public async Task <IReadOnlyList <WebAccount> > FindAllWebAccountsAsync(WebAccountProvider provider, string clientID)
{
using (_logger.LogBlockDuration("WAM:FindAllWebAccountsAsync:"))
{
if (_logger.IsLoggingEnabled(LogLevel.Verbose))
{
_logger.VerbosePii(provider.ToLogString(true), provider.ToLogString(false));
}
// Win 10 RS3 release and above
if (!ApiInformation.IsMethodPresent(
"Windows.Security.Authentication.Web.Core.WebAuthenticationCoreManager",
"FindAllAccountsAsync"))
{
_logger.Info("[WamProxy] FindAllAccountsAsync method does not exist (it was introduced in Win 10 RS3). " +
"Returning 0 broker accounts. ");
return(Enumerable.Empty <WebAccount>().ToList());
}
FindAllAccountsResult findResult = await WebAuthenticationCoreManager.FindAllAccountsAsync(provider, clientID);
// This is expected to happen with the MSA provider, which does not allow account listing
if (findResult.Status != FindAllWebAccountsStatus.Success)
{
var error = findResult.ProviderError;
_logger.Info($"[WAM Proxy] WebAuthenticationCoreManager.FindAllAccountsAsync failed " +
$" with error code {error.ErrorCode} error message {error.ErrorMessage} and status {findResult.Status}");
return(Enumerable.Empty <WebAccount>().ToList());
}
_logger.Info($"[WAM Proxy] FindAllWebAccountsAsync returning {findResult.Accounts.Count()} WAM accounts");
return(findResult.Accounts);
}
}
public static async Task <IReadOnlyList <WebAccount> > FindAllAccountsAsync(WebAccountProvider provider, string clientID, ICoreLogger logger)
{
FindAllAccountsResult findResult = await WebAuthenticationCoreManager.FindAllAccountsAsync(provider, clientID);
// This is expected to happen with the MSA provider, which does not allow account listing
if (findResult.Status != FindAllWebAccountsStatus.Success)
{
var error = findResult.ProviderError;
logger.Info($"[WAM Proxy] WebAuthenticationCoreManager.FindAllAccountsAsync failed " +
$" with error code {error.ErrorCode} error message {error.ErrorMessage} and status {findResult.Status}");
return(Enumerable.Empty <WebAccount>().ToList());
}
logger.Info($"[WAM Proxy] FindAllWebAccountsAsync returning {findResult.Accounts.Count()} WAM accounts");
return(findResult.Accounts);
}
#pragma warning disable CS1998 // Async method lacks 'await' operators and will run synchronously
public async override Task <IToken> LoginAsync()
#pragma warning restore CS1998 // Async method lacks 'await' operators and will run synchronously
{
Logger.Log("Loggin in with a combination of WebAuthenticationBroker and WebAuthenticationCoreManager...");
string accessToken = string.Empty;
#if ENABLE_WINMD_SUPPORT
// RUN THIS ON HOLOLENS - SEE IF WE GET A SYSTEM DIALOG IN AN IMMERSIVE APP
//
string userId = Store.GetUserId(UserIdKey);
Logger.Log("User Id: " + userId);
//string URI = string.Format("ms-appx-web://Microsoft.AAD.BrokerPlugIn/{0}",
// WebAuthenticationBroker.GetCurrentApplicationCallbackUri().Host.ToUpper());
WebAccountProvider wap =
await WebAuthenticationCoreManager.FindAccountProviderAsync("https://login.microsoft.com", Authority);
Logger.Log($"Found Web Account Provider for organizations: {wap.DisplayName}");
var accts = await WebAuthenticationCoreManager.FindAllAccountsAsync(wap);
Logger.Log($"Find All Accounts Status = {accts.Status}");
if (accts.Status == FindAllWebAccountsStatus.Success)
{
foreach (var acct in accts.Accounts)
{
Logger.Log($"Account: {acct.UserName} {acct.State.ToString()}");
}
}
var sap = await WebAuthenticationCoreManager.FindSystemAccountProviderAsync(wap.Id);
if (sap != null)
{
string displayName = "Not Found";
if (sap.User != null)
{
displayName = (string)await sap.User.GetPropertyAsync("DisplayName");
Logger.Log($"Found system account provider {sap.DisplayName} with user {displayName} {sap.User.AuthenticationStatus.ToString()}");
}
}
Logger.Log("Web Account Provider: " + wap.DisplayName);
string resource = "https://sts.mixedreality.azure.com";
//var scope = "https://management.azure.com/user_impersonation";
//WebTokenRequest wtr = new WebTokenRequest(wap, scope, "3c663152-fdf9-4033-963f-c398c21212d9");
//WebTokenRequest wtr = new WebTokenRequest(wap, scope, "5c8c830a-4cf8-470e-ba0d-6d815feba800");
WebTokenRequest wtr = new WebTokenRequest(wap, "https://sts.mixedreality.azure.com/mixedreality.signin", ClientId);
wtr.Properties.Add("resource", resource);
WebAccount account = null;
if (!string.IsNullOrEmpty((string)userId))
{
account = await WebAuthenticationCoreManager.FindAccountAsync(wap, (string)userId);
if (account != null)
{
Logger.Log("Found account: " + account.UserName);
}
else
{
Logger.Log("Account not found");
}
}
WebTokenRequestResult tokenResponse = null;
try
{
if (account != null)
{
tokenResponse = await WebAuthenticationCoreManager.GetTokenSilentlyAsync(wtr, account);
}
else
{
tokenResponse = await WebAuthenticationCoreManager.GetTokenSilentlyAsync(wtr);
}
}
catch (Exception ex)
{
Logger.Log(ex.Message);
}
Logger.Log("Silent Token Response: " + tokenResponse.ResponseStatus.ToString());
if (tokenResponse.ResponseError != null)
{
Logger.Log("Error Code: " + tokenResponse.ResponseError.ErrorCode.ToString());
Logger.Log("Error Msg: " + tokenResponse.ResponseError.ErrorMessage.ToString());
foreach (var errProp in tokenResponse.ResponseError.Properties)
{
Logger.Log($"Error prop: ({errProp.Key}, {errProp.Value})");
}
}
if (tokenResponse.ResponseStatus == WebTokenRequestStatus.UserInteractionRequired)
{
var redirectUri = WebAuthenticationBroker.GetCurrentApplicationCallbackUri().AbsoluteUri;
var state = Guid.NewGuid().ToString();
var nonce = Guid.NewGuid().ToString();
//string url = "https://login.microsoftonline.com/common";
string url = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize";
var uri = new Uri($"{url}?" +
$"client_id={ClientId}&" +
$"scope={Uri.EscapeDataString("https://sts.mixedreality.azure.com/mixedreality.signin")} openid&" +
$"response_type=token&" +
$"state={Uri.EscapeDataString(state)}&" +
$"nonce={Uri.EscapeDataString(nonce)}&" +
$"redirect_uri={Uri.EscapeDataString(redirectUri)}");
var result = await WebAuthenticationBroker.AuthenticateAsync(WebAuthenticationOptions.None, uri, new Uri(redirectUri));
switch (result.ResponseStatus)
{
case WebAuthenticationStatus.Success:
Logger.Log("Authentication Successful!");
Logger.Log("Received data:");
Logger.Log(result.ResponseData);
accessToken = result.ResponseData.Split('=')[1];
break;
case WebAuthenticationStatus.UserCancel:
Logger.Log("User cancelled authentication. Try again.");
break;
case WebAuthenticationStatus.ErrorHttp:
Logger.Log("HTTP Error. Try again.");
Logger.Log(result.ResponseErrorDetail.ToString());
break;
default:
Logger.Log("Unknown Response");
break;
}
if (account != null && !string.IsNullOrEmpty(account.Id))
{
Store.SaveUser(UserIdKey, account.Id);
}
}
#endif
return(new AADToken(accessToken));
}
