public void Init() { // set this so we can fiddle ServicePointManager.ServerCertificateValidationCallback += delegate { return true; }; var auth = new DirectoryGraphAuthentication(ConfigurationManager.AppSettings["TenantId"], ConfigurationManager.AppSettings["SymmetricKey"], ConfigurationManager.AppSettings["AppPrincipalId"]); var accessToken = auth.GetAccessToken(); // you can cache this until token.ExpiresOn this.graph = new DirectoryGraph(ConfigurationManager.AppSettings["TenantId"], accessToken.AccessToken); }
public void Init() { // set this so we can fiddle ServicePointManager.ServerCertificateValidationCallback += delegate { return(true); }; var auth = new DirectoryGraphAuthentication(ConfigurationManager.AppSettings["TenantId"], ConfigurationManager.AppSettings["SymmetricKey"], ConfigurationManager.AppSettings["AppPrincipalId"]); var accessToken = auth.GetAccessToken(); // you can cache this until token.ExpiresOn this.graph = new DirectoryGraph(ConfigurationManager.AppSettings["TenantId"], accessToken.AccessToken); }
public async Task <ActionResult> Callback(string wresult, string wa, string wctx) { // http://www.tecsupra.com/blog/system-identitymodel-manually-parsing-the-saml-token/ var wrappedToken = XDocument.Parse(wresult); var requestedSecurityToken = wrappedToken.Root.Descendants("{http://schemas.xmlsoap.org/ws/2005/02/trust}RequestedSecurityToken").First(); var asssertion = requestedSecurityToken.DescendantNodes().First(); var xmlTextReader = asssertion.CreateReader(); var securityTokenHandlers = SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection(); // Fix for ID1032 http://blog.fabse.net/2013/01/10/id1032-at-least-one-audienceuri-must-be-specified-2/ securityTokenHandlers.Configuration.AudienceRestriction.AllowedAudienceUris.Add(new Uri(AzureAdAppUri)); securityTokenHandlers.Configuration.CertificateValidationMode = X509CertificateValidationMode.None; securityTokenHandlers.Configuration.CertificateValidator = X509CertificateValidator.None; securityTokenHandlers.Configuration.IssuerNameRegistry = new ValidatingIssuerNameRegistry(AzureAdAuthroAuthority); SecurityToken token = securityTokenHandlers.ReadToken(xmlTextReader); var viewModel = new CallbackViewModel(); var claimsIdentity = securityTokenHandlers.ValidateToken(token); var claimsPrincipal = new ClaimsPrincipal(claimsIdentity); viewModel.Claims = claimsPrincipal.Claims.ToList(); var tenantId = claimsPrincipal.Claims.Single(x => x.Type == "http://schemas.microsoft.com/identity/claims/tenantid") .Value; var waadRequest = new HttpClient(); string postData = "grant_type=client_credentials"; postData += "&resource=" + HttpUtility.UrlEncode("https://graph.windows.net"); postData += "&client_id=" + HttpUtility.UrlEncode(AzureAdAppClientId); postData += "&client_secret=" + HttpUtility.UrlEncode(AzureAdAppClientSecret); var waadRequestContent = new StringContent(postData, System.Text.Encoding.ASCII, "application/x-www-form-urlencoded"); string postUrl = string.Format("https://login.windows.net/{0}/oauth2/token?api-version=1.0", tenantId); var waadResult = await waadRequest.PostAsync(postUrl, waadRequestContent); waadResult.EnsureSuccessStatusCode(); var result = await waadResult.Content.ReadAsStringAsync(); var jObject = JObject.Parse(result); var accessToken = jObject.SelectToken("access_token"); var graph = new DirectoryGraph(tenantId, accessToken.Value <string>()); string nextPageUrl; var user = graph.GetUsers(out nextPageUrl); viewModel.Users = user; return(View(viewModel)); }