public string GetAadAuthenticatedToken(AsAzureContext asAzureContext, SecureString password, PromptBehavior promptBehavior, string clientId, string resourceUri, Uri resourceRedirectUri)
{
var authUriBuilder = new UriBuilder((string)asAzureContext.Environment.Endpoints[AsAzureEnvironment.AsRolloutEndpoints.AdAuthorityBaseUrl]);
authUriBuilder.Path = string.IsNullOrEmpty(asAzureContext.Account.Tenant)
? "common"
: asAzureContext.Account.Tenant;
var authenticationContext = new AuthenticationContext(
authUriBuilder.ToString(),
AsAzureClientSession.TokenCache);
AuthenticationResult result = null;
if (password == null)
{
if (asAzureContext.Account.Id != null)
{
result = authenticationContext.AcquireToken(
resourceUri,
clientId,
resourceRedirectUri,
promptBehavior,
new UserIdentifier(asAzureContext.Account.Id, UserIdentifierType.OptionalDisplayableId));
}
else
{
result = authenticationContext.AcquireToken(
resourceUri,
clientId,
resourceRedirectUri,
promptBehavior);
}
}
else
{
UserCredential userCredential = new UserCredential(asAzureContext.Account.Id, password);
result = authenticationContext.AcquireToken(resourceUri, clientId, userCredential);
}
asAzureContext.Account.Id = result.UserInfo.DisplayableId;
asAzureContext.Account.Tenant = result.TenantId;
asAzureContext.Account.UniqueId = result.UserInfo.UniqueId;
return(result.AccessToken);
}
public string GetAadAuthenticatedToken(AsAzureContext asAzureContext, SecureString password, PromptBehavior promptBehavior, string clientId, string resourceUri, Uri resourceRedirectUri)
#endif
{
var authUriBuilder = new UriBuilder((string)asAzureContext.Environment.Endpoints[AsAzureEnvironment.AsRolloutEndpoints.AdAuthorityBaseUrl]);
authUriBuilder.Path = string.IsNullOrEmpty(asAzureContext.Account.Tenant)
? "common"
: asAzureContext.Account.Tenant;
var authenticationContext = new AuthenticationContext(
authUriBuilder.ToString(),
AsAzureClientSession.TokenCache);
AuthenticationResult result = null;
string accountType = string.IsNullOrEmpty(asAzureContext.Account.Type) ? AsAzureAccount.AccountType.User : asAzureContext.Account.Type;
if (password == null && accountType == AsAzureAccount.AccountType.User)
{
if (asAzureContext.Account.Id != null)
{
#if NETSTANDARD
result = authenticationContext.AcquireTokenAsync(
resourceUri,
clientId,
resourceRedirectUri,
new PlatformParameters(),
new UserIdentifier(asAzureContext.Account.Id, UserIdentifierType.OptionalDisplayableId)).Result;
#else
result = authenticationContext.AcquireToken(
resourceUri,
clientId,
resourceRedirectUri,
promptBehavior,
new UserIdentifier(asAzureContext.Account.Id, UserIdentifierType.OptionalDisplayableId));
#endif
}
else
{
#if NETSTANDARD
result = authenticationContext.AcquireTokenAsync(
resourceUri,
clientId,
resourceRedirectUri,
new PlatformParameters()).Result;
#else
result = authenticationContext.AcquireToken(
resourceUri,
clientId,
resourceRedirectUri,
promptBehavior);
#endif
}
asAzureContext.Account.Id = result.UserInfo.DisplayableId;
asAzureContext.Account.Tenant = result.TenantId;
asAzureContext.Account.UniqueId = result.UserInfo.UniqueId;
}
else
{
if (accountType == AsAzureAccount.AccountType.User)
{
#if NETSTANDARD
//https://stackoverflow.com/a/39393039/294804
//https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/482
//https://github.com/Azure-Samples/active-directory-dotnet-deviceprofile/blob/5d5499d09c918ae837810d457822474df97600e9/DirSearcherClient/Program.cs#L206-L210
// Note: More robust implementation in UserTokenProvider.Netcore.cs in DoAcquireToken
DeviceCodeResult codeResult = authenticationContext.AcquireDeviceCodeAsync(resourceUri, clientId).Result;
promptAction(codeResult?.Message);
result = authenticationContext.AcquireTokenByDeviceCodeAsync(codeResult).Result;
#else
UserCredential userCredential = new UserCredential(asAzureContext.Account.Id, password);
result = authenticationContext.AcquireToken(resourceUri, clientId, userCredential);
#endif
asAzureContext.Account.Id = result.UserInfo.DisplayableId;
asAzureContext.Account.Tenant = result.TenantId;
asAzureContext.Account.UniqueId = result.UserInfo.UniqueId;
}
else if (accountType == AsAzureAccount.AccountType.ServicePrincipal)
{
if (string.IsNullOrEmpty(asAzureContext.Account.CertificateThumbprint))
{
#if NETSTANDARD
ClientCredential credential = new ClientCredential(asAzureContext.Account.Id, ConversionUtilities.SecureStringToString(password));
result = authenticationContext.AcquireTokenAsync(resourceUri, credential).Result;
#else
ClientCredential credential = new ClientCredential(asAzureContext.Account.Id, password);
result = authenticationContext.AcquireToken(resourceUri, credential);
#endif
}
else
{
DiskDataStore dataStore = new DiskDataStore();
var certificate = dataStore.GetCertificate(asAzureContext.Account.CertificateThumbprint);
if (certificate == null)
{
throw new ArgumentException(string.Format(Resources.CertificateNotFoundInStore, asAzureContext.Account.CertificateThumbprint));
}
#if NETSTANDARD
result = authenticationContext.AcquireTokenAsync(resourceUri, new ClientAssertionCertificate(asAzureContext.Account.Id, certificate)).Result;
#else
result = authenticationContext.AcquireToken(resourceUri, new ClientAssertionCertificate(asAzureContext.Account.Id, certificate));
#endif
}
}
}
return(result?.AccessToken);
}
public string GetAadAuthenticatedToken(AsAzureContext asAzureContext, SecureString password, Action <string> promptAction, string clientId, string resourceUri, Uri resourceRedirectUri)
public string GetAadAuthenticatedToken(AsAzureContext asAzureContext, SecureString password, PromptBehavior promptBehavior, string clientId, string resourceUri, Uri resourceRedirectUri)
{
var authUriBuilder = new UriBuilder((string)asAzureContext.Environment.Endpoints[AsAzureEnvironment.AsRolloutEndpoints.AdAuthorityBaseUrl]);
authUriBuilder.Path = string.IsNullOrEmpty(asAzureContext.Account.Tenant)
? "common"
: asAzureContext.Account.Tenant;
var authenticationContext = new AuthenticationContext(
authUriBuilder.ToString(),
AsAzureClientSession.TokenCache);
AuthenticationResult result = null;
string accountType = string.IsNullOrEmpty(asAzureContext.Account.Type) ? AsAzureAccount.AccountType.User : asAzureContext.Account.Type;
if (password == null && accountType == AsAzureAccount.AccountType.User)
{
if (asAzureContext.Account.Id != null)
{
result = authenticationContext.AcquireToken(
resourceUri,
clientId,
resourceRedirectUri,
promptBehavior,
new UserIdentifier(asAzureContext.Account.Id, UserIdentifierType.OptionalDisplayableId));
}
else
{
result = authenticationContext.AcquireToken(
resourceUri,
clientId,
resourceRedirectUri,
promptBehavior);
}
asAzureContext.Account.Id = result.UserInfo.DisplayableId;
asAzureContext.Account.Tenant = result.TenantId;
asAzureContext.Account.UniqueId = result.UserInfo.UniqueId;
}
else
{
if (accountType == AsAzureAccount.AccountType.User)
{
UserCredential userCredential = new UserCredential(asAzureContext.Account.Id, password);
result = authenticationContext.AcquireToken(resourceUri, clientId, userCredential);
asAzureContext.Account.Id = result.UserInfo.DisplayableId;
asAzureContext.Account.Tenant = result.TenantId;
asAzureContext.Account.UniqueId = result.UserInfo.UniqueId;
}
else if (accountType == AsAzureAccount.AccountType.ServicePrincipal)
{
if (string.IsNullOrEmpty(asAzureContext.Account.CertificateThumbprint))
{
ClientCredential credential = new ClientCredential(asAzureContext.Account.Id, password);
result = authenticationContext.AcquireToken(resourceUri, credential);
}
else
{
DiskDataStore dataStore = new DiskDataStore();
var certificate = dataStore.GetCertificate(asAzureContext.Account.CertificateThumbprint);
if (certificate == null)
{
throw new ArgumentException(string.Format(Resources.CertificateNotFoundInStore, asAzureContext.Account.CertificateThumbprint));
}
result = authenticationContext.AcquireToken(resourceUri, new ClientAssertionCertificate(asAzureContext.Account.Id, certificate));
}
}
}
return(result.AccessToken);
}