Exemplo n.º 1
0
        private static async Task <AuthenticationParameters> CreateFromResourceUrlCommonAsync(Uri resourceUrl)
        {
            if (resourceUrl == null)
            {
                throw new ArgumentNullException("resourceUrl");
            }

            AuthenticationParameters authParams;

            try
            {
                HttpClientWrapper request = new HttpClientWrapper(resourceUrl.AbsoluteUri, null);
                using (await request.GetResponseAsync().ConfigureAwait(false))
                {
                    var ex = new MsalException(MsalError.UnauthorizedResponseExpected);
                    PlatformPlugin.Logger.Error(null, ex);
                    throw ex;
                }
            }
            catch (HttpRequestWrapperException ex)
            {
                PlatformPlugin.Logger.Error(null, ex);
                IHttpWebResponse response = ex.WebResponse;
                if (response == null)
                {
                    var serviceEx = new MsalServiceException(MsalErrorMessage.UnauthorizedHttpStatusCodeExpected, ex);
                    PlatformPlugin.Logger.Error(null, serviceEx);
                    throw serviceEx;
                }

                authParams = CreateFromUnauthorizedResponseCommon(response);
            }

            return(authParams);
        }
 /// <summary>
 /// Process ADAL exception and provide common handlers.
 /// </summary>
 /// <param name="serviceUrl"></param>
 /// <param name="clientCredentials"></param>
 /// <param name="userCert"></param>
 /// <param name="clientId"></param>
 /// <param name="redirectUri"></param>
 /// <param name="promptBehavior"></param>
 /// <param name="isOnPrem"></param>
 /// <param name="authority"></param>
 /// <param name="logSink"></param>
 /// <param name="useDefaultCreds"></param>
 /// <param name="adalEx"></param>
 /// <param name="msalAuthClient"></param>
 private async static Task <ExecuteAuthenticationResults> ProcessAdalExecptionAsync(Uri serviceUrl, ClientCredentials clientCredentials, X509Certificate2 userCert, string clientId, Uri redirectUri, PromptBehavior promptBehavior, bool isOnPrem, string authority, object msalAuthClient, CdsTraceLogger logSink, bool useDefaultCreds, Microsoft.Identity.Client.MsalException adalEx)
 {
     if (adalEx.ErrorCode.Equals("interaction_required", StringComparison.OrdinalIgnoreCase) ||
         adalEx.ErrorCode.Equals("user_password_expired", StringComparison.OrdinalIgnoreCase) ||
         adalEx.ErrorCode.Equals("password_required_for_managed_user", StringComparison.OrdinalIgnoreCase) ||
         adalEx is Microsoft.Identity.Client.MsalUiRequiredException)
     {
         logSink.Log("ERROR REQUESTING TOKEN FROM THE AUTHENTICATION CONTEXT - USER intervention required", TraceEventType.Warning);
         // ADAL wants the User to do something,, determine if we are able to see a user
         if (promptBehavior == PromptBehavior.Always || promptBehavior == PromptBehavior.Auto)
         {
             // Switch to MFA user mode..
             Microsoft.Identity.Client.IAccount user = null;                      //TODO:UPDATE THIS OR REMOVE AS WE DETERMIN HOW TO SOLVE THIS ISSUE IN MSAL //  new Microsoft.Identity.Client.AccountId();
             user = null;
             //user = new UserIdentifier(clientCredentials.UserName.UserName, UserIdentifierType.OptionalDisplayableId);
             return(await ExecuteAuthenticateServiceProcessAsync(serviceUrl, null, userCert, clientId, redirectUri, promptBehavior, isOnPrem, authority, msalAuthClient, logSink, useDefaultCreds : useDefaultCreds, user : user));
         }
         else
         {
             logSink.Log("ERROR REQUESTING TOKEN FROM THE AUTHENTICATION CONTEXT - USER intervention required but not permitted by prompt behavior", TraceEventType.Error, adalEx);
             throw adalEx;
         }
     }
     else
     {
         logSink.Log("ERROR REQUESTING Token FROM THE Authentication context - General ADAL Error", TraceEventType.Error, adalEx);
         throw adalEx;
     }
 }