Пример #1
0
        private string IssueTenantAccessToken(string tenantId)
        {
            string text  = string.Format("{0}@{1}", this.settings.PartnerId, tenantId);
            string arg   = string.Format("{0}/{1}", this.settings.AcsId, this.settings.AcsUrl.Authority);
            string text2 = string.Format("{0}@{1}", arg, tenantId);
            JsonWebSecurityToken jsonWebSecurityToken = new JsonWebSecurityToken(text, text2, DateTime.UtcNow, DateTime.UtcNow.AddDays(1.0), Enumerable.Empty <JsonWebTokenClaim>(), CertificateStore.GetSigningCredentials(this.settings.CertificateSubject));
            string text3 = string.Format("{0}/{1}@{2}", this.settings.ServiceId, this.settings.ServiceHostName, tenantId);
            OAuth2AccessTokenRequest oauth2AccessTokenRequest = OAuth2MessageFactory.CreateAccessTokenRequestWithAssertion(jsonWebSecurityToken, text3);

            oauth2AccessTokenRequest.Scope = text3;
            OAuth2S2SClient           oauth2S2SClient           = new OAuth2S2SClient();
            OAuth2AccessTokenResponse oauth2AccessTokenResponse = (OAuth2AccessTokenResponse)oauth2S2SClient.Issue(this.settings.AcsUrl.AbsoluteUri, oauth2AccessTokenRequest);

            return(oauth2AccessTokenResponse.AccessToken);
        }
Пример #2
0
        private static string GetACSToken(OrganizationId tenantID, IConfigurationSession dataSession, ExecutionLog logger, Task task)
        {
            string             result           = null;
            LocalTokenIssuer   localTokenIssuer = new LocalTokenIssuer(tenantID);
            LocalConfiguration configuration    = ConfigProvider.Instance.Configuration;
            Uri    uri           = null;
            string text          = null;
            string applicationId = configuration.ApplicationId;
            string text2         = null;

            foreach (PartnerApplication partnerApplication in configuration.PartnerApplications)
            {
                if (partnerApplication.Enabled && partnerApplication.Name.Contains("Intune"))
                {
                    text2 = partnerApplication.ApplicationIdentifier;
                    break;
                }
            }
            foreach (AuthServer authServer in configuration.AuthServers)
            {
                if (authServer.Enabled && authServer.Type == AuthServerType.MicrosoftACS)
                {
                    text = authServer.IssuerIdentifier;
                    uri  = new Uri(authServer.TokenIssuingEndpoint);
                    break;
                }
            }
            if (localTokenIssuer.SigningCert == null)
            {
                logger.LogOneEntry(task.GetType().Name, string.Empty, ExecutionLog.EventType.Error, "No certificate found.", null);
            }
            if (text2 == null)
            {
                logger.LogOneEntry(task.GetType().Name, string.Empty, ExecutionLog.EventType.Error, "No partnerId found.", null);
            }
            if (uri == null)
            {
                logger.LogOneEntry(task.GetType().Name, string.Empty, ExecutionLog.EventType.Error, "No authorizationEndpoint found.", null);
            }
            if (string.IsNullOrEmpty(text))
            {
                logger.LogOneEntry(task.GetType().Name, string.Empty, ExecutionLog.EventType.Error, "No issuerIdentifier found.", null);
            }
            if (localTokenIssuer.SigningCert != null && text2 != null && uri != null && !string.IsNullOrEmpty(text))
            {
                string arg  = applicationId;
                string arg2 = text2;
                string intuneResourceUrl = UnifiedPolicyConfiguration.GetInstance().GetIntuneResourceUrl(dataSession);
                string arg3      = text;
                string authority = uri.Authority;
                string text3     = string.Format("{0}@{1}", arg, tenantID.ToExternalDirectoryOrganizationId());
                string text4     = string.Format("{0}/{1}@{2}", arg3, authority, tenantID.ToExternalDirectoryOrganizationId());
                string text5     = string.Format("{0}/{1}@{2}", arg2, intuneResourceUrl, tenantID.ToExternalDirectoryOrganizationId());
                X509SigningCredentials   x509SigningCredentials   = new X509SigningCredentials(localTokenIssuer.SigningCert, "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", "http://www.w3.org/2001/04/xmlenc#sha256");
                JsonWebSecurityToken     jsonWebSecurityToken     = new JsonWebSecurityToken(text3, text4, DateTime.UtcNow, DateTime.UtcNow.AddMinutes(5.0), new List <JsonWebTokenClaim>(), x509SigningCredentials);
                OAuth2AccessTokenRequest oauth2AccessTokenRequest = OAuth2MessageFactory.CreateAccessTokenRequestWithAssertion(jsonWebSecurityToken, text5);
                OAuth2S2SClient          oauth2S2SClient          = new OAuth2S2SClient();
                try
                {
                    OAuth2AccessTokenResponse oauth2AccessTokenResponse = (OAuth2AccessTokenResponse)oauth2S2SClient.Issue(uri.AbsoluteUri, oauth2AccessTokenRequest);
                    if (oauth2AccessTokenResponse != null)
                    {
                        result = "Bearer " + oauth2AccessTokenResponse.AccessToken;
                    }
                }
                catch (RequestFailedException ex)
                {
                    ex.ToString();
                    WebException    ex2             = (WebException)ex.InnerException;
                    HttpWebResponse httpWebResponse = (HttpWebResponse)ex2.Response;
                    Stream          responseStream  = httpWebResponse.GetResponseStream();
                    Encoding        encoding        = Encoding.GetEncoding("utf-8");
                    string          text6           = "Auth service call failed: ";
                    if (responseStream != null)
                    {
                        StreamReader streamReader = new StreamReader(responseStream, encoding);
                        char[]       array        = new char[256];
                        for (int k = streamReader.Read(array, 0, 256); k > 0; k = streamReader.Read(array, 0, 256))
                        {
                            text6 += new string(array, 0, k);
                        }
                    }
                    logger.LogOneEntry(task.GetType().Name, string.Empty, ExecutionLog.EventType.Error, text6, ex);
                }
            }
            return(result);
        }