// GET: MyFiles
public async Task<ActionResult> Index()
{
List<MyFile> myFiles = new List<MyFile>();
var signInUserId = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value;
var userObjectId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
var tenantId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
AuthenticationContext authContext = new AuthenticationContext(string.Format(AADAppSettings.AuthorizationUri, tenantId), new ADALTokenCache(signInUserId));
try
{
DiscoveryClient discClient = new DiscoveryClient(AADAppSettings.DiscoveryServiceEndpointUri,
async () =>
{
var authResult = await authContext.AcquireTokenSilentAsync(AADAppSettings.DiscoveryServiceResourceId, new ClientCredential(AADAppSettings.ClientId, AADAppSettings.AppKey), new UserIdentifier(userObjectId, UserIdentifierType.UniqueId));
return authResult.AccessToken;
});
var dcr = await discClient.DiscoverCapabilityAsync("MyFiles");
ViewBag.ResourceId = dcr.ServiceResourceId;
SharePointClient spClient = new SharePointClient(dcr.ServiceEndpointUri,
async () =>
{
var authResult = await authContext.AcquireTokenSilentAsync(dcr.ServiceResourceId, new ClientCredential(AADAppSettings.ClientId, AADAppSettings.AppKey), new UserIdentifier(userObjectId, UserIdentifierType.UniqueId));
return authResult.AccessToken;
});
var filesResult = await spClient.Files.ExecuteAsync();
do
{
var files = filesResult.CurrentPage.OfType<File>();
foreach (var file in files)
{
myFiles.Add(new MyFile { Name = file.Name });
}
filesResult = await filesResult.GetNextPageAsync();
} while (filesResult != null);
}
catch (AdalException exception)
{
//handle token acquisition failure
if (exception.ErrorCode == AdalError.FailedToAcquireTokenSilently)
{
authContext.TokenCache.Clear();
ViewBag.ErrorMessage = "AuthorizationRequired";
}
}
return View(myFiles);
}
private async Task<OutlookServicesClient> EnsureClientCreated() {
// fetch from stuff user claims
var signInUserId = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value;
var userObjectId = ClaimsPrincipal.Current.FindFirst(SettingsHelper.ClaimTypeObjectIdentifier).Value;
// discover contact endpoint
var clientCredential = new ClientCredential(SettingsHelper.ClientId, SettingsHelper.ClientSecret);
var userIdentifier = new UserIdentifier(userObjectId, UserIdentifierType.UniqueId);
// create auth context
AuthenticationContext authContext = new AuthenticationContext(SettingsHelper.AzureADAuthority, new EFADALTokenCache(signInUserId));
// create O365 discovery client
DiscoveryClient discovery = new DiscoveryClient(new Uri(SettingsHelper.O365DiscoveryServiceEndpoint),
async () => {
var authResult = await authContext.AcquireTokenSilentAsync(SettingsHelper.O365DiscoveryResourceId, clientCredential, userIdentifier);
return authResult.AccessToken;
});
// query discovery service for endpoint for 'calendar' endpoint
CapabilityDiscoveryResult dcr = await discovery.DiscoverCapabilityAsync("Contacts");
// create an OutlookServicesclient
return new OutlookServicesClient(dcr.ServiceEndpointUri,
async () => {
var authResult =
await
authContext.AcquireTokenSilentAsync(dcr.ServiceResourceId, clientCredential, userIdentifier);
return authResult.AccessToken;
});
}
private async Task InitOneNoteRestConnection() {
// fetch from stuff user claims
var signInUserId = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value;
var userObjectId = ClaimsPrincipal.Current.FindFirst(SettingsHelper.ClaimTypeObjectIdentifier).Value;
// discover onenote endpoint
var clientCredential = new ClientCredential(SettingsHelper.ClientId, SettingsHelper.ClientSecret);
var userIdentifier = new UserIdentifier(userObjectId, UserIdentifierType.UniqueId);
// create auth context
AuthenticationContext authContext = new AuthenticationContext(SettingsHelper.AzureADAuthority, new EFADALTokenCache(signInUserId));
// authenticate with directory service
var discoClient = new DiscoveryClient(new Uri(SettingsHelper.O365DiscoveryServiceEndpoint),
async () => {
var authResult = await authContext.AcquireTokenSilentAsync(SettingsHelper.O365DiscoveryResourceId, clientCredential, userIdentifier);
return authResult.AccessToken;
});
// query discovery service for endpoint for onenote endpoint
var discoCapabilityResult = await discoClient.DiscoverCapabilityAsync("Notes");
// get details around onedrive endpoint (replace 1.0 with 2.0 for the new REST API)
_oneNoteResourceId = discoCapabilityResult.ServiceResourceId;
_oneNoteEndpoint = discoCapabilityResult.ServiceEndpointUri.ToString();
var accessToken = (await authContext.AcquireTokenSilentAsync(_oneNoteResourceId, clientCredential, userIdentifier)).AccessToken;
// set the access token on all requests for onenote API
_client.DefaultRequestHeaders.Add("Authorization", "Bearer " + accessToken);
return;
}
private static async Task<SharePointClient> GetSharePointClient()
{
string signInUserId = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value;
string userObjectId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
string tenantId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
AuthenticationContext authContext = new AuthenticationContext(string.Format("{0}/{1}", SettingsHelper.AuthorizationUri, tenantId), new ADALTokenCache(signInUserId));
DiscoveryClient discovery = new DiscoveryClient(SettingsHelper.DiscoveryServiceEndpointUri,
async () =>
{
var authResult = await authContext.AcquireTokenSilentAsync(SettingsHelper.DiscoveryServiceResourceId, new ClientCredential(SettingsHelper.ClientId, SettingsHelper.ClientSecret), new UserIdentifier(userObjectId, UserIdentifierType.UniqueId));
return authResult.AccessToken;
});
CapabilityDiscoveryResult capability = await discovery.DiscoverCapabilityAsync(SettingsHelper.Capability);
SharePointClient client = new SharePointClient(capability.ServiceEndpointUri,
async () =>
{
var authResult = await authContext.AcquireTokenSilentAsync(capability.ServiceResourceId, new ClientCredential(SettingsHelper.ClientId, SettingsHelper.ClientSecret), new UserIdentifier(userObjectId, UserIdentifierType.UniqueId));
return authResult.AccessToken;
});
return client;
}
// GET: Contacts
public async Task<ActionResult> Index()
{
List<MyContact> myContacts = new List<MyContact>();
var signInUserId = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value;
var userObjectId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
AuthenticationContext authContext = new AuthenticationContext(SettingsHelper.Authority, new ADALTokenCache(signInUserId));
try
{
DiscoveryClient discClient = new DiscoveryClient(SettingsHelper.DiscoveryServiceEndpointUri,
async () =>
{
var authResult = await authContext.AcquireTokenSilentAsync(SettingsHelper.DiscoveryServiceResourceId, new ClientCredential(SettingsHelper.ClientId, SettingsHelper.AppKey), new UserIdentifier(userObjectId, UserIdentifierType.UniqueId));
return authResult.AccessToken;
});
var dcr = await discClient.DiscoverCapabilityAsync("Contacts");
OutlookServicesClient exClient = new OutlookServicesClient(dcr.ServiceEndpointUri,
async () =>
{
var authResult = await authContext.AcquireTokenSilentAsync(dcr.ServiceResourceId, new ClientCredential(SettingsHelper.ClientId, SettingsHelper.AppKey), new UserIdentifier(userObjectId, UserIdentifierType.UniqueId));
return authResult.AccessToken;
});
var contactsResult = await exClient.Me.Contacts.ExecuteAsync();
do
{
var contacts = contactsResult.CurrentPage;
foreach (var contact in contacts)
{
myContacts.Add(new MyContact { Name = contact.DisplayName });
}
contactsResult = await contactsResult.GetNextPageAsync();
} while (contactsResult != null);
}
catch (AdalException exception)
{
//handle token acquisition failure
if (exception.ErrorCode == AdalError.FailedToAcquireTokenSilently)
{
authContext.TokenCache.Clear();
//handle token acquisition failure
}
}
return View(myContacts);
}
public async Task<ActionResult> Index()
{
try
{
var signedInUserId = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value;
var userObjectIdClaim = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier");
var userObjectId = userObjectIdClaim != null ? userObjectIdClaim.Value : signedInUserId;
string tenantId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
string authority = string.Format(Startup.AuthorityFormat, tenantId);
AuthenticationContext authContext = new AuthenticationContext(authority, new NaiveSessionCache(signedInUserId));
AuthenticationResult authenticationResult;
if (Startup.Certificate == null)
{
ClientCredential credential = new ClientCredential(clientId, appKey);
authenticationResult = await authContext.AcquireTokenSilentAsync(nugetServiceResourceId, credential, new UserIdentifier(userObjectId, UserIdentifierType.UniqueId));
}
else
{
ClientAssertionCertificate clientAssertionCertificate = new ClientAssertionCertificate(clientId, Startup.Certificate);
authenticationResult = await authContext.AcquireTokenSilentAsync(nugetServiceResourceId, clientAssertionCertificate, new UserIdentifier(userObjectId, UserIdentifierType.UniqueId));
}
HttpClient client = new HttpClient();
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, nugetPublishServiceBaseAddress + "/domains");
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", authenticationResult.AccessToken);
HttpResponseMessage response = await client.SendAsync(request);
if (response.IsSuccessStatusCode)
{
string json = await response.Content.ReadAsStringAsync();
JArray result = JArray.Parse(json);
PublishModel model = new PublishModel();
foreach (string s in result.Values().Select(jtoken => jtoken.ToString()))
{
model.Domains.Add(s);
}
return View(model);
}
else
{
return View(new PublishModel { Message = "Unable to load list of domains" });
}
}
catch (AdalSilentTokenAcquisitionException)
{
//TODO: this isn't quite right
HttpContext.GetOwinContext().Authentication.Challenge(OpenIdConnectAuthenticationDefaults.AuthenticationType);
return View(new PublishModel { Message = "AuthorizationRequired" });
}
}
// GET: User
//public ActionResult Index()
//{
// return View();
//}
internal static async Task<SharePointClient> EnsureSharePointClientCreatedAsync()
{
string _clientId = ConfigurationManager.AppSettings["ida:ClientId"];
string _clientSecret = ConfigurationManager.AppSettings["ida:ClientSecret"];
string _tenantId = ConfigurationManager.AppSettings["ida:TenantID"];
string _aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
string _authority = _aadInstance + _tenantId;
string _discoverySvcEndpointUriStr = "https://api.office.com/discovery/v1.0/me/";
Uri _discoverySvcEndpointUri = new Uri(_discoverySvcEndpointUriStr);
string _discoverySvcResourceId = "https://api.office.com/discovery/";
var signInUserId = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value;
var userObjectId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
AuthenticationContext authContext = new AuthenticationContext(_authority, new ADALTokenCache(signInUserId));
try
{
DiscoveryClient discClient = new DiscoveryClient(_discoverySvcEndpointUri,
async () =>
{
var authResult = await authContext.AcquireTokenSilentAsync(_discoverySvcResourceId,
new ClientCredential(_clientId,
_clientSecret),
new UserIdentifier(userObjectId,
UserIdentifierType.UniqueId));
return authResult.AccessToken;
});
var dcr = await discClient.DiscoverCapabilityAsync("MyFiles");
return new SharePointClient(dcr.ServiceEndpointUri,
async () =>
{
var authResult = await authContext.AcquireTokenSilentAsync(dcr.ServiceResourceId,
new ClientCredential(_clientId,
_clientSecret),
new UserIdentifier(userObjectId,
UserIdentifierType.UniqueId));
return authResult.AccessToken;
});
}
catch (AdalException exception)
{
//Partially handle token acquisition failure here and bubble it up to the controller
if (exception.ErrorCode == AdalError.FailedToAcquireTokenSilently)
{
authContext.TokenCache.Clear();
throw exception;
}
return null;
}
}
public async Task<ActionResult> Sites()
{
List<SearchResult> results = new List<SearchResult>();
var signInUserId = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value;
var userObjectId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
var tenantId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
AuthenticationContext authContext = new AuthenticationContext(string.Format("{0}/{1}", SettingsHelper.AuthorizationUri, tenantId), new ADALTokenCache(signInUserId));
try
{
DiscoveryClient discClient = new DiscoveryClient(SettingsHelper.DiscoveryServiceEndpointUri,
async () =>
{
var authResultDisc = await authContext.AcquireTokenSilentAsync(SettingsHelper.DiscoveryServiceResourceId, new ClientCredential(SettingsHelper.ClientId, SettingsHelper.AppKey), new UserIdentifier(userObjectId, UserIdentifierType.UniqueId));
return authResultDisc.AccessToken;
});
var dcr = await discClient.DiscoverCapabilityAsync("RootSite");
ViewBag.ResourceId = dcr.ServiceResourceId;
var authResultSharePoint = await authContext.AcquireTokenSilentAsync(dcr.ServiceResourceId,
new ClientCredential(SettingsHelper.ClientId, SettingsHelper.AppKey), new UserIdentifier(userObjectId, UserIdentifierType.UniqueId));
var sharePointToken = authResultSharePoint.AccessToken;
results.Add(new SearchResult
{
Title = "Root Site",
Path = dcr.ServiceResourceId,
});
var query = "/search/query?querytext='contentclass:sts_site'&trimduplicates=true&rowlimit=50&SelectProperties='WebTemplate,Title,Path,SiteLogo,contentclass'";
await ExecuteSearchQuery(results, dcr, sharePointToken, query);
}
catch (AdalException exception)
{
//handle token acquisition failure
if (exception.ErrorCode == AdalError.FailedToAcquireTokenSilently)
{
authContext.TokenCache.Clear();
ViewBag.ErrorMessage = "AuthorizationRequired";
}
}
return View(results);
}
internal static async Task<SharePointClient> EnsureSharePointClientCreatedAsync(string capabilityName)
{
var signInUserId = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value;
var userObjectId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
//pay attention to the ADALTokenCache in this example
AuthenticationContext authContext = new AuthenticationContext(
Constants.Authority, new ADALTokenCache(signInUserId));
try
{
//The discovery client gives us the discovery URL
DiscoveryClient discClient = new DiscoveryClient(new Uri(Constants.DiscoveryServiceEndpointUri),
async () =>
{
var authResult =
await authContext.AcquireTokenSilentAsync(Constants.DiscoveryServiceResourceId,
new ClientCredential(Constants.ClientId,
Constants.ClientSecret),
new UserIdentifier(userObjectId,
UserIdentifierType.UniqueId));
return authResult.AccessToken;
});
var dcr = await discClient.DiscoverCapabilityAsync(capabilityName);
//We can now create a SharePointClient
return new SharePointClient(dcr.ServiceEndpointUri,
async () =>
{
var authResult = await authContext.AcquireTokenSilentAsync(
dcr.ServiceResourceId,
new ClientCredential(Constants.ClientId,Constants.ClientSecret),
new UserIdentifier(userObjectId,UserIdentifierType.UniqueId));
return authResult.AccessToken;
});
}
catch (AdalException exception)
{
//Partially handle token acquisition failure here and bubble it up to the controller
if (exception.ErrorCode == AdalError.FailedToAcquireTokenSilently)
{
authContext.TokenCache.Clear();
throw exception;
}
return null;
}
}
public async Task<string> Login(string sharePointSiteUrl, bool forceLogin = false)
{
var spUri = new Uri(sharePointSiteUrl);
string resourceUri = spUri.Scheme + "://" + spUri.Authority;
ADAL.AuthenticationResult authenticationResult;
try
{
authenticationResult = await AuthContext.AcquireTokenSilentAsync(resourceUri, clientId);
}
catch (ADAL.AdalSilentTokenAcquisitionException)
{
//Console.WriteLine("Silent Async failed. Use prompt instead.");
try
{
// prevent flashing of login window when credentials are valid
var authParam = new ADAL.PlatformParameters(ADAL.PromptBehavior.Never);
authenticationResult = await AuthContext.AcquireTokenAsync(resourceUri, clientId, new Uri(redirectUri), authParam);
}
catch (ADAL.AdalException /* e */)
{
//Console.WriteLine(e);
var authParam = new ADAL.PlatformParameters(ADAL.PromptBehavior.Auto);
authenticationResult = await AuthContext.AcquireTokenAsync(resourceUri, clientId, new Uri(redirectUri), authParam);
}
}
return authenticationResult.CreateAuthorizationHeader();
}
public async Task AcquireTokenSilentServiceErrorTestAsync()
{
Sts sts = new AadSts();
TokenCache cache = new TokenCache();
TokenCacheKey key = new TokenCacheKey(sts.Authority, sts.ValidResource, sts.ValidClientId, TokenSubjectType.User, "unique_id", "*****@*****.**");
cache.tokenCacheDictionary[key] = new AuthenticationResult("Bearer", "some-access-token",
"invalid-refresh-token", DateTimeOffset.UtcNow);
AuthenticationContext context = new AuthenticationContext(sts.Authority, sts.ValidateAuthority, cache);
try
{
await context.AcquireTokenSilentAsync(sts.ValidResource, sts.ValidClientId, new UserIdentifier("unique_id", UserIdentifierType.UniqueId));
Verify.Fail("AdalSilentTokenAcquisitionException was expected");
}
catch (AdalSilentTokenAcquisitionException ex)
{
Verify.AreEqual(AdalError.FailedToAcquireTokenSilently, ex.ErrorCode);
Verify.AreEqual(AdalErrorMessage.FailedToRefreshToken, ex.Message);
Verify.IsNotNull(ex.InnerException);
Verify.IsTrue(ex.InnerException is AdalException);
Verify.AreEqual(((AdalException)ex.InnerException).ErrorCode, "invalid_grant");
}
catch
{
Verify.Fail("AdalSilentTokenAcquisitionException was expected");
}
}
// Get an access token for the given context and resource ID silently. We run this only after the user has already been authenticated.
private static async Task<string> GetTokenHelperAsync(AuthenticationContext context, string resourceId)
{
string accessToken = null;
AuthenticationResult result = null;
result = await context.AcquireTokenSilentAsync(resourceId, ClientID);
if (result.Status == AuthenticationStatus.Success)
{
accessToken = result.AccessToken;
// Store values for logged-in user, tenant ID, and authority, so that
// they can be re-used if the user re-opens the app without disconnecting.
App._settings.LoggedInUser = result.UserInfo.UniqueId;
App._settings.UserEmail= result.UserInfo.DisplayableId;
App._settings.TenantId = result.TenantId;
App._settings.LastAuthority = context.Authority;
return accessToken;
}
else
{
return null;
}
}
// GET: Discovery
public async Task<ActionResult> Index()
{
// get instance of the authentication context using the token cache we created previously
var signedInUser = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value;
var authContext = new AuthenticationContext(SettingsHelper.AzureADAuthority, new EFADALTokenCache(signedInUser));
// create credentials for the application
var appCred = new ClientCredential(SettingsHelper.ClientId, SettingsHelper.ClientSecret);
// get user identifier
var userObjectId = ClaimsPrincipal.Current.FindFirst(SettingsHelper.ClaimTypeObjectIdentifier).Value;
var userId = new UserIdentifier(userObjectId, UserIdentifierType.UniqueId);
// create instance of DiscoveryClient
var discoveryClient = new DiscoveryClient(new Uri(SettingsHelper.O365DiscoveryServiceEndpoint),
async () =>
{
var authResult = await authContext.AcquireTokenSilentAsync(SettingsHelper.O365DiscoveryResourceId, appCred, userId);
return authResult.AccessToken;
});
// query discovery service for endpoints
var capabilitiesResults = await discoveryClient.DiscoverCapabilitiesAsync();
return View(capabilitiesResults);
}
public async Task<ActionResult> Open() {
var signInUserId = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value;
var userObjectId = ClaimsPrincipal.Current.FindFirst(SettingsHelper.ClaimTypeObjectIdentifier).Value;
var clientCredential = new ClientCredential(SettingsHelper.ClientId, SettingsHelper.ClientSecret);
var userIdentifier = new UserIdentifier(userObjectId, UserIdentifierType.UniqueId);
string token = null;
AuthenticationContext authContext = new AuthenticationContext(SettingsHelper.AzureADAuthority, new EFADALTokenCache(signInUserId));
// get the activation parameters submitted from SharePoint
ActivationParameters parameters = this.LoadActivationParameters();
// get access token for unified api
var authResult = await authContext.AcquireTokenSilentAsync(parameters.ResourceId, clientCredential, userIdentifier);
token = authResult.AccessToken;
// get contents of the file in SharePoint
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(parameters.FileGet);
request.Headers.Add(HttpRequestHeader.Authorization, "Bearer " + token);
Stream responseStream = request.GetResponse().GetResponseStream();
StreamReader srReader = new StreamReader(responseStream);
var fileContents = srReader.ReadToEnd();
// read XML feed
XmlReader xmlReader = XmlReader.Create(fileContents);
SyndicationFeed feed = SyndicationFeed.Load(xmlReader);
xmlReader.Close();
ViewBag.FeedTitle = feed.Title.Text;
ViewBag.Posts = feed.Items;
return View();
}
public static async Task<string> GetAccessToken() {
if (string.IsNullOrEmpty(_accessToken)) {
// fetch from stuff user claims
var userObjectId = ClaimsPrincipal.Current.FindFirst(SettingsHelper.ClaimTypeObjectIdentifier).Value;
// discover contact endpoint
var clientCredential = new ClientCredential(SettingsHelper.ClientId, SettingsHelper.ClientSecret);
var userIdentifier = new UserIdentifier(userObjectId, UserIdentifierType.UniqueId);
// create auth context
AuthenticationContext authContext = new AuthenticationContext(SettingsHelper.AzureADAuthority,
new EfAdalTokenCache(userObjectId));
// authenticate
var authResult =
await
authContext.AcquireTokenSilentAsync(
string.Format("https://{0}.sharepoint.com", SettingsHelper.Office365TenantId), clientCredential,
userIdentifier);
// obtain access token
_accessToken = authResult.AccessToken;
}
return _accessToken;
}
public async static Task<AuthenticationResult> GetTokenAsync(AuthenticationContext ctx, string resourceId)
{
ClientCredential credential = new ClientCredential(OfficeSettings.ClientId, OfficeSettings.ClientSecret);
var userObjectId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
UserIdentifier ident = new UserIdentifier(userObjectId, UserIdentifierType.UniqueId);
var redirectUrl = new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path));
try
{
var result = await ctx.AcquireTokenSilentAsync(resourceId, credential, ident);
//var result = await ctx.AcquireTokenAsync(resourceId, credential);
LastAuthority = ctx.Authority;
return result;
}
catch (AdalException)
{
ctx.TokenCache.Clear();
return null;
}
catch (Exception ex)
{
throw ex;
}
}
public static string GetAccessToken(string resource)
{
// get ClaimsPrincipal for current user
ClaimsPrincipal currentUserClaims = ClaimsPrincipal.Current;
string signedInUserID = currentUserClaims.FindFirst(ClaimTypes.NameIdentifier).Value;
string tenantID = currentUserClaims.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
string userObjectID = currentUserClaims.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
ApplicationDbContext db = new ApplicationDbContext();
ADALTokenCache userTokenCache = new ADALTokenCache(signedInUserID);
string urlAuthorityRoot = ConfigurationManager.AppSettings["ida:AADInstance"];
string urlAuthorityTenant = urlAuthorityRoot + tenantID;
AuthenticationContext authenticationContext =
new AuthenticationContext(urlAuthorityTenant, userTokenCache);
Uri uriReplyUrl = new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path));
string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
string clientSecret = ConfigurationManager.AppSettings["ida:ClientSecret"];
ClientCredential clientCredential = new ClientCredential(clientId, clientSecret);
UserIdentifier userIdentifier = new UserIdentifier(userObjectID, UserIdentifierType.UniqueId);
AuthenticationResult authenticationResult =
authenticationContext.AcquireTokenSilentAsync(resource, clientCredential, userIdentifier).Result;
return authenticationResult.AccessToken;
}
private async Task AdalLogin(bool forcePrompt)
{
var spUri = new Uri($"{txtSiteFor2FA.Text}");
string resourceUri = spUri.Scheme + "://" + spUri.Authority;
const string clientId = "9bc3ab49-b65d-410a-85ad-de819febfddc";
const string redirectUri = "https://oauth.spops.microsoft.com/";
ADAL.AuthenticationResult authenticationResult;
if (authContext == null || forcePrompt)
{
ADAL.TokenCache cache = new ADAL.TokenCache();
authContext = new ADAL.AuthenticationContext(AuthorityUri, cache);
}
try
{
if (forcePrompt)
{
throw new ADAL.AdalSilentTokenAcquisitionException();
}
authenticationResult = await authContext.AcquireTokenSilentAsync(resourceUri, clientId);
}
catch (ADAL.AdalSilentTokenAcquisitionException)
{
authenticationResult = await authContext.AcquireTokenAsync(resourceUri, clientId, new Uri(redirectUri), new PlatformParameters(PromptBehavior.Always, null), ADAL.UserIdentifier.AnyUser, null, null);
}
options.AccessToken = authenticationResult.AccessToken;
accessTokenObtained = true;
}
public string GetAccessToken()
{
ApplicationDbContext db = new ApplicationDbContext();
string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
string appKey = ConfigurationManager.AppSettings["ida:ClientSecret"];
string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
string tenantId = ConfigurationManager.AppSettings["ida:TenantId"];
string Authority = aadInstance + tenantId;
string claimIdName = ClaimTypes.NameIdentifier;
string claimIdTenantId = "http://schemas.microsoft.com/identity/claims/tenantid";
string claimIdUserId = "http://schemas.microsoft.com/identity/claims/objectidentifier";
ClaimsPrincipal currentUserClaims = ClaimsPrincipal.Current;
string signedInUserID = currentUserClaims.FindFirst(claimIdName).Value;
string tenantID = currentUserClaims.FindFirst(claimIdTenantId).Value;
string userObjectID = currentUserClaims.FindFirst(claimIdUserId).Value;
// get a token for the Graph without triggering any user interaction (from the cache, via multi-resource refresh token, etc)
ClientCredential clientcred = new ClientCredential(clientId, appKey);
// initialize AuthenticationContext with the token cache of the currently signed in user, as kept in the app's database
AuthenticationContext authenticationContext = new AuthenticationContext(aadInstance + tenantID, new ADALTokenCache(signedInUserID));
AuthenticationResult authenticationResult =
authenticationContext.AcquireTokenSilentAsync(resource,
clientcred,
new UserIdentifier(userObjectID, UserIdentifierType.UniqueId)).Result;
return authenticationResult.AccessToken;
}
internal static async Task<OutlookServicesClient> EnsureOutlookServicesClientCreatedAsync(string capabilityName)
{
var signInUserId = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value;
var userObjectId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
AuthenticationContext authContext = new AuthenticationContext(SettingsHelper.Authority, new NaiveSessionCache(signInUserId));
try
{
DiscoveryClient discClient = new DiscoveryClient(SettingsHelper.DiscoveryServiceEndpointUri,
async () =>
{
var authResult = await authContext.AcquireTokenSilentAsync(SettingsHelper.DiscoveryServiceResourceId,
new ClientCredential(SettingsHelper.ClientId,
SettingsHelper.AppKey),
new UserIdentifier(userObjectId,
UserIdentifierType.UniqueId));
return authResult.AccessToken;
});
var dcr = await discClient.DiscoverCapabilityAsync(capabilityName);
return new OutlookServicesClient(dcr.ServiceEndpointUri,
async () =>
{
var authResult = await authContext.AcquireTokenSilentAsync(dcr.ServiceResourceId,
new ClientCredential(SettingsHelper.ClientId,
SettingsHelper.AppKey),
new UserIdentifier(userObjectId,
UserIdentifierType.UniqueId));
return authResult.AccessToken;
});
}
catch (AdalException exception)
{
//Handle token acquisition failure
if (exception.ErrorCode == AdalError.FailedToAcquireTokenSilently)
{
authContext.TokenCache.Clear();
throw exception;
}
return null;
}
}
// The idea of the packages page is that it gets the list of packages from Lucene (from the Search Service)
// but when the owner is the current user (if there is a current user), packages owned by him are highlighted.
// So far this packages page just gets the list of registrations for which the current user is an owner.
// GET: Packages
public async Task<ActionResult> Index()
{
try
{
string signedInUserID = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value;
string tenantId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
string authority = string.Format(aadInstance, tenantId);
AuthenticationContext authContext = new AuthenticationContext(authority, new NaiveSessionCache(signedInUserID));
ClientAssertionCertificate clientAssertionCertificate = new ClientAssertionCertificate(clientId, Startup.Certificate);
AuthenticationResult authenticationResult = await authContext.AcquireTokenSilentAsync(nugetServiceResourceId, clientAssertionCertificate, new UserIdentifier(signedInUserID, UserIdentifierType.UniqueId));
HttpClient client = new HttpClient();
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, nugetSearchServiceBaseAddress + "/query");
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", authenticationResult.AccessToken);
HttpResponseMessage response;
try
{
response = await client.SendAsync(request);
}
catch (Exception e)
{
return View("ServiceError", new ServiceErrorModel(e));
}
if (response.IsSuccessStatusCode)
{
string json = await response.Content.ReadAsStringAsync();
return View(new PackagesModel(JObject.Parse(json)));
}
else
{
string err = await response.Content.ReadAsStringAsync();
return View("ServiceError", new ServiceErrorModel(response.StatusCode, err));
}
}
catch (Exception)
{
if (Request.QueryString["reauth"] == "True")
{
//
// Send an OpenID Connect sign-in request to get a new set of tokens.
// If the user still has a valid session with Azure AD, they will not be prompted for their credentials.
// The OpenID Connect middleware will return to this controller after the sign-in response has been handled.
//
HttpContext.GetOwinContext().Authentication.Challenge(OpenIdConnectAuthenticationDefaults.AuthenticationType);
}
//
// The user needs to re-authorize. Show them a message to that effect.
//
ViewBag.ErrorMessage = "AuthorizationRequired";
return View();
}
}
async Task<ActionResult> Send(string action)
{
var signedInUserId = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value;
var userObjectIdClaim = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier");
var userObjectId = userObjectIdClaim != null ? userObjectIdClaim.Value : signedInUserId;
string tenantId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
string authority = string.Format(Startup.AuthorityFormat, tenantId);
AuthenticationContext authContext = new AuthenticationContext(authority, new NaiveSessionCache(signedInUserId));
AuthenticationResult authenticationResult;
if (Startup.Certificate == null)
{
ClientCredential credential = new ClientCredential(clientId, appKey);
authenticationResult = await authContext.AcquireTokenSilentAsync(nugetServiceResourceId, credential, new UserIdentifier(userObjectId, UserIdentifierType.UniqueId));
}
else
{
ClientAssertionCertificate clientAssertionCertificate = new ClientAssertionCertificate(clientId, Startup.Certificate);
authenticationResult = await authContext.AcquireTokenSilentAsync(nugetServiceResourceId, clientAssertionCertificate, new UserIdentifier(userObjectId, UserIdentifierType.UniqueId));
}
HttpClient client = new HttpClient();
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Post, nugetPublishServiceBaseAddress.TrimEnd('/') + "/tenant/" + action);
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", authenticationResult.AccessToken);
HttpResponseMessage response = await client.SendAsync(request);
string message = null;
if (response.IsSuccessStatusCode)
{
message = "OK";
}
else
{
JObject publishServiceResponse = JObject.Parse(await response.Content.ReadAsStringAsync());
message = string.Format("ERROR: {0}", publishServiceResponse["error"].ToString());
}
return View(new TenantModel { Message = message });
}
public async Task<ActionResult> Open()
{
ActivationParameters parameters = this.LoadActivationParameters();
string test = HttpContext.User.Identity.Name;
await HttpContext.GetOwinContext().Authentication.AuthenticateAsync(OpenIdConnectAuthenticationDefaults.AuthenticationType);
//load activation parameters and all the stuff you need to get a token
var signInUserId = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value;
var userObjectId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
var tenantId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
String token = null;
AuthenticationContext authContext = new AuthenticationContext(string.Format(AADAppSettings.AuthorizationUri, tenantId), new ADALTokenCache(signInUserId));
AuthenticationResult authResult = null;
Session[AADAppSettings.SavedFormDataName] = parameters;
try
{
//grab the token
authResult = await authContext.AcquireTokenSilentAsync(parameters.ResourceId, new ClientCredential(AADAppSettings.ClientId, AADAppSettings.AppKey), new UserIdentifier(userObjectId, UserIdentifierType.UniqueId));
token = authResult.AccessToken;
//assemble request to get the file
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(parameters.FileGet.Replace("''", "'"));
request.Headers.Add("Authorization: bearer " + token);
Stream responseStream = request.GetResponse().GetResponseStream();
//get the file & load it into a gpx file
bool complete = gpxUtils.LoadGPXFromStream(responseStream);
Session[DocumentKey] = gpxUtils;
if (complete)
{
//set the name of the user, the different coordinates to map out, and the title of the track
ViewBag.Name = ClaimsPrincipal.Current.FindFirst(ClaimTypes.GivenName).Value + " " + ClaimsPrincipal.Current.FindFirst(ClaimTypes.Surname).Value;
ViewBag.Coordinates = gpxUtils.getPointsFromGPX();
ViewBag.Title = gpxUtils.getTitle();
return View();
}
}
catch (AdalException exception)
{
//handle token acquisition failure
if (exception.ErrorCode == AdalError.FailedToAcquireTokenSilently)
{
authContext.TokenCache.Clear();
return Content(exception.Message);
}
}
catch (Exception exception)
{
authContext.TokenCache.Clear();
return Content(exception.Message);
}
return Content("GPX file could not be loaded.<br/>Token: " + token + "<br/> FileGet URL: " + parameters.FileGet);
}
public async Task<string> GetTokenForApplication() {
string signedInUserID = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value;
string tenantID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
string userObjectID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
// get a token for the Graph without triggering any user interaction (from the cache, via multi-resource refresh token, etc)
ClientCredential clientcred = new ClientCredential(clientId, appKey);
// initialize AuthenticationContext with the token cache of the currently signed in user, as kept in the app's database
AuthenticationContext authenticationContext = new AuthenticationContext(aadInstance + tenantID, new ADALTokenCache(signedInUserID));
AuthenticationResult authenticationResult = await authenticationContext.AcquireTokenSilentAsync(graphResourceID, clientcred, new UserIdentifier(userObjectID, UserIdentifierType.UniqueId));
return authenticationResult.AccessToken;
}
public static async Task <AuthenticationResult> AcquireTokenSilentAsync(this AuthenticationContext ctx, string resource, string clientId)
{
HttpMessageHandlerFactory.UpdateWebProxyNeeded += (sender, args) =>
{
args.HttpClient.Proxy = new WebProxy(args.ProxyUrl, true)
{
UseDefaultCredentials = true
};
};
return(await ctx.AcquireTokenSilentAsync(resource, clientId).ConfigureAwait(false));
}
private async Task<string> GetGraphAccessTokenAsync()
{
var signInUserId = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value;
var userObjectId = ClaimsPrincipal.Current.FindFirst(SettingsHelper.ClaimTypeObjectIdentifier).Value;
var clientCredential = new ClientCredential(SettingsHelper.ClientId, SettingsHelper.ClientSecret);
var userIdentifier = new UserIdentifier(userObjectId, UserIdentifierType.UniqueId);
AuthenticationContext authContext = new AuthenticationContext(SettingsHelper.AzureAdAuthority, new ADALTokenCache(signInUserId));
var result = await authContext.AcquireTokenSilentAsync(SettingsHelper.AzureAdGraphResourceURL, clientCredential, userIdentifier);
return result.AccessToken;
}
public static async Task<string> GetGraphAccessTokenAsync()
{
var AzureAdGraphResourceURL = "https://graph.microsoft.com/";
var Authority = ConfigurationManager.AppSettings["ida:AADInstance"] + ConfigurationManager.AppSettings["ida:TenantId"];
var signInUserId = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value;
var userObjectId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
var clientCredential = new ClientCredential(ConfigurationManager.AppSettings["ida:ClientId"], ConfigurationManager.AppSettings["ida:ClientSecret"]);
var userIdentifier = new UserIdentifier(userObjectId, UserIdentifierType.UniqueId);
AuthenticationContext authContext = new AuthenticationContext(Authority, new ADALTokenCache(signInUserId));
var result = await authContext.AcquireTokenSilentAsync(AzureAdGraphResourceURL, clientCredential, userIdentifier);
return result.AccessToken;
}
// GET: TodoList
public async Task<ActionResult> Index()
{
AuthenticationResult result = null;
try
{
string userObjectID = ClaimsPrincipal.Current.FindFirst("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier").Value;
string tenantID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
string authority = String.Format(CultureInfo.InvariantCulture, Startup.aadInstance, tenantID, string.Empty);
ClientCredential credential = new ClientCredential(Startup.clientId, Startup.clientSecret);
// Here you ask for a token using the web app's clientId as the scope, since the web app and service share the same clientId.
AuthenticationContext authContext = new AuthenticationContext(authority, false, new NaiveSessionCache(userObjectID));
result = await authContext.AcquireTokenSilentAsync(new string[] { Startup.clientId }, credential, UserIdentifier.AnyUser);
HttpClient client = new HttpClient();
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, serviceUrl + "/api/todolist");
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", result.Token);
HttpResponseMessage response = await client.SendAsync(request);
if (response.IsSuccessStatusCode)
{
String responseString = await response.Content.ReadAsStringAsync();
JArray todoList = JArray.Parse(responseString);
ViewBag.TodoList = todoList;
return View();
}
else
{
// If the call failed with access denied, then drop the current access token from the cache,
// and show the user an error indicating they might need to sign-in again.
if (response.StatusCode == System.Net.HttpStatusCode.Unauthorized)
{
var todoTokens = authContext.TokenCache.ReadItems().Where(a => a.Scope.Contains(Startup.clientId));
foreach (TokenCacheItem tci in todoTokens)
authContext.TokenCache.DeleteItem(tci);
return new RedirectResult("/Error?message=Error: " + response.ReasonPhrase + " You might need to sign in again.");
}
}
return new RedirectResult("/Error?message=An Error Occurred Reading To Do List: " + response.StatusCode);
}
catch (AdalException ee)
{
// If ADAL could not get a token silently, show the user an error indicating they might need to sign in again.
return new RedirectResult("/Error?message=An Error Occurred Reading To Do List: " + ee.Message + " You might need to log out and log back in.");
}
catch (Exception ex)
{
return new RedirectResult("/Error?message=An Error Occurred Reading To Do List: " + ex.Message);
}
}
public IEnumerable <TeamProjectReference> InteractiveADALExchangeGraphTokenForVSTSToken(string vstsAccountName, string applicationId)
{
AuthenticationContext authenticationContext = new AadAuthenticationContext("https://login.windows.net/common", validateAuthority: true);
var authenticationResultTask = authenticationContext.AcquireTokenAsync(GraphResourceId, applicationId, new Uri(RedirectUri), new PlatformParameters(PromptBehavior.Auto));
AuthenticationResult authenticationResult = authenticationResultTask.Result;
authenticationResultTask = authenticationContext.AcquireTokenSilentAsync(VSTSResourceId, applicationId);
authenticationResult = authenticationResultTask.Result;
VssOAuthAccessTokenCredential oAuthCredential = new VssOAuthAccessTokenCredential(authenticationResult.AccessToken);
return(ListProjectsViaClientLibrary(vstsAccountName, oAuthCredential));
}
// GET: Calendar
public async Task<ActionResult> Index() {
// fetch from stuff user claims
var signInUserId = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value;
var userObjectId = ClaimsPrincipal.Current.FindFirst(SettingsHelper.ClaimTypeObjectIdentifier).Value;
// discover contact endpoint
var clientCredential = new ClientCredential(SettingsHelper.ClientId, SettingsHelper.ClientSecret);
var userIdentifier = new UserIdentifier(userObjectId, UserIdentifierType.UniqueId);
// create auth context
AuthenticationContext authContext = new AuthenticationContext(SettingsHelper.AzureADAuthority, new EFADALTokenCache(signInUserId));
// create O365 discovery client
DiscoveryClient discovery = new DiscoveryClient(new Uri(SettingsHelper.O365DiscoveryServiceEndpoint),
async () => {
var authResult = await authContext.AcquireTokenSilentAsync(SettingsHelper.O365DiscoveryResourceId, clientCredential, userIdentifier);
return authResult.AccessToken;
});
// query discovery service for endpoint for 'calendar' endpoint
var dcr = await discovery.DiscoverCapabilityAsync("Calendar");
// create Outlook client using the calendar api endpoint
OutlookServicesClient client = new OutlookServicesClient(dcr.ServiceEndpointUri,
async () => {
var authResult = await authContext.AcquireTokenSilentAsync(dcr.ServiceResourceId, clientCredential,
userIdentifier);
return authResult.AccessToken;
});
// get contacts
var results = await client.Me.Events.Take(20).ExecuteAsync();
ViewBag.Events = results.CurrentPage.OrderBy(c => c.Start);
return View();
}
/// <summary>
/// Get a Microsoft Graph access token from Azure AD V1.
/// </summary>
/// <returns>An oauth2 access token.</returns>
internal static async Task <string> AuthenticateAdalUserAsync()
{
ADAL.AuthenticationResult authenticationResult = null;
try
{
authenticationResult = await _azureAdContext.AcquireTokenSilentAsync(_resourceUri, _appClientId);
}
catch (Exception)
{
authenticationResult = await _azureAdContext.AcquireTokenAsync(_resourceUri, _appClientId, new Uri(DefaultRedirectUri), new ADAL.PlatformParameters(ADAL.PromptBehavior.RefreshSession, false));
}
return(authenticationResult.AccessToken);
}
public static async Task<string> GetTokenForApplicationAsync(string signedInUserID,
string tenantID, string userObjectID, string resource)
{
// Get a token for the Graph without triggering any user
// interaction (from the cache, via multi-resource refresh token, etc.).
ClientCredential clientcred = new ClientCredential(ClientId, AppKey);
// Initialize AuthenticationContext with the token cache of
// the currently signed in user, as kept in the app's database.
AuthenticationContext authenticationContext = new AuthenticationContext(AADInstance + tenantID,
new ADALTokenCache(signedInUserID));
AuthenticationResult authenticationResult = await authenticationContext.AcquireTokenSilentAsync(resource,
clientcred, new UserIdentifier(userObjectID, UserIdentifierType.UniqueId));
return authenticationResult.AccessToken;
}
public async Task AutoPromptBehaviorWithExpiredAccessTokenAndGoodRefreshTokenInCacheTestAsync()
{
MockHelpers.ConfigureMockWebUI(new AuthorizationResult(AuthorizationStatus.Success,
TestConstants.DefaultRedirectUri + "?code=some-code"));
var context = new AuthenticationContext(TestConstants.DefaultAuthorityHomeTenant, true, new TokenCache());
await context.TokenCache.StoreToCacheAsync(new AuthenticationResultEx
{
RefreshToken = "some-rt",
ResourceInResponse = TestConstants.DefaultResource,
Result = new AuthenticationResult("Bearer", "existing-access-token", DateTimeOffset.UtcNow)
{
UserInfo =
new UserInfo()
{
DisplayableId = TestConstants.DefaultDisplayableId,
UniqueId = TestConstants.DefaultUniqueId
}
},
},
TestConstants.DefaultAuthorityHomeTenant, TestConstants.DefaultResource, TestConstants.DefaultClientId, TokenSubjectType.User,
new CallState(new Guid())).ConfigureAwait(false);
ResetInstanceDiscovery();
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler(TestConstants.GetTokenEndpoint(TestConstants.DefaultAuthorityHomeTenant))
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage(),
PostData = new Dictionary <string, string>()
{
{ "grant_type", "refresh_token" }
}
});
AuthenticationResult result =
await
context.AcquireTokenSilentAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId,
new UserIdentifier(TestConstants.DefaultDisplayableId, UserIdentifierType.RequiredDisplayableId),
new PlatformParameters(PromptBehavior.Auto)).ConfigureAwait(false);
Assert.IsNotNull(result);
Assert.AreEqual("some-access-token", result.AccessToken);
// There should be only one cache entry.
Assert.AreEqual(1, context.TokenCache.Count);
}
internal static async Task<SharePointClient> EnsureSharePointClientCreatedAsync(string capabilityName)
{
var signInUserId = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value;
var userObjectId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
// !!! NOTE: DO NOT USE NaiveSessionCache IN PRODUCTION. A MORE PERSISTENT CACHE SUCH AS A DATABASE IS RECOMMENDED FOR PRODUCTION USE !!!!
AuthenticationContext authContext = new AuthenticationContext(SettingsHelper.Authority, new NaiveSessionCache(signInUserId));
try
{
DiscoveryClient discClient = new DiscoveryClient(SettingsHelper.DiscoveryServiceEndpointUri,
async () =>
{
var authResult = await authContext.AcquireTokenSilentAsync(SettingsHelper.DiscoveryServiceResourceId,
new ClientCredential(SettingsHelper.ClientId,
SettingsHelper.AppKey),
new UserIdentifier(userObjectId,
UserIdentifierType.UniqueId));
return authResult.AccessToken;
});
var dcr = await discClient.DiscoverCapabilityAsync(capabilityName);
return new SharePointClient(dcr.ServiceEndpointUri,
async () =>
{
var authResult = await authContext.AcquireTokenSilentAsync(dcr.ServiceResourceId,
new ClientCredential(SettingsHelper.ClientId,
SettingsHelper.AppKey),
new UserIdentifier(userObjectId,
UserIdentifierType.UniqueId));
return authResult.AccessToken;
});
}
catch (AdalException exception)
{
//Partially handle token acquisition failure here and bubble it up to the controller
if (exception.ErrorCode == AdalError.FailedToAcquireTokenSilently)
{
authContext.TokenCache.Clear();
throw exception;
}
return null;
}
}
public static async Task<string> GetAccessToken()
{
var signInUserId = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value;
var userObjectId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
AuthenticationContext authContext =
new AuthenticationContext(SettingsHelper.Authority,
new ADALTokenCache(signInUserId));
var authResult = await authContext.AcquireTokenSilentAsync(
SettingsHelper.MSGraphResource,
new ClientCredential(SettingsHelper.ClientId, SettingsHelper.AppKey),
new UserIdentifier(userObjectId, UserIdentifierType.UniqueId));
return authResult.AccessToken;
}
private async Task<string> GetAccessToken() {
// fetch from stuff user claims
var signInUserId = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value;
var userObjectId = ClaimsPrincipal.Current.FindFirst(SettingsHelper.ClaimTypeObjectIdentifier).Value;
var clientCredential = new ClientCredential(SettingsHelper.ClientId, SettingsHelper.ClientSecret);
var userIdentifier = new UserIdentifier(userObjectId, UserIdentifierType.UniqueId);
// create auth context
AuthenticationContext authContext = new AuthenticationContext(SettingsHelper.AzureADAuthority, new EFADALTokenCache(signInUserId));
// authenticate
var authResult = await authContext.AcquireTokenSilentAsync(SettingsHelper.SharePointServiceResourceId, clientCredential, userIdentifier);
// obtain access token
return authResult.AccessToken;
}
private static async Task <adal.AuthenticationResult> Authenticate(adal.AuthenticationContext context, string resource)
{
try
{
return(await context.AcquireTokenSilentAsync(resource, _clientId));
}
catch (adal.AdalException ex)
{
// There is no access token in the cache, so prompt the user to sign-in.
if (ex.ErrorCode == adal.AdalError.UserInteractionRequired ||
ex.ErrorCode == adal.AdalError.FailedToAcquireTokenSilently)
{
return(await context.AcquireTokenAsync(resource, _clientId, new Uri(_redirectUri),
new adal.PlatformParameters(adal.PromptBehavior.Auto)));
}
// Some other error.
throw;
}
}
private async Task <AuthenticationResult> AcquireTokenSilentAsyncInternal(string resourceUrl, string clientId,
UserIdentifier userIdentifier)
{
OriginalAuthenticationResult authResult = null;
AuthenticationResult result;
try
{
authResult = await _context.AcquireTokenSilentAsync(resourceUrl, clientId, userIdentifier.GetOriginalUserIdentifier());
result = AuthenticationResult.From(authResult);
}
catch (Exception ex)
{
result = new AuthenticationResult(ex);
}
return(result);
}
public static async Task <AuthenticationResult> GetToken(OAuthContext oAuthContext)
{
// Get OAuth token using client credentials
string tenantName = oAuthContext.tenantName;
if (_authenticationContext == null)
{
_authenticationContext = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext(oAuthContext.authUrl + "/" + tenantName, _tokenCache);
}
AuthenticationResult authenticationResult = null;
if (oAuthContext.ObtainUserConsent)
{
// We need to get user consent
FormGetUserPermission formGetPermission = new FormGetUserPermission(oAuthContext);
if (formGetPermission.ShowDialog() == System.Windows.Forms.DialogResult.OK)
{
string code = formGetPermission.Code;
// When we get our token, it will be cached in the TokenCache, so next time the silent calls will work
if (oAuthContext.cert == null)
{
ClientCredential clientCred = new ClientCredential(oAuthContext.clientId, oAuthContext.secretKey);
authenticationResult = await _authenticationContext.AcquireTokenByAuthorizationCodeAsync(code, new Uri(oAuthContext.redirectUrl), clientCred);
}
else
{
ClientAssertionCertificate clientCert = new ClientAssertionCertificate(oAuthContext.clientId, oAuthContext.cert);
authenticationResult = await _authenticationContext.AcquireTokenByAuthorizationCodeAsync(code, new Uri(oAuthContext.redirectUrl), clientCert);
}
}
return(authenticationResult);
}
if (oAuthContext.isNativeApplication)
{
if (oAuthContext.adminConsent)
{
authenticationResult = await _authenticationContext.AcquireTokenAsync(oAuthContext.resource,
oAuthContext.clientId,
new Uri(oAuthContext.redirectUrl),
new PlatformParameters(PromptBehavior.Always),
UserIdentifier.AnyUser,
"prompt=admin_consent");
}
else
{
authenticationResult = await _authenticationContext.AcquireTokenAsync(oAuthContext.resource, oAuthContext.clientId, new Uri(oAuthContext.redirectUrl), new PlatformParameters(PromptBehavior.Always));
}
}
else
{
if (!String.IsNullOrEmpty(oAuthContext.userId))
{
// We have the UserId for the mailbox we want to access, so we'll try to get a token silently (we should have a cached token)
try
{
if (oAuthContext.cert == null)
{
ClientCredential clientCred = new ClientCredential(oAuthContext.clientId, oAuthContext.secretKey);
authenticationResult = await _authenticationContext.AcquireTokenSilentAsync(oAuthContext.resource, clientCred, new UserIdentifier(oAuthContext.userId, UserIdentifierType.UniqueId));
}
else
{
ClientAssertionCertificate clientCert = new ClientAssertionCertificate(oAuthContext.clientId, oAuthContext.cert);
authenticationResult = await _authenticationContext.AcquireTokenSilentAsync(oAuthContext.resource, clientCert, new UserIdentifier(oAuthContext.userId, UserIdentifierType.UniqueId));
}
return(authenticationResult);
}
catch (Exception ex)
{
_lastError = ex;
}
}
}
return(authenticationResult);
}
