSecret) .WithTenantId(tenant) .Build(); await msalTokenCacheProvider.InitializeAsync(app.UserTokenCache); await msalTokenCacheProvider.InitializeAsync(app.AppTokenCache); // Acquire a token (twice) var result = await app.AcquireTokenForClient(scopes) .ExecuteAsync(); Console.WriteLine(result.AuthenticationResultMetadata.TokenSource); result = await app.AcquireTokenForClient(scopes) .ExecuteAsync(); Console.WriteLine(result.AuthenticationResultMetadata.TokenSource); }
public static async Task RemoveAccount() { IConfidentialClientApplication clientapp = ConfidentialClientApplicationBuilder.Create(AuthenticationConfig.ClientId) .WithClientSecret(AuthenticationConfig.ClientSecret) .WithRedirectUri(AuthenticationConfig.RedirectUri) .WithAuthority(new Uri(AuthenticationConfig.Authority)) .Build(); // We only clear the user's tokens. IMsalTokenCacheProvider memoryTokenCacheProvider = CreateTokenCacheSerializer(); await memoryTokenCacheProvider.InitializeAsync(clientapp.UserTokenCache); var userAccount = await clientapp.GetAccountAsync(ClaimsPrincipal.Current.GetAccountId()); if (userAccount != null) { await clientapp.RemoveAsync(userAccount); } }
/// <summary> /// Creates an MSAL confidential client application. /// </summary> private async Task <IConfidentialClientApplication> BuildConfidentialClientApplicationAsync() { var request = CurrentHttpContext?.Request; string?currentUri = null; if (!string.IsNullOrEmpty(_applicationOptions.RedirectUri)) { currentUri = _applicationOptions.RedirectUri; } if (request != null && string.IsNullOrEmpty(currentUri)) { currentUri = UriHelper.BuildAbsolute( request.Scheme, request.Host, request.PathBase, _microsoftIdentityOptions.CallbackPath.Value ?? string.Empty); } PrepareAuthorityInstanceForMsal(); MicrosoftIdentityOptionsValidation.ValidateEitherClientCertificateOrClientSecret( _applicationOptions.ClientSecret, _microsoftIdentityOptions.ClientCertificates); try { var builder = ConfidentialClientApplicationBuilder .CreateWithApplicationOptions(_applicationOptions) .WithHttpClientFactory(_httpClientFactory) .WithLogging( Log, ConvertMicrosoftExtensionsLogLevelToMsal(_logger), enablePiiLogging: _applicationOptions.EnablePiiLogging); // The redirect URI is not needed for OBO if (!string.IsNullOrEmpty(currentUri)) { builder.WithRedirectUri(currentUri); } string authority; if (_microsoftIdentityOptions.IsB2C) { authority = $"{_applicationOptions.Instance}{ClaimConstants.Tfp}/{_microsoftIdentityOptions.Domain}/{_microsoftIdentityOptions.DefaultUserFlow}"; builder.WithB2CAuthority(authority); } else { authority = $"{_applicationOptions.Instance}{_applicationOptions.TenantId}/"; builder.WithAuthority(authority); } if (_microsoftIdentityOptions.ClientCertificates != null) { X509Certificate2?certificate = DefaultCertificateLoader.LoadFirstCertificate(_microsoftIdentityOptions.ClientCertificates); builder.WithCertificate(certificate); } IConfidentialClientApplication app = builder.Build(); _application = app; // Initialize token cache providers await _tokenCacheProvider.InitializeAsync(app.AppTokenCache).ConfigureAwait(false); await _tokenCacheProvider.InitializeAsync(app.UserTokenCache).ConfigureAwait(false); return(app); } catch (Exception ex) { _logger.LogInformation( ex, IDWebErrorMessage.ExceptionAcquiringTokenForConfidentialClient); throw; } }
/// <summary> /// Creates an MSAL Confidential client application. /// </summary> private async Task <IConfidentialClientApplication> BuildConfidentialClientApplicationAsync() { var request = CurrentHttpContext.Request; string currentUri = UriHelper.BuildAbsolute( request.Scheme, request.Host, request.PathBase, _microsoftIdentityOptions.CallbackPath.Value ?? string.Empty); if (!_applicationOptions.Instance.EndsWith("/", StringComparison.InvariantCulture)) { _applicationOptions.Instance += "/"; } MicrosoftIdentityOptionsValidation.ValidateEitherClientCertificateOrClientSecret( _applicationOptions.ClientSecret, _microsoftIdentityOptions.ClientCertificates); try { var builder = ConfidentialClientApplicationBuilder .CreateWithApplicationOptions(_applicationOptions) .WithRedirectUri(currentUri) .WithHttpClientFactory(_httpClientFactory); string authority; if (_microsoftIdentityOptions.IsB2C) { authority = $"{_applicationOptions.Instance}tfp/{_microsoftIdentityOptions.Domain}/{_microsoftIdentityOptions.DefaultUserFlow}"; builder.WithB2CAuthority(authority); } else { authority = $"{_applicationOptions.Instance}{_applicationOptions.TenantId}/"; builder.WithAuthority(authority); } if (_microsoftIdentityOptions.ClientCertificates != null) { X509Certificate2?certificate = DefaultCertificateLoader.LoadFirstCertificate(_microsoftIdentityOptions.ClientCertificates); builder.WithCertificate(certificate); } IConfidentialClientApplication app = builder.Build(); // Initialize token cache providers await _tokenCacheProvider.InitializeAsync(app.AppTokenCache).ConfigureAwait(false); await _tokenCacheProvider.InitializeAsync(app.UserTokenCache).ConfigureAwait(false); return(app); } catch (Exception ex) { _logger.LogInformation( ex, string.Format( CultureInfo.InvariantCulture, IDWebErrorMessage.ExceptionAcquiringTokenForConfidentialClient)); throw; } }