public async Task <string> GetUserAccessTokenAsync(bool is21v)
{
string signedInUserID = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value;
HttpContextBase httpContextBase = HttpContext.Current.GetOwinContext().Environment["System.Web.HttpContextBase"] as HttpContextBase;
SessionTokenCache tokenCache = new SessionTokenCache(signedInUserID, httpContextBase);
string tenantID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
AuthenticationContext authContext = new AuthenticationContext(string.Format((is21v ? Config.O365Authority21VNoCommon: Config.O365AuthorityNoCommon), tenantID), tokenCache);
ClientCredential clientCredential = new ClientCredential(is21v ? Config.O365ClientId21V: Config.O365ClientId,
is21v ? Config.O365Secret21V : Config.O365Secret);
string userObjectId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
UserIdentifier userId = new UserIdentifier(userObjectId, UserIdentifierType.UniqueId);
try
{
AuthenticationResult result = await authContext.AcquireTokenSilentAsync(is21v?Config.GraphResourceId21V : Config.GraphResourceId, clientCredential, userId);
return(result.AccessToken);
} catch (AdalException ex)
{
HttpContext.Current.Request.GetOwinContext().Authentication.Challenge(
new AuthenticationProperties()
{
RedirectUri = is21v ? Config.O365RedirectUri21V:Config.O365RedirectUri
},
OpenIdConnectAuthenticationDefaults.AuthenticationType);
throw new Exception($" {ex.Message}");
}
}
/// <summary>
/// Configure OWIN to use OpenIdConnect
/// </summary>
/// <param name="app"></param>
public static void ConfigurationAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions(MerchantTypeEnum.Office365.ToString())
{
ClientId = Config.O365ClientId,
Authority = Config.O365Authority,
RedirectUri = Config.O365RedirectUri,
PostLogoutRedirectUri = Config.O365RedirectUri,
Scope = OpenIdConnectScopes.OpenIdProfile,
TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters()
{
ValidateIssuer = false
},
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthenticationFailed = (AuthenticationFailedNotification <OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> context) => {
context.HandleResponse();
context.Response.Redirect("/?errormessage=" + context.Exception.Message);
return(Task.FromResult(0));
},
AuthorizationCodeReceived = async(context) =>
{
var code = context.Code;
Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential credential = new Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential(Config.O365ClientId, Config.O365Secret);
string tenantID = context.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
string signedInUserID = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value;
HttpContextBase httpContextBase = HttpContext.Current.GetOwinContext().Environment["System.Web.HttpContextBase"] as HttpContextBase;
SessionTokenCache tokenCache = new SessionTokenCache(signedInUserID, httpContextBase);
AuthenticationContext authContext = new AuthenticationContext(string.Format(Config.O365AuthorityNoCommon, tenantID), tokenCache);
Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationResult result = await authContext.AcquireTokenByAuthorizationCodeAsync(
code, new Uri(Config.O365RedirectUri), credential, Config.GraphResourceId);
}
}
}
);
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions(MerchantTypeEnum.Office365_21V.ToString())
{
ClientId = Config.O365ClientId21V,
Authority = Config.O365Authority21V,
TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters
{
ValidateIssuer = false,
},
Notifications = new OpenIdConnectAuthenticationNotifications()
{
AuthorizationCodeReceived = async(context) =>
{
var code = context.Code;
Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential credential = new Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential(Config.O365ClientId21V, Config.O365Secret21V);
string tenantID = context.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
string signedInUserID = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value;
HttpContextBase httpContextBase = HttpContext.Current.GetOwinContext().Environment["System.Web.HttpContextBase"] as HttpContextBase;
SessionTokenCache tokenCache = new SessionTokenCache(signedInUserID, httpContextBase);
AuthenticationContext authContext = new AuthenticationContext(string.Format(Config.O365Authority21VNoCommon, tenantID), tokenCache);
Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationResult result = await authContext.AcquireTokenByAuthorizationCodeAsync(
code, new Uri(Config.O365RedirectUri21V), credential, Config.GraphResourceId21V);
},
RedirectToIdentityProvider = (context) =>
{
context.ProtocolMessage.RedirectUri = Config.O365RedirectUri21V;
context.ProtocolMessage.PostLogoutRedirectUri = Config.URL + "/Account/SignOut";
return(Task.FromResult(0));
},
AuthenticationFailed = (context) =>
{
context.OwinContext.Response.Redirect("/Error/NotFound");
context.HandleResponse();
return(Task.FromResult(0));
}
}
});
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions("SharepointOnline")
{
ClientId = Config.SPOnlineClientId,
Authority = Config.SPOnlineAuthority,
TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters
{
// instead of using the default validation (validating against a single issuer value, as we do in line of business apps),
// we inject our own multitenant validation logic
ValidateIssuer = false,
},
Notifications = new OpenIdConnectAuthenticationNotifications()
{
//AuthorizationCodeReceived = async (context) =>
//{
// var code = context.Code;
// Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential credential = new Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential(Config.SPOnlineClientId, Config.SPOnlineSecret);
// string tenantID = context.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
// string signedInUserID = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value;
// HttpContextBase httpContextBase = HttpContext.Current.GetOwinContext().Environment["System.Web.HttpContextBase"] as HttpContextBase;
// SessionTokenCache tokenCache = new SessionTokenCache(signedInUserID, httpContextBase);
// AuthenticationContext authContext = new AuthenticationContext(string.Format(Config.SPOnlineAuthorityNoCommon, tenantID), tokenCache);
// Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationResult result = await authContext.AcquireTokenByAuthorizationCodeAsync(
// code, new Uri(Config.SPOnlineRedirectUri), credential, Config.GraphResourceId);
// // log.Info("认证成功:" + signedInUserID);
// },
RedirectToIdentityProvider = (context) =>
{
// This ensures that the address used for sign in and sign out is picked up dynamically from the request
// this allows you to deploy your app (to Azure Web Sites, for example)without having to change settings
// Remember that the base URL of the address used here must be provisioned in Azure AD beforehand.
// string appBaseUrl = context.Request.Scheme + "://" + context.Request.Host + context.Request.PathBase;
context.ProtocolMessage.RedirectUri = Config.SPOnlineRedirectUri;
//log.Info("回掉地址"+Config.O365RedirectUri21V);
context.ProtocolMessage.PostLogoutRedirectUri = Config.URL + "/Account/SignOut";
return(Task.FromResult(0));
},
AuthenticationFailed = (context) =>
{
//context.OwinContext.Response.Redirect("/Error/NotFound");
context.HandleResponse(); // Suppress the exception
return(Task.FromResult(0));
}
}
});
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions("SharepointOnline21V")
{
ClientId = Config.SPOnlineClientId21V,
Authority = Config.SPOnlineAuthority21V,
TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters
{
// instead of using the default validation (validating against a single issuer value, as we do in line of business apps),
// we inject our own multitenant validation logic
ValidateIssuer = false,
},
Notifications = new OpenIdConnectAuthenticationNotifications()
{
RedirectToIdentityProvider = (context) =>
{
context.ProtocolMessage.RedirectUri = Config.SPOnlineRedirectUri;
context.ProtocolMessage.PostLogoutRedirectUri = Config.URL + "/Account/SignOut";
return(Task.FromResult(0));
},
AuthenticationFailed = (context) =>
{
// context.OwinContext.Response.Redirect("/Error/NotFound");
context.HandleResponse(); // Suppress the exception
return(Task.FromResult(0));
}
}
});
}