public static async Task <string> GetADALAccessToken(this IBotContext context, string resource)
{
AuthenticationSettings authenticationSettings = AuthenticationSettings.GetFromAppSettings();
AuthenticationResult authenticationResult;
string authenticationKey = AuthenticationConstants.AuthDialogId_AzureAD + '_' + AuthenticationConstants.AuthResultKey;
if (context.UserData.TryGetValue(authenticationKey, out authenticationResult))
{
try
{
var tokenCache = TokenCacheFactory.SetADALTokenCache(authenticationResult.TokenCache);
var result = await AzureADHelper.GetToken(authenticationResult.UserUniqueId, authenticationSettings, resource);
authenticationResult.AccessToken = result.AccessToken;
authenticationResult.ExpiresOnUtcTicks = result.ExpiresOnUtcTicks;
authenticationResult.TokenCache = tokenCache.Serialize();
context.StoreAuthResult(authenticationResult);
}
catch (Exception ex)
{
Trace.TraceError("Failed to renew token: " + ex.Message);
await context.PostAsync("Your credentials expired and could not be renewed automatically!");
await context.Logout(authenticationSettings);
return(null);
}
return(authenticationResult.AccessToken);
}
return(null);
}
protected override async Task <Auth.AuthenticationResult> GetTokenByAuthCodeAsync(NameValueCollection parameters)
{
string code = parameters["code"];
AuthenticationSettings authenticationSettings = AuthenticationSettings.GetFromAppSettings();
// Exchange the Auth code with Access token
var token = await AzureADHelper.GetTokenByAuthCodeAsync(code, authenticationSettings);
return(token);
}
public static async Task <OAuth.AuthenticationResult> GetToken(string userUniqueId, OAuth.AuthenticationRequest request)
{
AuthenticationSettings authenticationSettings = AuthenticationSettings.GetFromAppSettings();
OAuth.AuthenticationResult authenticationResult;
var tokenCache = OAuth.TokenCacheFactory.GetTokenCache <ADALTokenCache>(request);
Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext context = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext(authenticationSettings.EndpointUrl + "/" + authenticationSettings.Tenant, tokenCache);
var result = await context.AcquireTokenSilentAsync(request.ResourceId, new Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential(authenticationSettings.ClientId, authenticationSettings.ClientSecret), new Microsoft.IdentityModel.Clients.ActiveDirectory.UserIdentifier(userUniqueId, Microsoft.IdentityModel.Clients.ActiveDirectory.UserIdentifierType.UniqueId));
authenticationResult = ConvertAuthenticationResult(result, tokenCache);
return(authenticationResult);
}
public static async Task <OAuth.AuthenticationResult> GetTokenByAuthCodeAsync(string authorizationCode, OAuth.AuthenticationRequest request)
{
AuthenticationSettings authenticationSettings = AuthenticationSettings.GetFromAppSettings();
OAuth.AuthenticationResult authenticationResult;
var tokenCache = OAuth.TokenCacheFactory.GetTokenCache <ADALTokenCache>(request);
Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext context = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext(authenticationSettings.EndpointUrl + "/" + authenticationSettings.Tenant, tokenCache);
Uri redirectUri = new Uri(authenticationSettings.RedirectUrl);
var result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, redirectUri, new Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential(authenticationSettings.ClientId, authenticationSettings.ClientSecret));
authenticationResult = ConvertAuthenticationResult(result, tokenCache);
return(authenticationResult);
}
public static async Task <string> GetAuthUrlAsync(ResumptionCookie resumptionCookie, string resourceId)
{
var extraParameters = AuthUtilities.EncodeResumptionCookie(resumptionCookie);
AuthenticationSettings authenticationSettings = AuthenticationSettings.GetFromAppSettings();
Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext context = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext(authenticationSettings.EndpointUrl + "/" + authenticationSettings.Tenant);
Uri redirectUri = new Uri(authenticationSettings.RedirectUrl);
var uri = await context.GetAuthorizationRequestUrlAsync(
resourceId,
authenticationSettings.ClientId,
redirectUri,
Microsoft.IdentityModel.Clients.ActiveDirectory.UserIdentifier.AnyUser,
$"state={extraParameters}&response_mode=form_post");
return(uri.ToString());
}
public static async Task <object> HandleOAuthCallback(HttpRequestMessage req, uint maxWriteAttempts)
{
try
{
var queryParams = req.RequestUri.ParseQueryString();
if (req.Method != HttpMethod.Post)
{
throw new ArgumentException("The OAuth postback handler only supports POST requests.");
}
var formData = await req.Content.ReadAsFormDataAsync();
string stateStr = formData["state"];
string code = formData["code"];
var resumptionCookie = UrlToken.Decode <ResumptionCookie>(stateStr);
var message = resumptionCookie.GetMessage();
using (var scope = DialogModule.BeginLifetimeScope(Conversation.Container, message))
{
AuthenticationSettings authSettings = AuthenticationSettings.GetFromAppSettings();
var client = scope.Resolve <IConnectorClient>();
AuthenticationResult authenticationResult = await AzureActiveDirectoryHelper.GetTokenByAuthCodeAsync(code, authSettings);
IStateClient sc = scope.Resolve <IStateClient>();
//IMPORTANT: DO NOT REMOVE THE MAGIC NUMBER CHECK THAT WE DO HERE. THIS IS AN ABSOLUTE SECURITY REQUIREMENT
//REMOVING THIS WILL REMOVE YOUR BOT AND YOUR USERS TO SECURITY VULNERABILITIES.
//MAKE SURE YOU UNDERSTAND THE ATTACK VECTORS AND WHY THIS IS IN PLACE.
int magicNumber = GenerateRandomNumber();
bool writeSuccessful = false;
uint writeAttempts = 0;
while (!writeSuccessful && writeAttempts++ < maxWriteAttempts)
{
try
{
BotData userData = sc.BotState.GetUserData(message.ChannelId, message.From.Id);
userData.SetProperty(AuthenticationConstants.AuthResultKey, authenticationResult);
userData.SetProperty(AuthenticationConstants.MagicNumberKey, magicNumber);
userData.SetProperty(AuthenticationConstants.MagicNumberValidated, "false");
sc.BotState.SetUserData(message.ChannelId, message.From.Id, userData);
writeSuccessful = true;
}
catch (HttpOperationException)
{
writeSuccessful = false;
}
}
var resp = new HttpResponseMessage(HttpStatusCode.OK);
if (!writeSuccessful)
{
message.Text = String.Empty; // fail the login process if we can't write UserData
await Conversation.ResumeAsync(resumptionCookie, message);
resp.Content = new StringContent("<html><body>Could not log you in at this time, please try again later</body></html>", System.Text.Encoding.UTF8, @"text/html");
}
else
{
await Conversation.ResumeAsync(resumptionCookie, message);
resp.Content = new StringContent($"<html><body>Almost done! Please copy this number and paste it back to your chat so your authentication can complete:<br/> <h1>{magicNumber}</h1>.</body></html>", System.Text.Encoding.UTF8, @"text/html");
}
return(resp);
}
}
catch (Exception ex)
{
// Callback is called with no pending message as a result the login flow cannot be resumed.
return(req.CreateErrorResponse(HttpStatusCode.BadRequest, ex));
}
}
//private static async Task<string> GetAuthUrlAsync(ResumptionCookie resumptionCookie, AuthenticationSettings authenticationSettings, string[] scopes)
//{
// Uri redirectUri = new Uri(authenticationSettings.RedirectUrl);
// if (authenticationSettings.Mode == AuthenticationMode.V2)
// {
// MSALTokenCache tokenCache = new MSALTokenCache();
// Microsoft.Identity.Client.ConfidentialClientApplication client = new Microsoft.Identity.Client.ConfidentialClientApplication(authenticationSettings.ClientId, redirectUri.ToString(),
// new Microsoft.Identity.Client.ClientCredential(authenticationSettings.ClientSecret),
// tokenCache);
// //var uri = "https://login.microsoftonline.com/" + AuthSettings.Tenant + "/oauth2/v2.0/authorize?response_type=code" +
// // "&client_id=" + AuthSettings.ClientId +
// // "&client_secret=" + AuthSettings.ClientSecret +
// // "&redirect_uri=" + HttpUtility.UrlEncode(AuthSettings.RedirectUrl) +
// // "&scope=" + HttpUtility.UrlEncode("openid profile " + string.Join(" ", scopes)) +
// // "&state=" + encodedCookie;
// var stateString = EncodeResumptionCookie(resumptionCookie);
// var uri = await client.GetAuthorizationRequestUrlAsync(
// scopes,
// null,
// $"state={stateString}");
// return uri.ToString();
// }
// else if (authenticationSettings.Mode == AuthenticationMode.B2C)
// {
// return null;
// }
// return null;
//}
public static async Task <AuthenticationResult> GetTokenByAuthCodeAsync(string authorizationCode)
{
AuthenticationSettings authenticationSettings = AuthenticationSettings.GetFromAppSettings();
return(await GetTokenByAuthCodeAsync(authorizationCode, authenticationSettings));
}