Exemplo n.º 1
0
        public async Task<ActionResult> Callback(string wresult, string wa, string wctx)
        {
            // http://www.tecsupra.com/blog/system-identitymodel-manually-parsing-the-saml-token/
            var wrappedToken = XDocument.Parse(wresult);
            var requestedSecurityToken = wrappedToken.Root.Descendants("{http://schemas.xmlsoap.org/ws/2005/02/trust}RequestedSecurityToken").First();
            var asssertion = requestedSecurityToken.DescendantNodes().First();

            var xmlTextReader = asssertion.CreateReader();

            var securityTokenHandlers = SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection();

            // Fix for ID1032 http://blog.fabse.net/2013/01/10/id1032-at-least-one-audienceuri-must-be-specified-2/
            securityTokenHandlers.Configuration.AudienceRestriction.AllowedAudienceUris.Add(new Uri(AzureAdAppUri));
            securityTokenHandlers.Configuration.CertificateValidationMode = X509CertificateValidationMode.None;
            securityTokenHandlers.Configuration.CertificateValidator = X509CertificateValidator.None;

            securityTokenHandlers.Configuration.IssuerNameRegistry = new ValidatingIssuerNameRegistry(AzureAdAuthroAuthority);

            SecurityToken token = securityTokenHandlers.ReadToken(xmlTextReader);

            var viewModel = new CallbackViewModel();

            var claimsIdentity = securityTokenHandlers.ValidateToken(token);

            var claimsPrincipal = new ClaimsPrincipal(claimsIdentity);

            viewModel.Claims = claimsPrincipal.Claims.ToList();

            var tenantId =
                claimsPrincipal.Claims.Single(x => x.Type == "http://schemas.microsoft.com/identity/claims/tenantid")
                               .Value;

            var waadRequest = new HttpClient();

            string postData = "grant_type=client_credentials";
            postData += "&resource=" + HttpUtility.UrlEncode("https://graph.windows.net");
            postData += "&client_id=" + HttpUtility.UrlEncode(AzureAdAppClientId);
            postData += "&client_secret=" + HttpUtility.UrlEncode(AzureAdAppClientSecret);
            var waadRequestContent = new StringContent(postData, System.Text.Encoding.ASCII, "application/x-www-form-urlencoded");

            string postUrl = string.Format("https://login.windows.net/{0}/oauth2/token?api-version=1.0", tenantId);

            var waadResult = await waadRequest.PostAsync(postUrl, waadRequestContent);

            waadResult.EnsureSuccessStatusCode();

            var result = await waadResult.Content.ReadAsStringAsync();

            var jObject = JObject.Parse(result);
            var accessToken = jObject.SelectToken("access_token");

            var graph = new DirectoryGraph(tenantId, accessToken.Value<string>());

            string nextPageUrl;

            var user = graph.GetUsers(out nextPageUrl);

            viewModel.Users = user;

            return View(viewModel);
        }
Exemplo n.º 2
0
        public async Task <ActionResult> Callback(string wresult, string wa, string wctx)
        {
            // http://www.tecsupra.com/blog/system-identitymodel-manually-parsing-the-saml-token/
            var wrappedToken           = XDocument.Parse(wresult);
            var requestedSecurityToken = wrappedToken.Root.Descendants("{http://schemas.xmlsoap.org/ws/2005/02/trust}RequestedSecurityToken").First();
            var asssertion             = requestedSecurityToken.DescendantNodes().First();

            var xmlTextReader = asssertion.CreateReader();

            var securityTokenHandlers = SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection();

            // Fix for ID1032 http://blog.fabse.net/2013/01/10/id1032-at-least-one-audienceuri-must-be-specified-2/
            securityTokenHandlers.Configuration.AudienceRestriction.AllowedAudienceUris.Add(new Uri(AzureAdAppUri));
            securityTokenHandlers.Configuration.CertificateValidationMode = X509CertificateValidationMode.None;
            securityTokenHandlers.Configuration.CertificateValidator      = X509CertificateValidator.None;

            securityTokenHandlers.Configuration.IssuerNameRegistry = new ValidatingIssuerNameRegistry(AzureAdAuthroAuthority);

            SecurityToken token = securityTokenHandlers.ReadToken(xmlTextReader);

            var viewModel = new CallbackViewModel();

            var claimsIdentity = securityTokenHandlers.ValidateToken(token);

            var claimsPrincipal = new ClaimsPrincipal(claimsIdentity);

            viewModel.Claims = claimsPrincipal.Claims.ToList();

            var tenantId =
                claimsPrincipal.Claims.Single(x => x.Type == "http://schemas.microsoft.com/identity/claims/tenantid")
                .Value;

            var waadRequest = new HttpClient();

            string postData = "grant_type=client_credentials";

            postData += "&resource=" + HttpUtility.UrlEncode("https://graph.windows.net");
            postData += "&client_id=" + HttpUtility.UrlEncode(AzureAdAppClientId);
            postData += "&client_secret=" + HttpUtility.UrlEncode(AzureAdAppClientSecret);
            var waadRequestContent = new StringContent(postData, System.Text.Encoding.ASCII, "application/x-www-form-urlencoded");

            string postUrl = string.Format("https://login.windows.net/{0}/oauth2/token?api-version=1.0", tenantId);

            var waadResult = await waadRequest.PostAsync(postUrl, waadRequestContent);

            waadResult.EnsureSuccessStatusCode();

            var result = await waadResult.Content.ReadAsStringAsync();

            var jObject     = JObject.Parse(result);
            var accessToken = jObject.SelectToken("access_token");

            var graph = new DirectoryGraph(tenantId, accessToken.Value <string>());

            string nextPageUrl;

            var user = graph.GetUsers(out nextPageUrl);

            viewModel.Users = user;

            return(View(viewModel));
        }