Exemplo n.º 1
0
        public static void ClearUserCache()
        {
            var userClaims = ClaimsPrincipal.Current.Identity as System.Security.Claims.ClaimsIdentity;

            // this is the tenant-specific authorization URL for the Azure AD v2 endpoint
            string tokenIssuerAuthority = ClaimsPrincipal.Current.FindFirst("iss").Value;

            // TenantId is the current organization's ID in Azure AD
            string tenantId = userClaims?.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid")?.Value;

            // objectidentifier is GUID-based identifier for Azure AD User Account of current user
            string currentUserId = userClaims?.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier")?.Value;

            // parse together Home Account ID for current user
            string homeAccountId = currentUserId + "." + tenantId;

            var appConfidential = ConfidentialClientApplicationBuilder.Create(clientId)
                                  .WithClientSecret(clientSecret)
                                  .WithRedirectUri(redirectUri)
                                  .WithAuthority(tokenIssuerAuthority)
                                  .Build();

            // We only clear the user's tokens.
            MSALPerUserMemoryTokenCache userTokenCache = new MSALPerUserMemoryTokenCache(appConfidential.UserTokenCache);

            var user = appConfidential.GetAccountAsync(homeAccountId).Result;

            appConfidential.RemoveAsync(user);
        }
Exemplo n.º 2
0
        public static string GetAccessToken(string[] scopes)
        {
            var userClaims = ClaimsPrincipal.Current.Identity as System.Security.Claims.ClaimsIdentity;

            // this is the tenant-specific authorization URL for the Azure AD v2 endpoint
            string tokenIssuerAuthority = ClaimsPrincipal.Current.FindFirst("iss").Value;

            // TenantId is the current organization's ID in Azure AD
            string tenantId = userClaims?.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid")?.Value;

            // objectidentifier is GUID-based identifier for Azure AD User Account of current user
            string currentUserId = userClaims?.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier")?.Value;

            // parse together Home Account ID for current user
            string homeAccountId = currentUserId + "." + tenantId;

            var appConfidential = ConfidentialClientApplicationBuilder.Create(clientId)
                                  .WithClientSecret(clientSecret)
                                  .WithRedirectUri(redirectUri)
                                  .WithAuthority(tokenIssuerAuthority)
                                  .Build();

            MSALPerUserMemoryTokenCache userTokenCache = new MSALPerUserMemoryTokenCache(appConfidential.UserTokenCache);

            try
            {
                var user = appConfidential.GetAccountAsync(homeAccountId).Result;

                AuthenticationResult authResult = appConfidential.AcquireTokenSilent(scopes, user).ExecuteAsync().Result;

                // return access token back to user
                return(authResult.AccessToken);
            }
            catch
            {
                // handle scenario when the user is signed-in browser but msalcache.json is not present on the local system
                // clear cache for current user in token cache
                ClearUserCache();

                // sign out and redirect to home page
                string callbackUrl = redirectUri + "EmbedInfo/Embed";
                HttpContext.Current.GetOwinContext().Authentication.SignOut(
                    new AuthenticationProperties {
                    RedirectUri = callbackUrl
                },
                    OpenIdConnectAuthenticationDefaults.AuthenticationType, CookieAuthenticationDefaults.AuthenticationType);
            }

            // return null when token acquisition fails
            return(null);
        }
Exemplo n.º 3
0
        private static async Task OnAuthorizationCodeCallback(AuthorizationCodeReceivedNotification context)
        {
            ClaimsIdentity userClaims = context.AuthenticationTicket.Identity;
            string         userName   = userClaims.Name;
            string         tenantId   = userClaims.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;

            // Create URL for tenant-specific authority
            string tenantSpecificAuthority = tenantCommonAuthority.Replace("common", tenantId);

            var appConfidential = ConfidentialClientApplicationBuilder.Create(clientId)
                                  .WithClientSecret(clientSecret)
                                  .WithRedirectUri(redirectUri)
                                  .WithAuthority(tenantSpecificAuthority)
                                  .Build();

            MSALPerUserMemoryTokenCache userTokenCache = new MSALPerUserMemoryTokenCache(appConfidential.UserTokenCache);

            string[] scopes = PowerBIPermissionScopes.ReadUserWorkspaces;

            IAccount user = appConfidential.GetAccountAsync(userName).Result;

            var authResult = await appConfidential.AcquireTokenByAuthorizationCode(scopes, context.Code).ExecuteAsync();
        }