public static async Task<string> GetAccessToken(this IBotContext context, string resourceId)
{
AuthResult authResult;
if (context.UserData.TryGetValue(ContextConstants.AuthResultKey, out authResult))
{
try
{
InMemoryTokenCacheADAL tokenCache = new InMemoryTokenCacheADAL(authResult.TokenCache);
var result = await AzureActiveDirectoryHelper.GetToken(authResult.UserUniqueId, tokenCache, resourceId);
authResult.AccessToken = result.AccessToken;
authResult.ExpiresOnUtcTicks = result.ExpiresOnUtcTicks;
authResult.TokenCache = tokenCache.Serialize();
context.StoreAuthResult(authResult);
}
catch (Exception ex)
{
Trace.TraceError("Failed to renew token: " + ex.Message);
await context.PostAsync("Your credentials expired and could not be renewed automatically!");
await context.Logout();
return null;
}
return authResult.AccessToken;
}
return null;
}
private async Task LogIn(IDialogContext context, IMessageActivity msg, string resourceId)
{
try
{
string token = await context.GetAccessToken(resourceId);
if (string.IsNullOrEmpty(token))
{
if (msg.Text != null &&
CancellationWords.GetCancellationWords().Contains(msg.Text.ToUpper()))
{
context.Done(string.Empty);
}
else
{
var resumptionCookie = new ResumptionCookie(msg);
var authenticationUrl = await AzureActiveDirectoryHelper.GetAuthUrlAsync(resumptionCookie, resourceId);
await context.PostAsync($"You must be authenticated before you can proceed. Please, click [here]({authenticationUrl}) to log into your account.");
context.Wait(this.MessageReceivedAsync);
}
}
else
{
context.Done(string.Empty);
}
}
catch (Exception ex)
{
throw ex;
}
}
public static async Task <string> GetADALAccessToken(IBotContext context, AzureADAuthenticationRequest request)
{
AuthenticationSettings authenticationSettings = AuthenticationSettings.GetFromAppSettings();
AuthenticationResult authenticationResult;
if (context.UserData.TryGetValue(AuthenticationConstants.AuthResultKey, out authenticationResult))
{
try
{
var tokenCache = TokenCacheFactory.SetADALTokenCache(authenticationResult.TokenCache);
var result = await AzureActiveDirectoryHelper.GetToken(authenticationResult.UserUniqueId, authenticationSettings, request.ResourceId);
authenticationResult.AccessToken = result.AccessToken;
authenticationResult.ExpiresOnUtcTicks = result.ExpiresOnUtcTicks;
authenticationResult.TokenCache = tokenCache.Serialize();
context.StoreAuthResult(authenticationResult);
}
catch (Exception ex)
{
Trace.TraceError("Failed to renew token: " + ex.Message);
await context.PostAsync("Your credentials expired and could not be renewed automatically!");
await context.Logout(authenticationSettings);
return(null);
}
return(authenticationResult.AccessToken);
}
return(null);
}
private async void btnActivate_Click(object sender, EventArgs e)
{
try
{
string aadToken = AzureActiveDirectoryHelper.GetAADHeaderWithPrompt();
this.textBoxRetailServerUrl.Text = this.retailServerUrl;
RetailServerContext context = Helpers.CreateNewRetailServerContext(this.retailServerUrl);
ManagerFactory managerFactory = ManagerFactory.Create(context);
managerFactory.Context.SetUserToken(new AADToken(aadToken));
managerFactory.Context.SetDeviceToken(null);
DeviceActivationResult result = null;
IStoreOperationsManager storeOperationsManager = managerFactory.GetManager <IStoreOperationsManager>();
result = await storeOperationsManager.ActivateDevice(this.textBoxDeviceId.Text, this.textBoxRegisterId.Text, "testDevice.DeviceId", forceActivate : true, deviceType : 2 /*testDevice.DeviceType*/);
this.AppInfo = new DeviceActivationInformation(this.retailServerUrl, result.Device.TerminalId, result.Device.ChannelName, result.Device.Token, result.Device.DeviceNumber, DateTime.Now);
this.mainForm.Log("Activation succeeded.");
}
catch (Exception ex)
{
this.mainForm.Log(ex.ToString());
}
this.Close();
}
public async Task <IActionResult> AzureAdLateralMovement()
{
var tenantId = ((ClaimsIdentity)User.Identity)
.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
await CosmosDbHelper.InitializeCosmosDb(tenantId);
var graphClient = _graphSdkHelper.GetAuthenticatedClient((ClaimsIdentity)User.Identity);
var azureActiveDirectoryHelper = new AzureActiveDirectoryHelper(graphClient, HttpContext);
List <string> lateralMovementDataList = null;
try
{
lateralMovementDataList = await azureActiveDirectoryHelper.RunAzureActiveDirectoryApplication();
}
catch (ServiceException e)
{
if (e.Error.Code == "TokenNotFound")
{
foreach (var cookie in Request.Cookies.Keys)
{
Response.Cookies.Delete(cookie);
}
return(RedirectToAction(nameof(Index), "Home"));
}
}
catch (Exception e)
{
return(RedirectToAction(nameof(Index), "Home"));
}
return(View(lateralMovementDataList));
}
private async Task LogIn(IDialogContext context, Message msg)
{
try
{
string token = await context.GetAccessToken();
if (string.IsNullOrEmpty(token))
{
var resumptionCookie = new ResumptionCookie(msg);
var authenticationUrl = await AzureActiveDirectoryHelper.GetAuthUrlAsync(resumptionCookie);
await context.PostAsync($"You must be authenticated before you can proceed. Please, click [here]({authenticationUrl}) to log into your account.");
context.Wait(this.MessageReceivedAsync);
}
else
{
context.Done(string.Empty);
}
}catch (Exception ex)
{
throw ex;
}
}
private async Task LogIn(IDialogContext context, IMessageActivity msg, string[] scopes)
{
try
{
string token = await context.GetAccessToken(scopes);
if (string.IsNullOrEmpty(token))
{
if (msg.Text != null &&
CancellationWords.GetCancellationWords().Contains(msg.Text.ToUpper()))
{
context.Done(string.Empty);
}
else
{
var resumptionCookie = new ResumptionCookie(msg);
var authenticationUrl = await AzureActiveDirectoryHelper.GetAuthUrlAsync(resumptionCookie, scopes);
if (msg.ChannelId == "skype")
{
IMessageActivity response = context.MakeMessage();
response.Recipient = msg.From;
response.Type = "message";
response.Attachments = new List <Attachment>();
List <CardAction> cardButtons = new List <CardAction>();
CardAction plButton = new CardAction()
{
Value = authenticationUrl,
Type = "signin",
Title = "Authentication Required"
};
cardButtons.Add(plButton);
SigninCard plCard = new SigninCard(this.prompt, new List <CardAction>()
{
plButton
});
Attachment plAttachment = plCard.ToAttachment();
response.Attachments.Add(plAttachment);
await context.PostAsync(response);
}
else
{
await context.PostAsync(this.prompt + "[Click here](" + authenticationUrl + ")");
}
context.Wait(this.MessageReceivedAsync);
}
}
else
{
context.Done(string.Empty);
}
}catch (Exception ex)
{
throw ex;
}
}
public static async Task <string> GetAccessToken(this IBotContext context, string resourceId)
{
AuthResult authResult;
if (context.Activity.ChannelId.Equals("cortana", StringComparison.InvariantCultureIgnoreCase))
{
string token = null;
if (context.UserData.TryGetValue(ContextConstants.AuthResultKey, out authResult))
{
//we have credential
}
else
{
token = GetCortanaAccessToken(context);
var jwt = new JwtSecurityToken(token);
if (authResult == null)
{
authResult = new AuthResult();
}
authResult.AccessToken = token;
long tick = long.MinValue;
long.TryParse(jwt.Payload.Claims.Where(c => c.Type.Equals("exp", StringComparison.InvariantCultureIgnoreCase)).SingleOrDefault()?.Value, out tick);
authResult.ExpiresOnUtcTicks = tick;
InMemoryTokenCacheMSAL tokenCache = new InMemoryTokenCacheMSAL(Encoding.ASCII.GetBytes(token));
authResult.TokenCache = tokenCache.Serialize();
context.StoreAuthResult(authResult);
}
return(authResult.AccessToken);
}
else
{
if (context.UserData.TryGetValue(ContextConstants.AuthResultKey, out authResult))
{
try
{
InMemoryTokenCacheADAL tokenCache = new InMemoryTokenCacheADAL(authResult.TokenCache);
var result = await AzureActiveDirectoryHelper.GetToken(authResult.UserUniqueId, tokenCache, resourceId);
authResult.AccessToken = result.AccessToken;
authResult.ExpiresOnUtcTicks = result.ExpiresOnUtcTicks;
authResult.TokenCache = tokenCache.Serialize();
context.StoreAuthResult(authResult);
}
catch (Exception ex)
{
Trace.TraceError("Failed to renew token: " + ex.Message);
await context.PostAsync("Your credentials expired and could not be renewed automatically!");
await context.Logout();
return(null);
}
return(authResult.AccessToken);
}
return(null);
}
}
public static async Task <string> GetAlias(this IBotContext context)
{
AuthResult authResult;
string validated = null;
if (context.UserData.TryGetValue(ContextConstants.AuthResultKey, out authResult) &&
context.UserData.TryGetValue(ContextConstants.MagicNumberValidated, out validated) &&
validated == "true")
{
try
{
if (string.Equals(AuthSettings.Mode, "v2", StringComparison.OrdinalIgnoreCase))
{
InMemoryTokenCacheMSAL tokenCache = new InMemoryTokenCacheMSAL(authResult.TokenCache);
var result = await AzureActiveDirectoryHelper.GetToken(authResult.UserUniqueId, tokenCache, AuthSettings.Scopes);
authResult.AccessToken = result.AccessToken;
authResult.ExpiresOnUtcTicks = result.ExpiresOnUtcTicks;
authResult.TokenCache = tokenCache.Serialize();
authResult.Alias = result.Alias;
context.StoreAuthResult(authResult);
}
else if (string.Equals(AuthSettings.Mode, "b2c", StringComparison.OrdinalIgnoreCase))
{
throw new NotImplementedException();
}
else if (string.Equals(AuthSettings.Mode, "v1", StringComparison.OrdinalIgnoreCase))
{
InMemoryTokenCacheADAL tokenCache = new InMemoryTokenCacheADAL(authResult.TokenCache);
var result = await AzureActiveDirectoryHelper.GetToken(authResult.UserUniqueId, tokenCache, ConfigurationManager.AppSettings["ActiveDirectory.ResourceId"]);
authResult.AccessToken = result.AccessToken;
authResult.ExpiresOnUtcTicks = result.ExpiresOnUtcTicks;
authResult.TokenCache = tokenCache.Serialize();
authResult.Alias = result.Alias;
context.StoreAuthResult(authResult);
}
}
catch (Exception ex)
{
Trace.TraceError("Failed to renew token: " + ex.Message);
await context.PostAsync("Your credentials expired and could not be renewed automatically!");
await context.Logout();
return(null);
}
return(authResult.Alias.Split('@')[0]);
}
return(null);
}
/// <summary>
/// Checks if we are able to get an access token. If not, we prompt for a login
/// </summary>
/// <param name="context"></param>
/// <param name="msg"></param>
/// <returns></returns>
protected virtual async Task CheckForLogin(IDialogContext context, IMessageActivity msg)
{
try
{
string token;
if (resourceId != null)
{
token = await context.GetAccessToken(resourceId);
}
else
{
token = await context.GetAccessToken(scopes);
}
if (string.IsNullOrEmpty(token))
{
if (msg.Text != null &&
CancellationWords.GetCancellationWords().Contains(msg.Text.ToUpper()))
{
context.Done(string.Empty);
}
else
{
var resumptionCookie = new ResumptionCookie(msg);
string authenticationUrl;
if (resourceId != null)
{
authenticationUrl = await AzureActiveDirectoryHelper.GetAuthUrlAsync(resumptionCookie, resourceId);
}
else
{
authenticationUrl = await AzureActiveDirectoryHelper.GetAuthUrlAsync(resumptionCookie, scopes);
}
await PromptToLogin(context, msg, authenticationUrl);
context.Wait(this.MessageReceivedAsync);
}
}
else
{
context.Done(string.Empty);
}
}
catch (Exception ex)
{
throw ex;
}
}
public static async Task <string> GetAccessToken(this IBotContext context, string[] scopes)
{
AuthResult authResult;
if (context.UserData.TryGetValue(ContextConstants.AuthResultKey, out authResult))
{
try
{
if (string.Equals(AuthSettings.Mode, "v2", StringComparison.OrdinalIgnoreCase))
{
InMemoryTokenCacheMSAL tokenCache = new InMemoryTokenCacheMSAL(authResult.TokenCache);
var result = await AzureActiveDirectoryHelper.GetToken(authResult.UserUniqueId, tokenCache, scopes);
authResult.AccessToken = result.AccessToken;
authResult.ExpiresOnUtcTicks = result.ExpiresOnUtcTicks;
authResult.TokenCache = tokenCache.Serialize();
context.StoreAuthResult(authResult);
}
else if (string.Equals(AuthSettings.Mode, "b2c", StringComparison.OrdinalIgnoreCase))
{
throw new NotImplementedException();
}
}
catch (Exception ex)
{
Trace.TraceError("Failed to renew token: " + ex.Message);
await context.PostAsync("Your credentials expired and could not be renewed automatically!");
await context.Logout();
return(null);
}
return(authResult.AccessToken);
}
return(null);
}
public static async Task <object> HandleOAuthCallback(HttpRequestMessage req, uint maxWriteAttempts)
{
try
{
var queryParams = req.RequestUri.ParseQueryString();
if (req.Method != HttpMethod.Post)
{
throw new ArgumentException("The OAuth postback handler only supports POST requests.");
}
var formData = await req.Content.ReadAsFormDataAsync();
string stateStr = formData["state"];
string code = formData["code"];
var resumptionCookie = UrlToken.Decode <ResumptionCookie>(stateStr);
var message = resumptionCookie.GetMessage();
using (var scope = DialogModule.BeginLifetimeScope(Conversation.Container, message))
{
AuthenticationSettings authSettings = AuthenticationSettings.GetFromAppSettings();
var client = scope.Resolve <IConnectorClient>();
AuthenticationResult authenticationResult = await AzureActiveDirectoryHelper.GetTokenByAuthCodeAsync(code, authSettings);
IStateClient sc = scope.Resolve <IStateClient>();
//IMPORTANT: DO NOT REMOVE THE MAGIC NUMBER CHECK THAT WE DO HERE. THIS IS AN ABSOLUTE SECURITY REQUIREMENT
//REMOVING THIS WILL REMOVE YOUR BOT AND YOUR USERS TO SECURITY VULNERABILITIES.
//MAKE SURE YOU UNDERSTAND THE ATTACK VECTORS AND WHY THIS IS IN PLACE.
int magicNumber = GenerateRandomNumber();
bool writeSuccessful = false;
uint writeAttempts = 0;
while (!writeSuccessful && writeAttempts++ < maxWriteAttempts)
{
try
{
BotData userData = sc.BotState.GetUserData(message.ChannelId, message.From.Id);
userData.SetProperty(AuthenticationConstants.AuthResultKey, authenticationResult);
userData.SetProperty(AuthenticationConstants.MagicNumberKey, magicNumber);
userData.SetProperty(AuthenticationConstants.MagicNumberValidated, "false");
sc.BotState.SetUserData(message.ChannelId, message.From.Id, userData);
writeSuccessful = true;
}
catch (HttpOperationException)
{
writeSuccessful = false;
}
}
var resp = new HttpResponseMessage(HttpStatusCode.OK);
if (!writeSuccessful)
{
message.Text = String.Empty; // fail the login process if we can't write UserData
await Conversation.ResumeAsync(resumptionCookie, message);
resp.Content = new StringContent("<html><body>Could not log you in at this time, please try again later</body></html>", System.Text.Encoding.UTF8, @"text/html");
}
else
{
await Conversation.ResumeAsync(resumptionCookie, message);
resp.Content = new StringContent($"<html><body>Almost done! Please copy this number and paste it back to your chat so your authentication can complete:<br/> <h1>{magicNumber}</h1>.</body></html>", System.Text.Encoding.UTF8, @"text/html");
}
return(resp);
}
}
catch (Exception ex)
{
// Callback is called with no pending message as a result the login flow cannot be resumed.
return(req.CreateErrorResponse(HttpStatusCode.BadRequest, ex));
}
}
public async Task <HttpResponseMessage> OAuthCallback(
[FromUri] string code,
[FromUri] string state,
CancellationToken cancellationToken)
{
try
{
var queryParams = state;
object tokenCache = null;
if (string.Equals(AuthSettings.Mode, "v1", StringComparison.OrdinalIgnoreCase))
{
tokenCache = new Microsoft.IdentityModel.Clients.ActiveDirectory.TokenCache();
}
else if (string.Equals(AuthSettings.Mode, "v2", StringComparison.OrdinalIgnoreCase))
{
tokenCache = new Microsoft.Identity.Client.TokenCache();
}
else if (string.Equals(AuthSettings.Mode, "b2c", StringComparison.OrdinalIgnoreCase))
{
}
var resumptionCookie = UrlToken.Decode <ResumptionCookie>(queryParams);
// Create the message that is send to conversation to resume the login flow
var message = resumptionCookie.GetMessage();
using (var scope = DialogModule.BeginLifetimeScope(Conversation.Container, message))
{
var client = scope.Resolve <IConnectorClient>();
AuthResult authResult = null;
if (string.Equals(AuthSettings.Mode, "v1", StringComparison.OrdinalIgnoreCase))
{
// Exchange the Auth code with Access token
var token = await AzureActiveDirectoryHelper.GetTokenByAuthCodeAsync(code, (Microsoft.IdentityModel.Clients.ActiveDirectory.TokenCache) tokenCache);
authResult = token;
}
else if (string.Equals(AuthSettings.Mode, "v2", StringComparison.OrdinalIgnoreCase))
{
// Exchange the Auth code with Access token
var token = await AzureActiveDirectoryHelper.GetTokenByAuthCodeAsync(code, (Microsoft.Identity.Client.TokenCache) tokenCache, Models.AuthSettings.Scopes);
authResult = token;
}
else if (string.Equals(AuthSettings.Mode, "b2c", StringComparison.OrdinalIgnoreCase))
{
}
IStateClient sc = scope.Resolve <IStateClient>();
//IMPORTANT: DO NOT REMOVE THE MAGIC NUMBER CHECK THAT WE DO HERE. THIS IS AN ABSOLUTE SECURITY REQUIREMENT
//REMOVING THIS WILL REMOVE YOUR BOT AND YOUR USERS TO SECURITY VULNERABILITIES.
//MAKE SURE YOU UNDERSTAND THE ATTACK VECTORS AND WHY THIS IS IN PLACE.
int magicNumber = GenerateRandomNumber();
bool writeSuccessful = false;
uint writeAttempts = 0;
while (!writeSuccessful && writeAttempts++ < MaxWriteAttempts)
{
try
{
BotData userData = sc.BotState.GetUserData(message.ChannelId, message.From.Id);
userData.SetProperty(ContextConstants.AuthResultKey, authResult);
userData.SetProperty(ContextConstants.MagicNumberKey, magicNumber);
userData.SetProperty(ContextConstants.MagicNumberValidated, "false");
sc.BotState.SetUserData(message.ChannelId, message.From.Id, userData);
writeSuccessful = true;
}
catch (HttpOperationException)
{
writeSuccessful = false;
}
}
var resp = new HttpResponseMessage(HttpStatusCode.OK);
if (!writeSuccessful)
{
message.Text = String.Empty; // fail the login process if we can't write UserData
await Conversation.ResumeAsync(resumptionCookie, message);
resp.Content = new StringContent("<html><body>Could not log you in at this time, please try again later</body></html>", System.Text.Encoding.UTF8, @"text/html");
}
else
{
await Conversation.ResumeAsync(resumptionCookie, message);
resp.Content = new StringContent($"<html><body>Almost done! Please copy this number and paste it back to your chat so your authentication can complete:<br/> <h1>{magicNumber}</h1>.</body></html>", System.Text.Encoding.UTF8, @"text/html");
}
return(resp);
}
}
catch (Exception ex)
{
// Callback is called with no pending message as a result the login flow cannot be resumed.
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ex));
}
}
static void Main(string[] args)
{
var settingsReader = ConfigurationManager.AppSettings;
var aadConfig = new AzureActiveDirectoryConfig();
//Get Azure Active Directory Configuration form App Settings
try{
aadConfig.azureSubscriptionID = settingsReader["subscriptionID"];
aadConfig.aadApplicationName = settingsReader["ActiveDirectoryApplicationName"];
aadConfig.aadRedirectURL = settingsReader["ActiveDirectoryApplicationRedirect"];
aadConfig.addClientID = settingsReader["ActiveDirectoryClientID"];
aadConfig.addTenant = settingsReader["ActiveDirectoryadTenant"];
aadConfig.aadResourceURI = settingsReader["ActiveDirectoryResourceUri"];
}
catch (Exception e)
{
Console.WriteLine(e.Source);
}
//Authenticates ARM websites client
var ARMClient = new AzureActiveDirectoryHelper(aadConfig);
//Sets the Resource Group to use for samples
Console.Write("Resource Group:");
var resourceGroup = Console.ReadLine();
//Initialize the Server Farm Samples
var webHostingPlanSample = new ARM_WebHostingPlan_Sample();
webHostingPlanSample.client = ARMClient.client;
//Initialize the Server Farm Samples
var websiteSample = new ARM_websites_Sample();
websiteSample.client = ARMClient.client;
var operation = 0;
var mainMenu = true;
while (mainMenu)
{
Console.Clear();
Console.WriteLine("...::Select Samples::...");
Console.WriteLine("1) Web Hosting Plan Operations");
Console.WriteLine("2) Website Operations");
Console.WriteLine("0) Quit");
if (int.TryParse(Console.ReadLine(), out operation))
{
switch (operation)
{
case 1:
var webHostingPlanmMenu = true;
while (webHostingPlanmMenu)
{
webHostingPlanmMenu = webHostingPlanSample.webHostingPlanOperations(resourceGroup);
}
break;
case 2:
var websiteMenu = true;
while (websiteMenu)
{
websiteMenu = websiteSample.webSitesOperations(resourceGroup);
}
break;
case 0:
mainMenu = false;
Console.Clear();
Console.Write("..::GOODBYE::..");
Thread.Sleep(2000);
break;
default:
Console.Clear();
Console.Write("Operation Not recognized:");
break;
}
}
else
{
Console.Clear();
Console.Write("Operation Not recognized:");
}
}
}
public async Task <HttpResponseMessage> OAuthCallback([FromUri] string code, [FromUri] string state)
{
try
{
object tokenCache = null;
if (string.Equals(AuthSettings.Mode, "v1", StringComparison.OrdinalIgnoreCase))
{
tokenCache = new Microsoft.IdentityModel.Clients.ActiveDirectory.TokenCache();
}
else if (string.Equals(AuthSettings.Mode, "v2", StringComparison.OrdinalIgnoreCase))
{
tokenCache = new Microsoft.Identity.Client.TokenCache();
}
else if (string.Equals(AuthSettings.Mode, "b2c", StringComparison.OrdinalIgnoreCase))
{
}
// Get the resumption cookie
var resumptionCookie = UrlToken.Decode <ResumptionCookie>(state);
// Create the message that is send to conversation to resume the login flow
var message = resumptionCookie.GetMessage();
using (var scope = DialogModule.BeginLifetimeScope(Conversation.Container, message))
{
var client = scope.Resolve <IConnectorClient>();
AuthResult authResult = null;
if (string.Equals(AuthSettings.Mode, "v1", StringComparison.OrdinalIgnoreCase))
{
// Exchange the Auth code with Access token
var token = await AzureActiveDirectoryHelper.GetTokenByAuthCodeAsync(code, (Microsoft.IdentityModel.Clients.ActiveDirectory.TokenCache) tokenCache);
authResult = token;
}
else if (string.Equals(AuthSettings.Mode, "v2", StringComparison.OrdinalIgnoreCase))
{
//TODO: Scopes definition here
// Exchange the Auth code with Access token
var token = await AzureActiveDirectoryHelper.GetTokenByAuthCodeAsync(code, (Microsoft.Identity.Client.TokenCache) tokenCache, new string[] { "User.Read" });
authResult = token;
}
else if (string.Equals(AuthSettings.Mode, "b2c", StringComparison.OrdinalIgnoreCase))
{
}
var reply = await Conversation.ResumeAsync(resumptionCookie, message);
var data = await client.Bots.GetPerUserConversationDataAsync(resumptionCookie.BotId, resumptionCookie.ConversationId, resumptionCookie.UserId);
reply.SetBotUserData(ContextConstants.AuthResultKey, authResult);
int magicNumber = GenerateRandomNumber();
reply.SetBotUserData(ContextConstants.MagicNumberKey, magicNumber);
reply.SetBotUserData(ContextConstants.MagicNumberValidated, "false");
//data.SetProperty(ContextConstants.AuthResultKey, authResult);
//data.SetProperty(ContextConstants.MagicNumberKey, magicNumber);
//data.SetProperty(ContextConstants.MagicNumberValidated, "false");
//await client.Bots.SetUserDataAsync(resumptionCookie.BotId, resumptionCookie.UserId, data);
reply.To = message.From;
reply.From = message.To;
await client.Messages.SendMessageAsync(reply);
var resp = new HttpResponseMessage(HttpStatusCode.OK);
resp.Content = new StringContent($"<html><body>Almost done! Please copy this number and paste it back to your chat so your authentication can complete: {magicNumber}.</body></html>", System.Text.Encoding.UTF8, @"text/html");
return(resp);
}
}
catch (Exception ex)
{
// Callback is called with no pending message as a result the login flow cannot be resumed.
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, new InvalidOperationException("Cannot resume!")));
}
}
public async Task <HttpResponseMessage> OAuthCallback([FromUri] string code, [FromUri] string state, CancellationToken cancellationToken)
{
try
{
object tokenCache = null;
if (string.Equals(AuthSettings.Mode, "v1", StringComparison.OrdinalIgnoreCase))
{
tokenCache = new Microsoft.IdentityModel.Clients.ActiveDirectory.TokenCache();
}
else if (string.Equals(AuthSettings.Mode, "v2", StringComparison.OrdinalIgnoreCase))
{
tokenCache = new Microsoft.Identity.Client.TokenCache();
}
else if (string.Equals(AuthSettings.Mode, "b2c", StringComparison.OrdinalIgnoreCase))
{
}
// Get the resumption cookie
var resumptionCookie = UrlToken.Decode <ResumptionCookie>(state);
// Create the message that is send to conversation to resume the login flow
var message = resumptionCookie.GetMessage();
using (var scope = DialogModule.BeginLifetimeScope(Conversation.Container, message))
{
var client = scope.Resolve <IConnectorClient>();
AuthResult authResult = null;
if (string.Equals(AuthSettings.Mode, "v1", StringComparison.OrdinalIgnoreCase))
{
// Exchange the Auth code with Access token
var token = await AzureActiveDirectoryHelper.GetTokenByAuthCodeAsync(code, (Microsoft.IdentityModel.Clients.ActiveDirectory.TokenCache) tokenCache);
authResult = token;
}
else if (string.Equals(AuthSettings.Mode, "v2", StringComparison.OrdinalIgnoreCase))
{
// Exchange the Auth code with Access token
var token = await AzureActiveDirectoryHelper.GetTokenByAuthCodeAsync(code, (Microsoft.Identity.Client.TokenCache) tokenCache, Models.AuthSettings.Scopes);
authResult = token;
}
else if (string.Equals(AuthSettings.Mode, "b2c", StringComparison.OrdinalIgnoreCase))
{
}
IStateClient sc = scope.Resolve <IStateClient>();
//IMPORTANT: DO NOT REMOVE THE MAGIC NUMBER CHECK THAT WE DO HERE. THIS IS AN ABSOLUTE SECURITY REQUIREMENT
//REMOVING THIS WILL REMOVE YOUR BOT AND YOUR USERS TO SECURITY VULNERABILITIES.
//MAKE SURE YOU UNDERSTAND THE ATTACK VECTORS AND WHY THIS IS IN PLACE.
var dataBag = scope.Resolve <IBotData>();
await dataBag.LoadAsync(cancellationToken);
int magicNumber = GenerateRandomNumber();
dataBag.UserData.SetValue(ContextConstants.AuthResultKey, authResult);
dataBag.UserData.SetValue(ContextConstants.MagicNumberKey, magicNumber);
dataBag.UserData.SetValue(ContextConstants.MagicNumberValidated, "false");
await dataBag.FlushAsync(cancellationToken);
await Conversation.ResumeAsync(resumptionCookie, message);
var resp = new HttpResponseMessage(HttpStatusCode.OK);
resp.Content = new StringContent($"<html><body>Almost done! Please copy this number and paste it back to your chat so your authentication can complete: {magicNumber}.</body></html>", System.Text.Encoding.UTF8, @"text/html");
return(resp);
}
}
catch (Exception ex)
{
// Callback is called with no pending message as a result the login flow cannot be resumed.
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ex));
}
}
