//
// The Client ID is used by the application to uniquely identify itself to Azure AD.
// The App Key is a credential used to authenticate the application to Azure AD. Azure AD supports password and certificate credentials.
// The Metadata Address is used by the application to retrieve the signing keys used by Azure AD.
// The AAD Instance is the instance of Azure, for example public Azure or Azure China.
// The Authority is the sign-in URL of the tenant.
// The Post Logout Redirect Uri is the URL where the user will be redirected after they sign out.
//
// This is the resource ID of the AAD Graph API. We'll need this to request a token to call the Graph API.
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = MediaLibraryWebApp.Configuration.ClientId,
Authority = MediaLibraryWebApp.Configuration.Authority,
PostLogoutRedirectUri = MediaLibraryWebApp.Configuration.PostLogoutRedirectUri,
Notifications = new OpenIdConnectAuthenticationNotifications()
{
//
// If there is a code in the OpenID Connect response, redeem it for an access token and refresh token, and store those away.
//
AuthorizationCodeReceived = (context) =>
{
var code = context.Code;
System.IdentityModel.Tokens.JwtSecurityToken jwtToken = context.JwtSecurityToken;
string userObjectID = context.AuthenticationTicket.Identity.FindFirst(MediaLibraryWebApp.Configuration.ClaimsObjectidentifier).Value;
Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential credential = new Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential(MediaLibraryWebApp.Configuration.ClientId, MediaLibraryWebApp.Configuration.AppKey);
NaiveSessionCache cache = new NaiveSessionCache(userObjectID);
AuthenticationContext authContext = new AuthenticationContext(MediaLibraryWebApp.Configuration.Authority, cache);
//Getting a token to connect with GraphApi later on userProfile page
AuthenticationResult graphAPiresult = authContext.AcquireTokenByAuthorizationCode(code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, MediaLibraryWebApp.Configuration.GraphResourceId);
//Getting a access token which can be used to configure auth restrictions for multiple tentants since audience will be same for each web app requesting this token
AuthenticationResult kdAPiresult = authContext.AcquireTokenByAuthorizationCode(code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, MediaLibraryWebApp.Configuration.KdResourceId);
string kdAccessToken = kdAPiresult.AccessToken;
//Initializing MediaServicesCredentials in order to obtain access token to be used to connect
var amsCredentials = new MediaServicesCredentials(MediaLibraryWebApp.Configuration.MediaAccount, MediaLibraryWebApp.Configuration.MediaKey);
//Forces to get access token
amsCredentials.RefreshToken();
//Adding token to a claim so it can be accessible within controller
context.AuthenticationTicket.Identity.AddClaim(new Claim(MediaLibraryWebApp.Configuration.ClaimsSignInJwtToken, jwtToken.RawData));
//Adding media services access token as claim so it can be accessible within controller
context.AuthenticationTicket.Identity.AddClaim(new Claim(MediaLibraryWebApp.Configuration.ClaimsAmsAcessToken, amsCredentials.AccessToken));
return(Task.FromResult(0));
}
}
});
}
protected void Page_Load(object sender, EventArgs e)
{
//Redirect uri must match the redirect_uri used when requesting Authorization code.
string redirectUri = Properties.Settings.Default.RedirectUrl;
string authorityUri = "https://login.windows.net/common/oauth2/authorize/";
// Get the auth code
string code = Request.Params.GetValues(0)[0];
// Get auth token from auth code
TokenCache TC = new TokenCache();
AuthenticationContext AC = new AuthenticationContext(authorityUri, TC);
ClientCredential cc = new ClientCredential
(Properties.Settings.Default.ClientID,
Properties.Settings.Default.ClientSecretKey);
AuthenticationResult AR = AC.AcquireTokenByAuthorizationCode(code, new Uri(redirectUri), cc);
//Set Session "authResult" index string to the AuthenticationResult
Session["authResult"] = AR;
//Redirect back to Default.aspx
Response.Redirect("/Default.aspx");
}
public ActionResult Index(string code) {
CustomAuthenticationManager.CacheAuthenticationCode(code);
ClientCredential credential =
new ClientCredential(DemoConstants.ClientId, DemoConstants.ClientSecret);
string resource = DemoConstants.TargetResource;
Uri uriReplyUrl = new Uri(DemoConstants.ClientReplyUrl);
AuthenticationContext authenticationContext = new AuthenticationContext(DemoConstants.urlAuthorizationEndpoint);
AuthenticationResult authenticationResult =
authenticationContext.AcquireTokenByAuthorizationCode(
code,
uriReplyUrl,
credential,
resource);
CustomAuthenticationManager.CacheAuthenticationResult(authenticationResult);
ViewBag.AuthenticationCode = code;
return View(authenticationResult);
}
public ActionResult Token(string code)
{
var authenticationContext = new AuthenticationContext(authority);
var tokenResult = authenticationContext.AcquireTokenByAuthorizationCode(code, new Uri(redirectUrl), new ClientCredential(clientId, clientSecret), resource);
var accessToken = tokenResult.AccessToken;
using (ClientContext ctx = new ClientContext(resource))
{
ctx.ExecutingWebRequest += (object sender, WebRequestEventArgs e) =>
{
e.WebRequestExecutor.RequestHeaders.Add("Authorization", "Bearer " + accessToken);
};
var web = ctx.Web;
ctx.Load(web, a => a.Title, a=>a.CurrentUser);
ctx.ExecuteQuery();
var title = web.Title;
ViewBag.SiteTitle = title;
ViewBag.LoggedUser = web.CurrentUser.Title;
ViewBag.LoggedUserEmail = web.CurrentUser.Email;
}
return View("Index");
}
/// <summary>
/// Acquires an IUserIdentity from Azure Active Directory using the argument authorizationCode.
/// </summary>
/// <param name="authorizationCode">An authorization code provided by Azure Active Directory used to retrieve an IUserIdentity</param>
/// <returns>Returns an IUserIdentity representing a successfully authenticated Azure Active Directory user who has privileges for this configured application</returns>
public static IUserIdentity GetAuthenticatedUserIDentity(string authorizationCode)
{
var authenticationContext = new AuthenticationContext(string.Format("https://login.windows.net/{0}", AAD.TENANT_ID));
var clientCredential = new ClientCredential(AAD.CLIENT_ID, AAD.CLIENT_KEY);
var authenticationResult = authenticationContext.AcquireTokenByAuthorizationCode(authorizationCode, new Uri(AAD.REPLY_URL), clientCredential);
return new UserIdentity(authenticationResult.UserInfo);
}
public void ConfigureAuth(IAppBuilder app) {
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions {
ClientId = SettingsHelper.ClientId,
Authority = SettingsHelper.AzureADAuthority,
Notifications = new OpenIdConnectAuthenticationNotifications() {
AuthorizationCodeReceived = (context) => {
string code = context.Code;
ClientCredential creds = new ClientCredential(SettingsHelper.ClientId, SettingsHelper.ClientSecret);
string userObjectId = context.AuthenticationTicket.Identity.FindFirst(System.IdentityModel.Claims.ClaimTypes.NameIdentifier).Value;
EFADALTokenCache cache = new EFADALTokenCache(userObjectId);
AuthenticationContext authContext = new AuthenticationContext(SettingsHelper.AzureADAuthority, cache);
Uri redirectUri = new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path));
AuthenticationResult authResult = authContext.AcquireTokenByAuthorizationCode(code, redirectUri, creds, SettingsHelper.AzureAdGraphResourceId);
return Task.FromResult(0);
},
AuthenticationFailed = (context) => {
context.HandleResponse();
return Task.FromResult(0);
}
},
TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters {
ValidateIssuer = false
}
});
}
public void ConfigureAuth(IAppBuilder app)
{
ApplicationDbContext db = new ApplicationDbContext();
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = Authority,
PostLogoutRedirectUri = postLogoutRedirectUri,
Notifications = new OpenIdConnectAuthenticationNotifications()
{
// If there is a code in the OpenID Connect response, redeem it for an access token and refresh token, and store those away.
AuthorizationCodeReceived = (context) =>
{
var code = context.Code;
ClientCredential credential = new ClientCredential(clientId, appKey);
string signedInUserID = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value;
AuthenticationContext authContext = new AuthenticationContext(Authority, new ADALTokenCache(signedInUserID));
AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode(
code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, graphResourceId);
return Task.FromResult(0);
}
}
});
}
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
//Configure OpenIDConnect, register callbacks for OpenIDConnect Notifications
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = ConfigHelper.ClientId,
Authority = ConfigHelper.Authority,
PostLogoutRedirectUri = ConfigHelper.PostLogoutRedirectUri,
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthorizationCodeReceived = context =>
{
ClientCredential credential = new ClientCredential(ConfigHelper.ClientId, ConfigHelper.AppKey);
string userObjectId = context.AuthenticationTicket.Identity.FindFirst(Globals.ObjectIdClaimType).Value;
AuthenticationContext authContext = new AuthenticationContext(ConfigHelper.Authority, new TokenDbCache(userObjectId));
AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode(
context.Code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, ConfigHelper.GraphResourceId);
return Task.FromResult(0);
},
AuthenticationFailed = context =>
{
context.HandleResponse();
context.Response.Redirect("/Error/ShowError?signIn=true&errorMessage=" + context.Exception.Message);
return Task.FromResult(0);
}
}
});
}
public AssociationStatusEnum Associate(string state, string code, Uri requestUri)
{
ClientCredential clientCredential = new ClientCredential(Constants.ClientId, Constants.ClientKey);
AuthenticationContext context = new AuthenticationContext("https://login.windows.net/common/");
AuthenticationResult result = context.AcquireTokenByAuthorizationCode(code, requestUri, clientCredential);
return ConvertTemporaryTenantToPermanentTenant(state, result.TenantId);
}
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
//app.UseCookieAuthentication(new CookieAuthenticationOptions {
// CookieManager = new Components.SystemWebCookieManager()
//});
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = MSGraphAPISettings.ClientId,
Authority = MSGraphAPISettings.AADInstance + "common",
TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters
{
// instead of using the default validation (validating against a single issuer value, as we do in line of business apps),
// we inject our own multitenant validation logic
ValidateIssuer = false,
},
Notifications = new OpenIdConnectAuthenticationNotifications()
{
SecurityTokenValidated = (context) =>
{
return Task.FromResult(0);
},
AuthorizationCodeReceived = (context) =>
{
var code = context.Code;
ClientCredential credential = new ClientCredential(
MSGraphAPISettings.ClientId,
MSGraphAPISettings.ClientSecret);
string signedInUserID = context.AuthenticationTicket.Identity.FindFirst(
ClaimTypes.NameIdentifier).Value;
string tenantId = context.AuthenticationTicket.Identity.FindFirst(
"http://schemas.microsoft.com/identity/claims/tenantid").Value;
AuthenticationContext authContext = new AuthenticationContext(
MSGraphAPISettings.AADInstance + tenantId,
new SessionADALCache(signedInUserID));
AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode(
code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)),
credential, MSGraphAPISettings.MicrosoftGraphResourceId);
return Task.FromResult(0);
},
AuthenticationFailed = (context) =>
{
context.OwinContext.Response.Redirect("/Home/Error?message=" + context.Exception.Message);
context.HandleResponse(); // Suppress the exception
return Task.FromResult(0);
}
}
});
}
// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
public void ConfigureAuth(IAppBuilder app)
{
//app.UseWindowsAzureActiveDirectoryBearerAuthentication(
// new WindowsAzureActiveDirectoryBearerAuthenticationOptions
// {
// Audience = ConfigurationManager.AppSettings["ida:Audience"],
// Tenant = ConfigurationManager.AppSettings["ida:Tenant"],
// });
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = Authority,
//PostLogoutRedirectUri = postLogoutRedirectUri,
Notifications = new OpenIdConnectAuthenticationNotifications()
{
//
// If there is a code in the OpenID Connect response, redeem it for an access token and refresh token, and store those away.
//
AuthorizationCodeReceived = (context) =>
{
var code = context.Code;
ClientCredential credential = new ClientCredential(clientId, appKey);
string userObjectID = context.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
AuthenticationContext authContext = new AuthenticationContext(Authority, new NaiveSessionCache(userObjectID));
//AuthenticationContext authContext = new AuthenticationContext(Authority);
//AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode(code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, graphResourceId);
//AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode(code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential);
//string todoListBaseAddress = ConfigurationManager.AppSettings["todo:TodoListBaseAddress"];
AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode(code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, serviceResourceId);
return Task.FromResult(0);
},
AuthenticationFailed = context =>
{
context.HandleResponse();
context.Response.Redirect("/Home/Error?message=" + context.Exception.Message);
return Task.FromResult(0);
}
}
});
}
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
//Implement our own cookie manager to work around the infinite
//redirect loop issue
CookieManager = new SystemWebCookieManager()
});
string clientID = ConfigurationManager.AppSettings["ida:ClientID"];
string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
string tenant = ConfigurationManager.AppSettings["ida:Tenant"];
string clientSecret = ConfigurationManager.AppSettings["ida:AppKey"];
string graphResourceID = ConfigurationManager.AppSettings["ida:GraphResourceID"];
string authority = string.Format(CultureInfo.InvariantCulture, aadInstance, tenant);
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientID,
Authority = authority,
Notifications = new OpenIdConnectAuthenticationNotifications()
{
// when an auth code is received...
AuthorizationCodeReceived = (context) =>
{
// get the OpenID Connect code passed from Azure AD on successful auth
string code = context.Code;
// create the app credentials & get reference to the user
ClientCredential creds = new ClientCredential(clientID, clientSecret);
string signInUserId = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value;
// use the OpenID Connect code to obtain access token & refresh token...
// save those in a persistent store...
AuthenticationContext authContext = new AuthenticationContext(authority, new ADALTokenCache(signInUserId));
// obtain access token for the AzureAD graph
Uri redirectUri = new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path));
AuthenticationResult authResult = authContext.AcquireTokenByAuthorizationCode(code, redirectUri, creds, graphResourceID);
// successful auth
return Task.FromResult(0);
},
AuthenticationFailed = (context) =>
{
context.HandleResponse();
return Task.FromResult(0);
}
}
});
}
private Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedNotification notification)
{
ClientCredential credential = new ClientCredential(ConfigHelper.ClientId, ConfigHelper.AppKey);
string userObjectId = notification.AuthenticationTicket.Identity.FindFirst(Globals.ObjectIdClaimType).Value;
string tenantId = notification.AuthenticationTicket.Identity.FindFirst(Globals.TenantIdClaimType).Value;
AuthenticationContext authContext = new AuthenticationContext(String.Format(CultureInfo.InvariantCulture, ConfigHelper.AadInstance, tenantId), new TokenDbCache(userObjectId));
AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode(
notification.Code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Authority)), credential, ConfigHelper.GraphResourceId);
return Task.FromResult(0);
}
public void ConfigureAuth(IAppBuilder app)
{
ApplicationDbContext db = new ApplicationDbContext();
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = Authority,
PostLogoutRedirectUri = postLogoutRedirectUri,
Notifications = new OpenIdConnectAuthenticationNotifications()
{
// If there is a code in the OpenID Connect response, redeem it for an access token and refresh token, and store those away.
AuthorizationCodeReceived = (context) =>
{
var code = context.Code;
ClientCredential credential = new ClientCredential(clientId, appKey);
string signedInUserID = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value;
AuthenticationContext authContext = new AuthenticationContext(Authority, new ADALTokenCache(signedInUserID));
AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode(
code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, graphResourceId);
// added by [email protected] to the original template
// Getting KeyDelivery Access Token
AuthenticationResult kdAPiresult = authContext.AcquireTokenByAuthorizationCode(
code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, kdResourceId);
string kdAccessToken = kdAPiresult.AccessToken;
System.IdentityModel.Tokens.JwtSecurityToken kdAccessJwtToken = new System.IdentityModel.Tokens.JwtSecurityToken(kdAccessToken);
//context.AuthenticationTicket.Identity.AddClaim(
// new System.Security.Claims.Claim("KdAccessJwtSecurityTokenClaim", kdAccessJwtToken.RawData));
// added by [email protected] to the original template
return Task.FromResult(0);
}
}
});
}
//
// The Client ID is used by the application to uniquely identify itself to Azure AD.
// The App Key is a credential used to authenticate the application to Azure AD. Azure AD supports password and certificate credentials.
// The Metadata Address is used by the application to retrieve the signing keys used by Azure AD.
// The AAD Instance is the instance of Azure, for example public Azure or Azure China.
// The Authority is the sign-in URL of the tenant.
// The Post Logout Redirect Uri is the URL where the user will be redirected after they sign out.
//
// This is the resource ID of the AAD Graph API. We'll need this to request a token to call the Graph API.
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = MediaLibraryWebApp.Configuration.ClientId,
Authority = MediaLibraryWebApp.Configuration.Authority,
PostLogoutRedirectUri = MediaLibraryWebApp.Configuration.PostLogoutRedirectUri,
Notifications = new OpenIdConnectAuthenticationNotifications()
{
//
// If there is a code in the OpenID Connect response, redeem it for an access token and refresh token, and store those away.
//
AuthorizationCodeReceived = (context) =>
{
var code = context.Code;
System.IdentityModel.Tokens.JwtSecurityToken jwtToken = context.JwtSecurityToken;
string userObjectID = context.AuthenticationTicket.Identity.FindFirst(MediaLibraryWebApp.Configuration.ClaimsObjectidentifier).Value;
Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential credential = new Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential(MediaLibraryWebApp.Configuration.ClientId, MediaLibraryWebApp.Configuration.AppKey);
NaiveSessionCache cache = new NaiveSessionCache(userObjectID);
AuthenticationContext authContext = new AuthenticationContext(MediaLibraryWebApp.Configuration.Authority, cache);
//Getting a token to connect with GraphApi later on userProfile page
AuthenticationResult graphAPiresult = authContext.AcquireTokenByAuthorizationCode(code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, MediaLibraryWebApp.Configuration.GraphResourceId);
//Getting a access token which can be used to configure auth restrictions for multiple tentants since audience will be same for each web app requesting this token
//AuthenticationResult kdAPiresult = authContext.AcquireTokenByAuthorizationCode(code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, MediaLibraryWebApp.Configuration.KdResourceId);
//string kdAccessToken = kdAPiresult.AccessToken;
//Initializing MediaServicesCredentials in order to obtain access token to be used to connect
var amsCredentials = new MediaServicesCredentials(MediaLibraryWebApp.Configuration.MediaAccount, MediaLibraryWebApp.Configuration.MediaKey);
//Forces to get access token
amsCredentials.RefreshToken();
//Adding token to a claim so it can be accessible within controller
context.AuthenticationTicket.Identity.AddClaim(new Claim(MediaLibraryWebApp.Configuration.ClaimsSignInJwtToken, jwtToken.RawData));
//Adding media services access token as claim so it can be accessible within controller
context.AuthenticationTicket.Identity.AddClaim(new Claim(MediaLibraryWebApp.Configuration.ClaimsAmsAcessToken, amsCredentials.AccessToken));
return Task.FromResult(0);
}
}
});
}
protected void Page_Load(object sender, EventArgs e)
{
String code = Request["code"];
String error = Request["error"];
String error_description = Request["error_description"];
String resource = Request["resource"];
String state = Request["state"];
// Is this a response to a request we generated? Let's see if the state is carrying an ID we previously saved
// ---if we don't, return an error
if (db.Tenants.FirstOrDefault(a => a.IssValue == state) == null)
{
failedOnBoarding.Visible = true;
errorMessage.Text = error_description;
errorDescription.Text = error_description;
}
else
{
successedOnBoarding.Visible = true;
// ---if the response is indeed from a request we generated
// ------get a token for the Graph, that will provide us with information abut the caller
ClientCredential credential = new ClientCredential(AuthenticationHelper.ClientId, AuthenticationHelper.SharedSecret);
AuthenticationContext authContext = new AuthenticationContext(AuthenticationHelper.AuthorityMultitenant);
AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode(
code, new Uri(Request.Url.GetLeftPart(UriPartial.Path)), credential);
var myTenant = db.Tenants.FirstOrDefault(a => a.IssValue == state);
// if this was an admin consent, save the tenant
if (myTenant.AdminConsented)
{
// ------read the tenantID out of the Graph token and use it to create the issuer string
string issuer = String.Format("https://sts.windows.net/{0}/", result.TenantId);
myTenant.IssValue = issuer;
}
else
//otherwise, remove the temporary entry and save just the user
{
if (db.Users.FirstOrDefault(a => (a.UPN == result.UserInfo.DisplayableId) && (a.TenantID == result.TenantId)) == null)
{
db.Users.Add(new User { UPN = result.UserInfo.DisplayableId, TenantID = result.TenantId });
}
db.Tenants.Remove(myTenant);
}
// remove older, unclaimed entries
DateTime tenMinsAgo = DateTime.Now.Subtract(new TimeSpan(0, 10, 0)); // workaround for Linq to entities
var garbage = db.Tenants.Where(a => (!a.IssValue.StartsWith("https") && (a.Created < tenMinsAgo)));
foreach (Tenant t in garbage)
db.Tenants.Remove(t);
db.SaveChanges();
}
}
public ActionResult CatchCode(string code)
{
AuthenticationContext ac = new AuthenticationContext(string.Format("https://login.windows.net/{0}",
ClaimsPrincipal.Current.FindFirst(TenantIdClaimType).Value));
ClientCredential clcred = new ClientCredential(AppPrincipalId, AppKey);
var ar = ac.AcquireTokenByAuthorizationCode(code,
new Uri("https://localhost:44306/Home/CatchCode"), clcred);
return View();
}
/// <summary>
/// Configures OpenIDConnect Authentication & Adds Custom Application Authorization Logic on User Login.
/// </summary>
/// <param name="app">The application represented by a <see cref="IAppBuilder"/> object.</param>
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
//Configure OpenIDConnect, register callbacks for OpenIDConnect Notifications
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = ConfigHelper.ClientId,
//Authority = String.Format(CultureInfo.InvariantCulture, ConfigHelper.AadInstance, ConfigHelper.Tenant), // For Single-Tenant
Authority = ConfigHelper.CommonAuthority, // For Multi-Tenant
PostLogoutRedirectUri = ConfigHelper.PostLogoutRedirectUri,
// Here, we've disabled issuer validation for the multi-tenant sample. This enables users
// from ANY tenant to sign into the application (solely for the purposes of allowing the sample
// to be run out-of-the-box. For a real multi-tenant app, reference the issuer validation in
// WebApp-MultiTenant-OpenIDConnect-DotNet. If you're running this sample as a single-tenant
// app, you can delete the ValidateIssuer property below.
TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters
{
ValidateIssuer = false, // For Multi-Tenant Only
RoleClaimType = "roles",
},
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthorizationCodeReceived = context =>
{
// Get Access Token for User's Directory
string userObjectId = context.AuthenticationTicket.Identity.FindFirst(Globals.ObjectIdClaimType).Value;
string tenantId = context.AuthenticationTicket.Identity.FindFirst(Globals.TenantIdClaimType).Value;
ClientCredential credential = new ClientCredential(ConfigHelper.ClientId, ConfigHelper.AppKey);
AuthenticationContext authContext = new AuthenticationContext(
String.Format(CultureInfo.InvariantCulture, ConfigHelper.AadInstance, tenantId),
new TokenDbCache(userObjectId));
AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode(
context.Code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)),
credential, ConfigHelper.GraphResourceId);
return Task.FromResult(0);
},
AuthenticationFailed = context =>
{
context.HandleResponse();
context.Response.Redirect("/Error/ShowError?signIn=true&errorMessage=" + context.Exception.Message);
return Task.FromResult(0);
}
}
});
}
private AuthenticationResult GetAccessTokenFromCode(string code)
{
Config c = new Config();
Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext context =
new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext(c.GetValue("authority"));
AuthenticationResult result = context.AcquireTokenByAuthorizationCode(code,
new Uri(c.GetValue("redirectUri")),
new ClientCredential(c.GetValue("clientId"), c.GetValue("clientSecret")),
c.GetValue("resource"));
return(result);
}
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = SettingsHelper.ClientId,
Authority = SettingsHelper.Authority,
Notifications = new OpenIdConnectAuthenticationNotifications()
{
// If there is a code in the OpenID Connect response, redeem it for an access token and refresh token, and store those away.
AuthorizationCodeReceived = (context) =>
{
var code = context.Code;
ClientCredential credential = new ClientCredential(SettingsHelper.ClientId, SettingsHelper.AppKey);
String signInUserId = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value;
AuthenticationContext authContext = new AuthenticationContext(SettingsHelper.Authority, new ADALTokenCache(signInUserId));
AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode(
code,
new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)),
credential, SettingsHelper.MSGraphResource);
return Task.FromResult(0);
},
RedirectToIdentityProvider = (context) =>
{
// This ensures that the address used for sign in and sign out is picked up dynamically from the request
// this allows you to deploy your app (to Azure Web Sites, for example)without having to change settings
// Remember that the base URL of the address used here must be provisioned in Azure AD beforehand.
string appBaseUrl = context.Request.Scheme + "://" + context.Request.Host + context.Request.PathBase;
context.ProtocolMessage.RedirectUri = appBaseUrl + "/";
context.ProtocolMessage.PostLogoutRedirectUri = appBaseUrl;
return Task.FromResult(0);
},
AuthenticationFailed = (context) =>
{
// Suppress the exception if you don't want to see the error
context.HandleResponse();
return Task.FromResult(0);
}
}
});
}
// GET: /TOnboarding/ProcessCode
public ActionResult ProcessCode(string code, string error, string error_description, string resource, string state)
{
// Is this a response to a request we generated? Let's see if the state is carrying an ID we previously saved
// ---if we don't, return an error
if (db.Tenants.FirstOrDefault(a => a.IssValue == state) == null)
{
// TODO: prettify
return View("Error");
}
else
{
// ---if the response is indeed from a request we generated
// ------get a token for the Graph, that will provide us with information abut the caller
ClientCredential credential = new ClientCredential(ConfigurationManager.AppSettings["ida:ClientID"],
ConfigurationManager.AppSettings["ida:Password"]);
string Authority = string.Format("{0}/{1}",
ConfigurationManager.AppSettings["SignOnEndpoint"],
ConfigurationManager.AppSettings["ida:TenantId"]);
AuthenticationContext authContext = new AuthenticationContext(Authority);
AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode(
code, new Uri(Request.Url.GetLeftPart(UriPartial.Path)), credential);
var myTenant = db.Tenants.FirstOrDefault(a => a.IssValue == state);
// if this was an admin consent, save the tenant
if (myTenant.AdminConsented)
{
// ------read the tenantID out of the Graph token and use it to create the issuer string
string issuer = String.Format("{0}/{1}/", ConfigurationManager.AppSettings["SecurityTokenServiceEndpoint"], result.TenantId);
myTenant.IssValue = issuer;
}
else
//otherwise, remove the temporary entry and save just the user
{
if (db.Users.FirstOrDefault(a => (a.UPN == result.UserInfo.DisplayableId) && (a.TenantID == result.TenantId)) == null)
{
db.Users.Add(new User { UPN = result.UserInfo.DisplayableId, TenantID = result.TenantId });
}
db.Tenants.Remove(myTenant);
}
// remove older, unclaimed entries
DateTime tenMinsAgo = DateTime.Now.Subtract(new TimeSpan(0, 10, 0)); // workaround for Linq to entities
var garbage = db.Tenants.Where(a => (!a.IssValue.StartsWith("https") && (a.Created < tenMinsAgo)));
foreach (Tenant t in garbage)
db.Tenants.Remove(t);
db.SaveChanges();
// ------return a view claiming success, inviting the user to sign in
return View();
}
}
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
//configure the OWIN OpenID Connect options
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
ClientId = SettingsHelper.ClientId,
Authority = SettingsHelper.AzureADAuthority,
Notifications = new OpenIdConnectAuthenticationNotifications()
{
// when an auth code is received
AuthorizationCodeReceived = (context) =>
{
// get the openid connect code passed from azure ad on a successful auth
string code = context.Code;
// create app cred & get the user
ClientCredential creds = new ClientCredential(SettingsHelper.ClientId, SettingsHelper.ClientSecret);
string userObjectId =
context.AuthenticationTicket.Identity.FindFirst(System.IdentityModel.Claims.ClaimTypes.NameIdentifier)
.Value;
// get access & refresh token
EFADALTokenCache cache = new EFADALTokenCache(userObjectId);
AuthenticationContext authContext = new AuthenticationContext(SettingsHelper.AzureADAuthority,
cache);
// obtain access token for the azure ad graph
Uri redirectUri = new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path));
AuthenticationResult authResult = authContext.AcquireTokenByAuthorizationCode(
code, redirectUri, creds, SettingsHelper.AzureAdGraphResourceId);
// success auth
return(Task.FromResult(0));
},
AuthenticationFailed = (context) =>
{
context.HandleResponse();
return(Task.FromResult(0));
}
},
TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuer = false
}
});
}
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
//configure the OWIN OpenID Connect options
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
ClientId = SettingsHelper.ClientId,
Authority = SettingsHelper.AzureADAuthority,
Notifications = new OpenIdConnectAuthenticationNotifications()
{
// when an auth code is received
AuthorizationCodeReceived = (context) =>
{
// get the openid connect code passed from azure ad on a successful auth
string code = context.Code;
// create app cred & get the user
ClientCredential creds = new ClientCredential(SettingsHelper.ClientId, SettingsHelper.ClientSecret);
string userObjectId =
context.AuthenticationTicket.Identity.FindFirst(System.IdentityModel.Claims.ClaimTypes.NameIdentifier)
.Value;
// get access & refresh token
EFADALTokenCache cache = new EFADALTokenCache(userObjectId);
AuthenticationContext authContext = new AuthenticationContext(SettingsHelper.AzureADAuthority,
cache);
// obtain access token for the azure ad graph
Uri redirectUri = new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path));
AuthenticationResult authResult = authContext.AcquireTokenByAuthorizationCode(
code, redirectUri, creds, SettingsHelper.AzureAdGraphResourceId);
// success auth
return Task.FromResult(0);
},
AuthenticationFailed = (context) =>
{
context.HandleResponse();
return Task.FromResult(0);
}
},
TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuer = false
}
});
}
public void ConfigureAuth(IAppBuilder app)
{
#region WebAPI
app.UseWindowsAzureActiveDirectoryBearerAuthentication(
new WindowsAzureActiveDirectoryBearerAuthenticationOptions
{
Tenant = tenant,
TokenValidationParameters = new TokenValidationParameters
{
ValidAudience = resourceId,
AuthenticationType = "OAuth2Bearer"
},
});
#endregion
#region Web-based login
ApplicationDbContext db = new ApplicationDbContext();
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = Authority,
PostLogoutRedirectUri = postLogoutRedirectUri,
Notifications = new OpenIdConnectAuthenticationNotifications()
{
// If there is a code in the OpenID Connect response, redeem it for an access token and refresh token, and store those away.
AuthorizationCodeReceived = (context) =>
{
var code = context.Code;
ClientCredential credential = new ClientCredential(clientId, appKey);
string signedInUserID = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value;
Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext authContext =
new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext(Authority, new ADALTokenCache(signedInUserID));
AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode(
code, new System.Uri(System.Web.HttpContext.Current.Request.Url.GetLeftPart(System.UriPartial.Path)), credential, graphResourceId);
return(System.Threading.Tasks.Task.FromResult(0));
}
}
});
#endregion
}
public Tokens GetTokens(Client client, ClientSecret clientSecret, Token token, string redirectUri)
{
var tokenCache = new TokenCache();
var authenticationContext = new AuthenticationContext(AuthorityUri, tokenCache);
var clientCredential = new ClientCredential(client, clientSecret);
var result = authenticationContext.AcquireTokenByAuthorizationCode(token, new Uri(redirectUri), clientCredential);
var tokens = new Tokens
{
AccessToken = result.AccessToken,
RefreshToken = result.RefreshToken,
ExpiresOn = result.ExpiresOn
};
return tokens;
}
/// <summary>
/// WEBAPP and WEBAPI are in a different AAD APP
/// Use this method if this app is protected by ADD-Application: CalcEnterpriseClient
/// Authenticate by requesting a bearer token for the user and the backend service
/// CalcEnterpriseAPI app => (IMPERSONATION - Webapi will have Caller Details in Claims not just Service Principal)!
/// </summary>
/// <param name="code"></param>
/// <returns></returns>
public ActionResult Index_OtherAAD(string code)
{
SessionTalk[] contacts = null;
string _ClientID = "<CalcEnterpriseClient AAD CLientID>"; // CalcEnterpriseClient - Client ID
string _ClientSecret = "<CalcEnterpriseClient AAD App Secret/Key>"; // CalcEnterpriseClient - Client Secret
string _Ressource = "<CalcEnterpriseAPI AAD CLientID>"; // CalcEnterpriseAPI - Client ID to be used if we call from middle tier!
if (String.IsNullOrEmpty(code))
{
string authorizationUrl = string.Format(
"https://login.windows.net/{0}/oauth2/authorize?" +
"api-version=1.0&" +
"response_type=code&" +
"client_id={1}&" +
"resource={2}&" +
"redirect_uri={3}",
ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value,
_ClientID,
_Ressource,
Request.Url.ToString()
);
return(new RedirectResult(authorizationUrl));
}
else
{
Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext ac =
new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext(string.Format("https://login.windows.net/{0}",
ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value));
ClientCredential clcred =
new ClientCredential(_ClientID, _ClientSecret);
var ar = ac.AcquireTokenByAuthorizationCode(code,
new Uri(Request.Url.ToString().Replace(Request.Url.Query, "")), clcred);
using (HttpClient client = new HttpClient())
{
client.BaseAddress = new
Uri(C_BASE_SERVICE_URI);
client.DefaultRequestHeaders.Add("Ocp-Apim-Subscription-Key", C_CALC_API_SUBSCRIPTION_KEY);
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(ar.AccessTokenType, ar.AccessToken);
var json = client.GetStringAsync(C_SERVICE_PATH).Result;
contacts = JsonConvert.DeserializeObject <SessionTalk[]>(json);
}
return(View(contacts));
}
}
public void ConfigureAuth(IAppBuilder app)
{
ApplicationDbContext db = new ApplicationDbContext();
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
OpenIdConnectAuthenticationOptions options = new OpenIdConnectAuthenticationOptions();
options.ClientId = SettingsHelper.ClientId;
options.Authority = SettingsHelper.AzureADAuthority;
options.PostLogoutRedirectUri = SettingsHelper.LogoutAuthority;
OpenIdConnectAuthenticationNotifications notifications = new OpenIdConnectAuthenticationNotifications();
notifications.AuthorizationCodeReceived = (context) =>
{
string code = context.Code;
AuthenticationHelper authHelper = new AuthenticationHelper();
String signInUserId = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value;
AuthenticationContext authContext = new AuthenticationContext(SettingsHelper.AzureADAuthAuthority);
AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode(code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), authHelper.GetClientAssertionCertificate(), null);
return Task.FromResult(0);
};
notifications.RedirectToIdentityProvider = (context) =>
{
string appBaseUrl = context.Request.Scheme + "://" + context.Request.Host + context.Request.PathBase;
context.ProtocolMessage.RedirectUri = appBaseUrl + "/";
context.ProtocolMessage.PostLogoutRedirectUri = appBaseUrl;
return Task.FromResult(0);
};
notifications.AuthenticationFailed = (context) =>
{
context.HandleResponse();
return Task.FromResult(0);
};
options.Notifications = notifications;
app.UseOpenIdConnectAuthentication(options);
}
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
ClientId = SettingsHelper.ClientId,
Authority = SettingsHelper.AzureADAuthority,
Notifications = new OpenIdConnectAuthenticationNotifications()
{
AuthorizationCodeReceived = (context) =>
{
var code = context.Code;
var creds = new ClientCredential(SettingsHelper.ClientId, SettingsHelper.ClientSecret);
var userObjectId = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value;
//var tokenCache = new NaiveSessionCache(userObjectId);
var tokenCache = new EFADALTokenCache(userObjectId);
var authContext = new AuthenticationContext(SettingsHelper.AzureADAuthority, tokenCache);
var redirectUri = new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path));
var authResult = authContext.AcquireTokenByAuthorizationCode(
code, redirectUri, creds, SettingsHelper.GraphResourceId);
return Task.FromResult(0);
},
AuthenticationFailed = (context) =>
{
context.HandleResponse();
return Task.FromResult(0);
},
RedirectToIdentityProvider = (context) =>
{
// This ensures that the address used for sign in and sign out is picked up dynamically from the request
// this allows you to deploy your app (to Azure Web Sites, for example) without having to change settings
// Remember that the base URL of the address used here must be provisioned in Azure AD beforehand.
string appBaseUrl = context.Request.Scheme + "://" + context.Request.Host + context.Request.PathBase;
context.ProtocolMessage.RedirectUri = appBaseUrl + "/";
context.ProtocolMessage.PostLogoutRedirectUri = appBaseUrl;
return Task.FromResult(0);
}
},
TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters
{
ValidateIssuer = false
}
});
}
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = authority,
TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters
{
// instead of using the default validation (validating against a single issuer value, as we do in line of business apps),
// we inject our own multitenant validation logic
ValidateIssuer = false,
},
Notifications = new OpenIdConnectAuthenticationNotifications()
{
AuthorizationCodeReceived = (context) =>
{
var code = context.Code;
ClientCredential credential = new ClientCredential(clientId, appKey);
string tenantID = context.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
string signedInUserID = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value;
AuthenticationContext authContext = new AuthenticationContext(aadInstance + tenantID, new NaiveSessionCache(signedInUserID));
AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode(
code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, asaResourceId);
return Task.FromResult(0);
},
RedirectToIdentityProvider = (context) =>
{
// This ensures that the address used for sign in and sign out is picked up dynamically from the request
// this allows you to deploy your app (to Azure Web Sites, for example)without having to change settings
// Remember that the base URL of the address used here must be provisioned in Azure AD beforehand.
string appBaseUrl = context.Request.Scheme + "://" + context.Request.Host + context.Request.PathBase;
context.ProtocolMessage.RedirectUri = appBaseUrl + "/";
context.ProtocolMessage.PostLogoutRedirectUri = appBaseUrl;
return Task.FromResult(0);
},
}
});
}
public void ConfigureAuth(IAppBuilder app)
{
ApplicationDbContext db = new ApplicationDbContext();
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = Authority,
PostLogoutRedirectUri = postLogoutRedirectUri,
TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters
{
// instead of using the default validation (validating against a single issuer value, as we do in line of business apps),
// we inject our own multitenant validation logic
ValidateIssuer = false,
},
Notifications = new OpenIdConnectAuthenticationNotifications()
{
// If there is a code in the OpenID Connect response, redeem it for an access token and refresh token, and store those away.
AuthorizationCodeReceived = (context) =>
{
var code = context.Code;
ClientCredential credential = new ClientCredential(clientId, appKey);
string signedInUserID = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value;
AuthenticationContext authContext = new AuthenticationContext(Authority, new ADALTokenCache(signedInUserID));
AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode(
code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, graphResourceId);
//cache the token in session state
HttpContext.Current.Session[SettingsHelper.UserTokenCacheKey] = result;
return Task.FromResult(0);
},
RedirectToIdentityProvider = (context) =>
{
FormDataCookie cookie = new FormDataCookie(SettingsHelper.SavedFormDataName);
cookie.SaveRequestFormToCookie();
return Task.FromResult(0);
}
}
});
}
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = MSGraphAPIDemoSettings.ClientId,
Authority = MSGraphAPIDemoSettings.Authority,
PostLogoutRedirectUri = MSGraphAPIDemoSettings.PostLogoutRedirectUri,
Notifications = new OpenIdConnectAuthenticationNotifications()
{
SecurityTokenValidated = (context) =>
{
return Task.FromResult(0);
},
AuthorizationCodeReceived = (context) =>
{
var code = context.Code;
ClientCredential credential = new ClientCredential(
MSGraphAPIDemoSettings.ClientId,
MSGraphAPIDemoSettings.ClientSecret);
string signedInUserID = context.AuthenticationTicket.Identity.FindFirst(
ClaimTypes.NameIdentifier).Value;
AuthenticationContext authContext = new AuthenticationContext(
MSGraphAPIDemoSettings.Authority,
new SessionADALCache(signedInUserID));
AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode(
code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)),
credential, MSGraphAPIDemoSettings.MicrosoftGraphResourceId);
return Task.FromResult(0);
},
AuthenticationFailed = (context) =>
{
context.OwinContext.Response.Redirect("/Home/Error");
context.HandleResponse(); // Suppress the exception
return Task.FromResult(0);
}
}
});
}
public string CompleteOAuthFlow(AuthorizationParameters parameters) {
try
{
ClientCredential credential = new ClientCredential(AppConstants.OneDriveClientId, AppConstants.OneDriveClientSecret);
string authority = string.Format(CultureInfo.InvariantCulture, OAuthUrl, "common");
AuthenticationContext authContext = new AuthenticationContext(authority);
AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode(
parameters.Code, new Uri(RedirectUrl.GetLeftPart(UriPartial.Path)), credential);
// Cache the access token and refresh token
Storage.OneDrive.RefreshToken = result.RefreshToken;
return "OAuth succeeded";
}
catch (Exception ex)// ActiveDirectoryAuthenticationException ex)
{
return "OAuth failed. " + ex.ToString();
}
}
//
// This method will be invoked as a call-back from an authentication service (e.g., https://login.windows.net/).
// It is not intended to be called directly, only as a redirect from the authorization request in UserProfileController.
// On completion, the method will cache the refresh token and access tokens, and redirect to the URL
// specified in the state parameter.
//
public ActionResult Index(string code, string error, string error_description, string resource, string state)
{
string userObjectID = ClaimsPrincipal.Current.FindFirst("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier").Value;
// NOTE: In production, OAuth must be done over a secure HTTPS connection.
if (Request.Url.Scheme != "https" && !Request.Url.IsLoopback)
return View("Error");
// Ensure there is a state value on the response. If there is none, stop OAuth processing and display an error.
if (state == null) {
ViewBag.ErrorMessage = "Error Generating State.";
return View("Error");
}
// Handle errors from the OAuth response, if any. If there are errors, stop OAuth processing and display an error.
if (error != null)
return View("Error");
string redirectUri = ValidateState(state, userObjectID);
if (redirectUri == null) {
ViewBag.ErrorMessage = "Error Validating State.";
return View("Error");
}
// Redeem the authorization code from the response for an access token and refresh token.
try
{
ClientCredential credential = new ClientCredential(Startup.clientId, Startup.appKey);
AuthenticationContext authContext = new AuthenticationContext(Startup.Authority, new TokenDbCache(userObjectID));
AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode(
code, new Uri(Request.Url.GetLeftPart(UriPartial.Path)), credential, Startup.graphResourceId);
// Return to the originating page where the user triggered the sign-in
return Redirect(redirectUri);
}
catch (Exception e)
{
return Redirect("/UserProfile/Index?authError=token");
}
}
//
// The Client ID is used by the application to uniquely identify itself to Azure AD.
// The App Key is a credential used to authenticate the application to Azure AD. Azure AD supports password and certificate credentials.
// The Metadata Address is used by the application to retrieve the signing keys used by Azure AD.
// The AAD Instance is the instance of Azure, for example public Azure or Azure China.
// The Authority is the sign-in URL of the tenant.
// The Post Logout Redirect Uri is the URL where the user will be redirected after they sign out.
//
// This is the resource ID of the AAD Graph API. We'll need this to request a token to call the Graph API.
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = MediaLibraryWebApp.Configuration.ClientId,
Authority = MediaLibraryWebApp.Configuration.Authority,
PostLogoutRedirectUri = MediaLibraryWebApp.Configuration.PostLogoutRedirectUri,
Notifications = new OpenIdConnectAuthenticationNotifications()
{
//
// If there is a code in the OpenID Connect response, redeem it for an access token and refresh token, and store those away.
//
AuthorizationCodeReceived = (context) =>
{
var code = context.Code;
ClientCredential credential = new ClientCredential(MediaLibraryWebApp.Configuration.ClientId, MediaLibraryWebApp.Configuration.AppKey);
string userObjectID = context.AuthenticationTicket.Identity.FindFirst(MediaLibraryWebApp.Configuration.ClaimsObjectidentifier).Value;
AuthenticationContext authContext = new AuthenticationContext(MediaLibraryWebApp.Configuration.Authority, new NaiveSessionCache(userObjectID));
AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode(code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, MediaLibraryWebApp.Configuration.GraphResourceId);
//Initializing MediaServicesCredentials in order to obtain access token to be used to connect
var amsCredentials = new MediaServicesCredentials(MediaLibraryWebApp.Configuration.MediaAccount, MediaLibraryWebApp.Configuration.MediaKey);
//Forces to get access token
amsCredentials.RefreshToken();
//Adding token to a claim so it can be accessible within controller
context.AuthenticationTicket.Identity.AddClaim(new Claim(MediaLibraryWebApp.Configuration.ClaimsJwtToken, result.AccessToken));
context.AuthenticationTicket.Identity.AddClaim(new Claim(MediaLibraryWebApp.Configuration.ClaimsAmsAcessToken, amsCredentials.AccessToken));
return(Task.FromResult(0));
}
}
});
}
public void ConfigureAuth(IAppBuilder app)
{
app.UseWindowsAzureActiveDirectoryBearerAuthentication(
new WindowsAzureActiveDirectoryBearerAuthenticationOptions
{
Tenant = ConfigurationManager.AppSettings["ida:Domain"],
TokenValidationParameters = new TokenValidationParameters
{
ValidAudience = ConfigurationManager.AppSettings["ida:Audience"]
},
});
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = Authority,
PostLogoutRedirectUri = postLogoutRedirectUri,
Notifications = new OpenIdConnectAuthenticationNotifications()
{
// If there is a code in the OpenID Connect response, redeem it for an access token and refresh token, and store those away.
AuthorizationCodeReceived = (context) =>
{
var code = context.Code;
ClientCredential credential = new ClientCredential(clientId, appKey);
string signedInUserID = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value;
Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext authContext =
new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext(Authority, new MemoryADALCache(signedInUserID));
AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode(
code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, graphResourceId);
return(Task.FromResult(0));
}
}
});
}
public ActionResult Index()
{
if (AzureAuthenticationHelper.IsAuthenticated())
{
return this.RedirectToAction("Transfer");
}
var values = this.Request.QueryString["code"];
if (values != null)
{
string code = values;
AuthenticationContext ac = new AuthenticationContext(PersonalConfigurationManager.AppSettings["AzureAuthorityUri"]);
ClientCredential cc = new ClientCredential(PersonalConfigurationManager.AppSettings["AzureClientId"], PersonalConfigurationManager.AppSettings["AzureKey"]);
AuthenticationResult ar = ac.AcquireTokenByAuthorizationCode(code, new Uri(PersonalConfigurationManager.AppSettings["AzureRedirectUrl"]), cc);
AzureAuthenticationHelper.SetSession(ar);
return this.RedirectToAction("Transfer");
}
return this.View();
}
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
Client_Id = clientId,
Authority = authority,
Post_Logout_Redirect_Uri = postLogoutRedirectUri,
Notifications = new OpenIdConnectAuthenticationNotifications()
{
//
// If there is a code in the OpenID Connect response, redeem it for an access token and refresh token, and store those away.
//
AccessCodeReceived = (context) =>
{
var code = context.Code;
ClientCredential credential = new ClientCredential(clientId, appKey);
AuthenticationContext authContext = new AuthenticationContext(authority);
AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode(
code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, graphResourceId);
// Cache the access token and refresh token
TokenCacheUtils.SaveAccessTokenInCache(graphResourceId, result.AccessToken, (result.ExpiresOn.AddMinutes(-5)).ToString());
TokenCacheUtils.SaveRefreshTokenInCache(result.RefreshToken);
return Task.FromResult(0);
}
}
});
}
public void ConfigureAuth(IAppBuilder app)
{
ApplicationDbContext db = new ApplicationDbContext();
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = Authority,
PostLogoutRedirectUri = postLogoutRedirectUri,
TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuer = false,
RoleClaimType = "roles"
},
Notifications = new OpenIdConnectAuthenticationNotifications()
{
// If there is a code in the OpenID Connect response, redeem it for an access token and refresh token, and store those away.
AuthorizationCodeReceived = (context) =>
{
var code = context.Code;
ClientCredential credential = new ClientCredential(clientId, appKey);
string signedInUserID = context.AuthenticationTicket.Identity.FindFirst(System.IdentityModel.Claims.ClaimTypes.NameIdentifier).Value;
Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext authContext = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext(Authority, new ADALTokenCache(signedInUserID));
AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode(
code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, graphResourceId);
return(Task.FromResult(0));
}
}
});
}
