public async Task <IActionResult> Index()
{
string content = "";
var confidentialClientApplication = ConfidentialClientApplicationBuilder.Create(_options.ClientId)
.WithClientSecret(_options.ClientSecret)
.WithB2CAuthority(_options.Authority)
.WithRedirectUri(_options.RedirectUri)
.Build();
var userId = HttpContext.User.FindFirst(ClaimTypes.NameIdentifier).Value;
var tokenCache = new SessionTokenCache(HttpContext, userId);
tokenCache.Initialize(confidentialClientApplication.UserTokenCache);
var accounts = await confidentialClientApplication.GetAccountsAsync();
var account = accounts.FirstOrDefault();
var authenticationResult = await confidentialClientApplication.AcquireTokenSilent(_options.ApiScopes.Split(' '), account)
.ExecuteAsync();
using (var request = new HttpRequestMessage(HttpMethod.Get, _options.ApiUrl))
{
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", authenticationResult.AccessToken);
using (var response = await _client.SendAsync(request))
{
if (response.StatusCode == HttpStatusCode.OK)
{
content = await response.Content.ReadAsStringAsync();
}
else
{
content = "Error";
}
}
}
ViewData["Content"] = $"{content}";
return(View());
}
public void GetAuthorizationRequestUrlCustomRedirectUriTest()
{
using (var httpManager = new MockHttpManager())
{
httpManager.AddInstanceDiscoveryMockHandler();
var app = ConfidentialClientApplicationBuilder.Create(TestConstants.ClientId)
.WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true)
.WithRedirectUri(TestConstants.RedirectUri)
.WithClientSecret(TestConstants.ClientSecret)
.WithHttpManager(httpManager)
.BuildConcrete();
var appCacheAccess = app.AppTokenCache.RecordAccess();
var userCacheAccess = app.UserTokenCache.RecordAccess();
httpManager.AddMockHandlerForTenantEndpointDiscovery(TestConstants.AuthorityGuestTenant);
const string CustomRedirectUri = "custom://redirect-uri";
Task <Uri> task = app
.GetAuthorizationRequestUrl(TestConstants.s_scope)
.WithRedirectUri(CustomRedirectUri)
.WithLoginHint(TestConstants.DisplayableId)
.WithExtraQueryParameters("extra=qp")
.WithExtraScopesToConsent(TestConstants.s_scopeForAnotherResource)
.WithAuthority(TestConstants.AuthorityGuestTenant)
.ExecuteAsync(CancellationToken.None);
var uri = task.Result;
Assert.IsNotNull(uri);
appCacheAccess.AssertAccessCounts(0, 0);
userCacheAccess.AssertAccessCounts(0, 0);
Assert.IsTrue(
uri.AbsoluteUri.StartsWith(TestConstants.AuthorityGuestTenant, StringComparison.CurrentCulture));
Dictionary <string, string> qp = CoreHelpers.ParseKeyValueList(uri.Query.Substring(1), '&', true, null);
ValidateCommonQueryParams(qp, CustomRedirectUri);
Assert.AreEqual("offline_access openid profile r1/scope1 r1/scope2 r2/scope1 r2/scope2", qp["scope"]);
Assert.IsFalse(qp.ContainsKey("client_secret"));
Assert.AreEqual("qp", qp["extra"]);
}
}
public async Task ConfidentialClientWithRSACertificateTestAsync()
{
AuthenticationResult authResult;
IConfidentialClientApplication confidentialApp;
X509Certificate2 cert = GetCertificate(true);
confidentialApp = ConfidentialClientApplicationBuilder
.Create(PublicCloudConfidentialClientID)
.WithCertificate(cert)
.Build();
var appCacheRecorder = confidentialApp.AppTokenCache.RecordAccess();
authResult = await confidentialApp
.AcquireTokenForClient(s_keyvaultScope)
.WithAuthority(PublicCloudTestAuthority, true) // authority can also be specified at request level
.ExecuteAsync(CancellationToken.None)
.ConfigureAwait(false);
MsalAssert.AssertAuthResult(authResult);
appCacheRecorder.AssertAccessCounts(1, 1);
Assert.AreEqual(TokenSource.IdentityProvider, authResult.AuthenticationResultMetadata.TokenSource);
Assert.IsTrue(appCacheRecorder.LastAfterAccessNotificationArgs.IsApplicationCache);
Assert.AreEqual(
GetExpectedCacheKey(PublicCloudConfidentialClientID, Authority.CreateAuthority(PublicCloudTestAuthority, false).TenantId),
appCacheRecorder.LastAfterAccessNotificationArgs.SuggestedCacheKey);
// Call again to ensure token cache is hit
authResult = await confidentialApp
.AcquireTokenForClient(s_keyvaultScope)
.WithAuthority(PublicCloudTestAuthority, true) // authority can also be specified at request level
.ExecuteAsync(CancellationToken.None)
.ConfigureAwait(false);
MsalAssert.AssertAuthResult(authResult);
appCacheRecorder.AssertAccessCounts(2, 1);
Assert.AreEqual(TokenSource.Cache, authResult.AuthenticationResultMetadata.TokenSource);
Assert.IsTrue(appCacheRecorder.LastAfterAccessNotificationArgs.IsApplicationCache);
Assert.AreEqual(
GetExpectedCacheKey(PublicCloudConfidentialClientID, Authority.CreateAuthority(PublicCloudTestAuthority, false).TenantId),
appCacheRecorder.LastAfterAccessNotificationArgs.SuggestedCacheKey);
}
public override void Configure(IFunctionsHostBuilder builder)
{
_ = builder ?? throw new ArgumentNullException(nameof(builder));
var configuration = new ConfigurationBuilder()
.SetBasePath(Environment.CurrentDirectory)
.AddJsonFile("local.settings.json", optional: true, reloadOnChange: true)
.AddEnvironmentVariables()
.Build();
builder.Services.AddLogging();
builder.Services.AddTokenValidatorDependencies(configuration);
builder.Services.AddSingleton <IJsonTextSerializer, JsonTextSerializer>();
builder.Services.Configure <StorageConfiguration>(tvc => configuration.Bind("StorageConfiguration", tvc));
builder.Services.AddScoped(typeof(IDataRepository <>), typeof(DataRepository <>));
builder.Services.AddSingleton <AbstractApplicationBuilder <ConfidentialClientApplicationBuilder>, ConfidentialClientApplicationBuilder>((sp) =>
{
var options = sp.GetRequiredService <IOptions <TokenCreatorConfiguration> >();
var tokenCreatorConfiguration = options.Value;
return(ConfidentialClientApplicationBuilder
.Create(tokenCreatorConfiguration.ClientId)
.WithClientSecret(tokenCreatorConfiguration.ClientSecret)
.WithAuthority(AzureCloudInstance.AzurePublic, tokenCreatorConfiguration.TenantId));
});
builder.Services.AddSingleton <AbstractApplicationBuilder <PublicClientApplicationBuilder>, PublicClientApplicationBuilder>((sp) =>
{
var options = sp.GetRequiredService <IOptions <TokenCreatorConfiguration> >();
var tokenCreatorConfiguration = options.Value;
return(PublicClientApplicationBuilder
.Create(tokenCreatorConfiguration.ClientId)
.WithAuthority(AzureCloudInstance.AzurePublic, tokenCreatorConfiguration.TenantId));
});
builder.Services.AddTokenCreatorDependencies(configuration);
builder.Services.AddSingleton <IMicrosoftGraphRepository, MicrosoftGraphRepository>();
}
protected override async ValueTask <IConfidentialClientApplication> CreateClientAsync(bool async, CancellationToken cancellationToken)
{
ConfidentialClientApplicationBuilder confClientBuilder = ConfidentialClientApplicationBuilder.Create(ClientId)
.WithAuthority(Pipeline.AuthorityHost.AbsoluteUri, TenantId)
.WithHttpClientFactory(new HttpPipelineClientFactory(Pipeline.HttpPipeline))
.WithLogging(LogMsal, enablePiiLogging: IsPiiLoggingEnabled);
if (_clientSecret != null)
{
confClientBuilder.WithClientSecret(_clientSecret);
}
if (_assertionCallback != null)
{
confClientBuilder.WithClientAssertion(_assertionCallback);
}
if (_asyncAssertionCallback != null)
{
confClientBuilder.WithClientAssertion(_asyncAssertionCallback);
}
if (_certificateProvider != null)
{
X509Certificate2 clientCertificate = await _certificateProvider.GetCertificateAsync(async, cancellationToken).ConfigureAwait(false);
confClientBuilder.WithCertificate(clientCertificate);
}
if (RegionalAuthority.HasValue)
{
confClientBuilder.WithAzureRegion(RegionalAuthority.Value.ToString());
}
if (!string.IsNullOrEmpty(RedirectUrl))
{
confClientBuilder.WithRedirectUri(RedirectUrl);
}
return(confClientBuilder.Build());
}
[Ignore] // This B2C scenario needs some rethinking
public async Task AuthorizationCodeRequestTestAsync()
{
using (var httpManager = new MockHttpManager())
{
var app = ConfidentialClientApplicationBuilder
.Create(TestConstants.ClientId)
.WithAuthority(new Uri("https://" + TestConstants.ProductionPrefNetworkEnvironment + "/tfp/home/policy"), true)
.WithRedirectUri(TestConstants.RedirectUri)
.WithClientSecret("secret")
.WithHttpManager(httpManager)
.BuildConcrete();
app.UserTokenCache.SetBeforeAccess(BeforeCacheAccess);
app.UserTokenCache.SetAfterAccess(AfterCacheAccess);
httpManager.AddSuccessTokenResponseMockHandlerForPost("https://" + TestConstants.ProductionPrefNetworkEnvironment + "/tfp/home/policy/");
var result = await app
.AcquireTokenByAuthorizationCode(TestConstants.s_scope, "some-code")
.ExecuteAsync(CancellationToken.None)
.ConfigureAwait(false);
Assert.IsNotNull(result);
Assert.AreEqual(1, app.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count());
Assert.AreEqual(1, app.UserTokenCacheInternal.Accessor.GetAllRefreshTokens().Count());
app = ConfidentialClientApplicationBuilder.Create(TestConstants.ClientId)
.WithAuthority(new Uri("https://" + TestConstants.ProductionPrefNetworkEnvironment + "/tfp/home/policy"), true)
.WithRedirectUri(TestConstants.RedirectUri)
.WithClientSecret("secret")
.WithHttpManager(httpManager)
.BuildConcrete();
app.UserTokenCache.SetBeforeAccess(BeforeCacheAccess);
app.UserTokenCache.SetAfterAccess(AfterCacheAccess);
IEnumerable <IAccount> users = await app.GetAccountsAsync().ConfigureAwait(false);
Assert.AreEqual(1, users.Count());
}
}
public void TestConstructor()
{
var cca = ConfidentialClientApplicationBuilder.Create(TestConstants.ClientId)
.WithClientSecret("cats")
.Build();
Assert.AreEqual(TestConstants.ClientId, cca.AppConfig.ClientId);
Assert.IsNotNull(cca.UserTokenCache);
// Validate Defaults
Assert.AreEqual(LogLevel.Info, cca.AppConfig.LogLevel);
Assert.AreEqual(TestConstants.ClientId, cca.AppConfig.ClientId);
Assert.IsNotNull(cca.AppConfig.ClientName);
Assert.IsNotNull(cca.AppConfig.ClientVersion);
Assert.AreEqual(false, cca.AppConfig.EnablePiiLogging);
Assert.IsNull(cca.AppConfig.HttpClientFactory);
Assert.AreEqual(false, cca.AppConfig.IsDefaultPlatformLoggingEnabled);
Assert.IsNull(cca.AppConfig.LoggingCallback);
Assert.AreEqual(Constants.DefaultConfidentialClientRedirectUri, cca.AppConfig.RedirectUri);
Assert.AreEqual(null, cca.AppConfig.TenantId);
}
//Graph client for App access with bearer tokens
static public async Task <GraphServiceClient> CreateGraphClient()
{
var authority = $"https://login.microsoftonline.com/{tenantId}";
var app = ConfidentialClientApplicationBuilder.Create(clientID)
.WithClientSecret(clientSecret)
.WithAuthority(new Uri(authority))
.Build();
var scopes = new[] { "https://graph.microsoft.com/.default" };
var authenticationResult = await app.AcquireTokenForClient(scopes).ExecuteAsync();
var graphClient = new GraphServiceClient(
new DelegateAuthenticationProvider(requestMessage =>
{
requestMessage.Headers.Authorization =
new AuthenticationHeaderValue("bearer", authenticationResult.AccessToken);
return(Task.FromResult(0));
}));
return(graphClient);
}
/// <summary>
/// Configure Graph Component.
/// </summary>
/// <param name="services">IServiceCollection .</param>
/// <param name="configuration">IConfiguration .</param>
/// <returns>..</returns>
public static IServiceCollection ConfigureGraphComponent(this IServiceCollection services, Action <AzureAdOptions> azureAdOptionsAction)
{
var options = new AzureAdOptions();
azureAdOptionsAction(options);
IConfidentialClientApplication confidentialClientApplication = ConfidentialClientApplicationBuilder
.Create(options.ClientId)
.WithTenantId(options.TenantId)
.WithClientSecret(options.ClientSecret)
.Build();
ClientCredentialProvider authenticationProvider = new ClientCredentialProvider(confidentialClientApplication);
services.AddScoped <IGraphServiceClient, GraphServiceClient>(sp =>
{
return(new GraphServiceClient(authenticationProvider));
});
return(services);
}
public async Task ConfidentialClientWithNoDefaultClaimsTestAsync()
{
var confidentialClientAuthority = PublicCloudTestAuthority;
var claims = GetClaims();
X509Certificate2 cert = GetCertificate();
var confidentialApp = ConfidentialClientApplicationBuilder
.Create(PublicCloudConfidentialClientID)
.WithAuthority(new Uri(confidentialClientAuthority), true)
.WithClientClaims(cert, claims, false)
.Build();
var authResult = await confidentialApp.AcquireTokenForClient(s_keyvaultScope)
.ExecuteAsync(CancellationToken.None)
.ConfigureAwait(false);
ValidateClaimsInAssertion(claims, ((ConfidentialClientApplication)confidentialApp).ClientCredential.CachedAssertion);
MsalAssert.AssertAuthResult(authResult);
}
public async Task ClientCreds_WithClientSecret_Adfs_Async()
{
SecretBundle secret = _keyVault.GetSecret(Adfs2019LabConstants.ADFS2019ClientSecretURL);
ConfidentialClientApplication msalConfidentialClient = ConfidentialClientApplicationBuilder.Create(Adfs2019LabConstants.ConfidentialClientId)
.WithAdfsAuthority(Adfs2019LabConstants.Authority, true)
.WithRedirectUri(Adfs2019LabConstants.ClientRedirectUri)
.WithClientSecret(secret.Value)
.WithTestLogging()
.BuildConcrete();
AuthenticationResult authResult = await msalConfidentialClient
.AcquireTokenForClient(s_adfsScopes)
.ExecuteAsync()
.ConfigureAwait(false);
Assert.IsNotNull(authResult);
Assert.AreEqual(TokenSource.IdentityProvider, authResult.AuthenticationResultMetadata.TokenSource);
Assert.IsNotNull(authResult.AccessToken);
Assert.IsNull(authResult.IdToken);
}
private static IAuthenticationProvider CreateAuthorizationProvider()
{
var clientId = System.Environment.GetEnvironmentVariable("AzureADAppClientId", EnvironmentVariableTarget.Process);
var clientSecret = System.Environment.GetEnvironmentVariable("AzureADAppClientSecret", EnvironmentVariableTarget.Process);
var redirectUri = System.Environment.GetEnvironmentVariable("AzureADAppRedirectUri", EnvironmentVariableTarget.Process);
var tenantId = System.Environment.GetEnvironmentVariable("AzureADAppTenantId", EnvironmentVariableTarget.Process);
var authority = $"https://login.microsoftonline.com/{tenantId}/v2.0";
//this specific scope means that application will default to what is defined in the application registration rather than using dynamic scopes
List <string> scopes = new List <string>();
scopes.Add("https://graph.microsoft.com/.default");
var cca = ConfidentialClientApplicationBuilder.Create(clientId)
.WithAuthority(authority)
.WithRedirectUri(redirectUri)
.WithClientSecret(clientSecret)
.Build();
return(new MsalAuthenticationProvider(cca, scopes.ToArray()));
}
public async Task <string> GetGraphToken(string tenantId)
{
try
{
IConfidentialClientApplication daemonClient;
daemonClient = ConfidentialClientApplicationBuilder.Create("b6be2ec6-eb67-4422-8d57-e673f0cfdfe8")
.WithAuthority(string.Format(authorityFormat, tenantId))
.WithRedirectUri("https://localhost:44336/")
.WithClientSecret("7GUBnA7Gn5gan4/DEFH_G=Thu/3B..VB")
.Build();
AuthenticationResult authResult = await daemonClient.AcquireTokenForClient(new[] { msGraphScope })
.ExecuteAsync();
return(authResult.AccessToken);
}
catch
{
return(null);
}
}
/// <summary>
/// Creates an <see cref="AzureActiveDirectoryTokenProvider"/> using a client secret. If no client secret is provided <see cref="DefaultAzureCredential"/> is used.
/// </summary>
/// <param name="clientSecret">The client secret to use to authenticate with Azure AD</param>
/// <param name="authority">A URL that indicates a directory that MSAL can request tokens from. For example, https://login.microsoftonline.com/{AzureADTenantID}/</param>
/// <returns><see cref="AzureActiveDirectoryTokenProvider"/></returns>
public AzureActiveDirectoryTokenProvider WithSecret(string clientSecret, string authority, Action <DefaultAzureCredentialOptions> optBuilder = null)
{
AzureActiveDirectoryTokenProvider.AuthenticationCallback authCallback = async(audience, authority, state) =>
{
if (string.IsNullOrWhiteSpace(clientSecret))
{
return((await GetTokenFromDefaultAzureCredential(optBuilder)).Token);
}
IConfidentialClientApplication app = ConfidentialClientApplicationBuilder.Create(_clientId)
.WithAuthority(authority)
.WithClientSecret(clientSecret)
.Build();
var authResult = await app.AcquireTokenForClient(_requestContext.Scopes).ExecuteAsync();
return(authResult.AccessToken);
};
return(new AzureActiveDirectoryTokenProvider(authCallback, authority ?? "", null));
}
public static IConfidentialClientApplication BuildConfidentialClientApplication(string clientId, string clientSecret, string redirectUri, string authority)
{
if (_cca == null)
{
_cca = ConfidentialClientApplicationBuilder.Create(clientId)
.WithClientSecret(clientSecret)
.WithRedirectUri(redirectUri)
.WithAuthority(new Uri(authority))
.Build();
_cca.AddDistributedTokenCache(services =>
{
services.AddDistributedMemoryCache();
services.Configure <MsalDistributedTokenCacheAdapterOptions>(o =>
{
o.Encrypt = true;
});
});
}
return(_cca);
}
/// <summary>Initializes a new instance of the <see cref="MSGraphService"/> class.</summary>
/// <param name="options">The web option value.</param>
public AutomatedGraphClient(IOptions <AutomatedGraphClientOptions> options)
{
// impersonating
//IConfidentialClientApplication confidentialClientApplication = ConfidentialClientApplicationBuilder
// .CreateWithApplicationOptions(applicationOptions)
// .WithRedirectUri(currentUri)
// .WithB2CAuthority(authority)
// .Build();
IConfidentialClientApplication confidentialClientApplication = ConfidentialClientApplicationBuilder
.Create(options.Value.ClientId)
.WithTenantId(options.Value.TenantId)
.WithClientSecret(options.Value.ClientSecret)
.Build();
ClientCredentialProvider authProvider = new ClientCredentialProvider(confidentialClientApplication);
// Set up the Microsoft Graph service client with client credentials
_graphServiceClient = new GraphServiceClient(authProvider);
_automatedGraphClientOptions = options.Value;
}
/// <summary>
/// Generate Token
/// </summary>
/// <param name="clientId"></param>
/// <returns></returns>
private static async Task <string> GenerateToken(string clientId)
{
if (B2cConfig.IsRunningOnLocalMachine)
{
//Generate token locally and pass it in appsettings.json
return(B2cConfig.LocalTestToken);
}
else
{
IConfidentialClientApplication app = ConfidentialClientApplicationBuilder
.Create(clientId)
.WithTenantId(B2cConfig.TenantId)
.WithAuthority($"{EssAuthConfig.MicrosoftOnlineLoginUrl}{B2cConfig.TenantId}", true)
.WithClientSecret(B2cConfig.ClientSecret)
.Build();
var scopes = new string[] { B2cConfig.Scope };
AuthenticationResult result = await app.AcquireTokenForClient(scopes).ExecuteAsync();
return(result.AccessToken);
}
}
public async Task <string> GetAuthToken(string[] scopes = default, TenantConfiguration tenantConfiguration = default)
{
if (Mode == RecordedTestMode.Playback)
{
return("auth token");
}
tenantConfiguration ??= Tenants.TestConfigOAuth;
IConfidentialClientApplication application = ConfidentialClientApplicationBuilder.Create(tenantConfiguration.ActiveDirectoryApplicationId)
.WithAuthority(AzureCloudInstance.AzurePublic, tenantConfiguration.ActiveDirectoryTenantId)
.WithClientSecret(tenantConfiguration.ActiveDirectoryApplicationSecret)
.Build();
scopes ??= new string[] { "https://storage.azure.com/.default" };
AcquireTokenForClientParameterBuilder result = application.AcquireTokenForClient(scopes);
AuthenticationResult authenticationResult = await result.ExecuteAsync();
return(authenticationResult.AccessToken);
}
public void GlobalSetup()
{
var cca = ConfidentialClientApplicationBuilder
.Create(TestConstants.ClientId)
.WithAuthority(new Uri(TestConstants.AuthorityTestTenant))
.WithRedirectUri(TestConstants.RedirectUri)
.WithClientSecret(TestConstants.ClientSecret)
.BuildConcrete();
var inMemoryTokenCache = new InMemoryTokenCache();
inMemoryTokenCache.Bind(cca.AppTokenCache);
TokenCacheHelper tokenCacheHelper = new TokenCacheHelper();
tokenCacheHelper.PopulateCacheForClientCredential(cca.AppTokenCacheInternal.Accessor, TokenCacheSize);
_acquireTokenForClientBuilder = cca
.AcquireTokenForClient(TestConstants.s_scope)
.WithForceRefresh(false);
}
static async Task Main(string[] args)
{
var confidentialClientApplication = ConfidentialClientApplicationBuilder
.Create("YOUR_CLIENT_ID")
.WithTenantId("YOUR_TENANT_ID")
.WithClientSecret("YOUR_APP_SECRET")
.Build();
var clientCredentialProvider =
new ClientCredentialProvider(confidentialClientApplication);
var graphServiceClient =
new GraphServiceClient(clientCredentialProvider);
var users = await graphServiceClient.Users.Request().Filter("displayName eq 'Hassan Habib'").GetAsync();
foreach (var user in users)
{
Console.WriteLine(user.DisplayName);
}
}
public GameStart(IConfiguration configuration, IAdaptiveTemplateLoader loader, Dictionary <string, string> convos)
{
_appId = configuration["MicrosoftAppId"];
_appPassword = configuration["MicrosoftAppPassword"];
AppCredentials.TrustServiceUrl("https://smba.trafficmanager.net/amer/");
this.client = new ConnectorClient(new Uri("https://smba.trafficmanager.net/amer/"), microsoftAppId: this._appId, microsoftAppPassword: this._appPassword);
IConfidentialClientApplication confidentialClientApplication = ConfidentialClientApplicationBuilder
.Create(this._appId)
.WithTenantId("72f988bf-86f1-41af-91ab-2d7cd011db47")
.WithClientSecret(this._appPassword)
.Build();
ClientCredentialProvider authProvider = new ClientCredentialProvider(confidentialClientApplication);
this.graphClient = new GraphServiceClient(authProvider);
this.convos = convos;
this.gameStartTemplate = loader.InitializeAdaptiveTemplate("MatchStart.json");
this.gameUpdateTemplate = loader.InitializeAdaptiveTemplate("MatchUpdate.json");
}
public Worker(ILogger <Worker> logger,
IHttpClientFactory http,
IConfiguration config,
IOptions <AzureAdOptions> azureAdConfig)
{
_logger = logger;
_http = http;
_usersApiBaseUrl = config.GetValue <string>("Services:UsersApiUrl");
var co = new ConfidentialClientApplicationOptions
{
Instance = "https://login.microsoftonline.com/",
TenantId = "6b9be1b6-4f80-4ce7-8479-16c4d7726470",
ClientId = azureAdConfig.Value.ClientId,
ClientSecret = azureAdConfig.Value.ClientSecret
};
//todo configure cache
_clientApplication = ConfidentialClientApplicationBuilder.CreateWithApplicationOptions(co)
.Build();
}
public async Task ConfidentialClientWithCertificateTestAsync()
{
AuthenticationResult authResult;
IConfidentialClientApplication confidentialApp;
X509Certificate2 cert = GetCertificate();
var confidentialClientAuthority = "https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47";
confidentialApp = ConfidentialClientApplicationBuilder
.Create(ConfidentialClientID)
.WithAuthority(new Uri(confidentialClientAuthority), true)
.WithCertificate(cert)
.Build();
authResult = await confidentialApp
.AcquireTokenForClient(s_keyvaultScope)
.ExecuteAsync(CancellationToken.None)
.ConfigureAwait(false);
MsalAssert.AssertAuthResult(authResult);
}
public async Task AcquireTokenToRegionalEndpointAsync()
{
// Arrange
var factory = new HttpSnifferClientFactory();
_confidentialClientApplication = ConfidentialClientApplicationBuilder.Create(PublicCloudConfidentialClientID)
.WithClientAssertion(GetSignedClientAssertionUsingMsalInternal(PublicCloudConfidentialClientID, GetClaims()))
//.WithClientSecret(_keyVault.GetSecret(TestConstants.MsalCCAKeyVaultUri).Value) //use the client secret in case of cert errors
.WithAuthority(PublicCloudTestAuthority)
.WithTestLogging()
.WithExperimentalFeatures(true)
.WithHttpClientFactory(factory)
.Build();
Environment.SetEnvironmentVariable(TestConstants.RegionName, TestConstants.Region);
AuthenticationResult result = await GetAuthenticationResultAsync().ConfigureAwait(false); // regional endpoint
AssertTokenSource_IsIdP(result);
AssertValidHost(true, factory);
AssertTelemetry(factory, "2|1004,0|centralus,1,0,,");
}
public GraphSender(
string GraphEmailAppId,
string GraphEmailTenantId,
string GraphEmailSecret,
bool SaveSentItems)
{
_appId = GraphEmailAppId;
_tenantId = GraphEmailTenantId;
_graphSecret = GraphEmailSecret;
_saveSent = SaveSentItems;
_clientApp = ConfidentialClientApplicationBuilder
.Create(_appId)
.WithTenantId(_tenantId)
.WithClientSecret(_graphSecret)
.Build();
_authProvider = new ClientCredentialProvider(_clientApp);
_graphClient = new GraphServiceClient(_authProvider);
}
public static async Task <GraphService> CreateOnBehalfOfUserAsync(string userToken, IConfiguration configuration)
{
var clientApp = ConfidentialClientApplicationBuilder
.Create(configuration["AzureAD:ClientId"])
.WithTenantId(configuration["AzureAD:TenantId"])
.WithClientSecret(configuration["AzureAD:ClientSecret"])
.Build();
var authResult = await clientApp
.AcquireTokenOnBehalfOf(new[] { "User.Read", "GroupMember.Read.All" }, new UserAssertion(userToken))
.ExecuteAsync();
GraphServiceClient graphClient = new GraphServiceClient(
"https://graph.microsoft.com/v1.0",
new DelegateAuthenticationProvider(async(requestMessage) =>
{
requestMessage.Headers.Authorization = new AuthenticationHeaderValue("bearer", authResult.AccessToken);
}));
return(new GraphService(graphClient));
}
async Task ClientCredentialsCertScenario()
{
X509Certificate2 certificate = GetCertificate();
var aadTokenProvider = TokenProvider.CreateAzureActiveDirectoryTokenProvider(async(audience, authority, state) =>
{
IConfidentialClientApplication app = ConfidentialClientApplicationBuilder.Create(ClientId)
.WithAuthority(authority)
.WithCertificate(certificate)
.Build();
var serviceBusAudience = new Uri("https://servicebus.azure.net");
AuthenticationResult authResult = await app.AcquireTokenForClient(new string[] { $"{serviceBusAudience}/.default" }).ExecuteAsync();
return(authResult.AccessToken);
}, $"https://login.windows.net/{TenantId}");
var qc = new QueueClient(new Uri($"sb://{ServiceBusNamespace}/").ToString(), QueueName, aadTokenProvider);
await SendReceiveAsync(qc);
}
public async Task ClientCreds_WithCertificate_Adfs_Async()
{
var cert = await _keyVault.GetCertificateWithPrivateMaterialAsync(AdfsCertName)
.ConfigureAwait(false);
ConfidentialClientApplication msalConfidentialClient = ConfidentialClientApplicationBuilder.Create(Adfs2019LabConstants.ConfidentialClientId)
.WithAdfsAuthority(Adfs2019LabConstants.Authority, true)
.WithRedirectUri(Adfs2019LabConstants.ClientRedirectUri)
.WithTestLogging()
.WithCertificate(cert)
.BuildConcrete();
AuthenticationResult authResult = await msalConfidentialClient
.AcquireTokenForClient(s_adfsScopes)
.ExecuteAsync()
.ConfigureAwait(false);
Assert.IsNotNull(authResult);
Assert.IsNotNull(authResult.AccessToken);
Assert.IsNull(authResult.IdToken);
}
public async Task <IActionResult> CallbackAsync(string code, string error, [FromQuery(Name = "error_description")] string description, string resource, string state)
{
// アクセス トークンを取得します
var clientApplicationOptions = new ConfidentialClientApplicationOptions()
{
TenantId = GraphTenantId,
ClientId = GraphClientId,
ClientSecret = GraphClientSecret,
RedirectUri = RedirectUrl
};
var clientApplicationBuilder = ConfidentialClientApplicationBuilder.CreateWithApplicationOptions(clientApplicationOptions);
var clientApplication = clientApplicationBuilder.Build();
var authenticationResult = await clientApplication.AcquireTokenByAuthorizationCode(GraphScope, code).ExecuteAsync();
// アクセス トークンをセッションに格納します
var accessToken = authenticationResult.AccessToken;
this.HttpContext.Session.Set("access_token", Encoding.UTF8.GetBytes(accessToken));
return(this.RedirectToAction("Index", "Home"));
}
private static async Task RunAsync()
{
IConfidentialClientApplication app = ConfidentialClientApplicationBuilder.Create("eb0f6102-***************************")
.WithClientSecret("f_x43************************************")
.WithAuthority(new Uri("https://login.microsoftonline.com/834bd397-***************************"))
.Build();
string[] resources = new string[] { "api://811da938--***************************/.default" };
AuthenticationResult result = await app.AcquireTokenForClient(resources).ExecuteAsync();
Console.WriteLine("Token acquired: " + result.AccessToken);
var httpClient = new HttpClient();
var t = "Bearer " + result.AccessToken;
httpClient.DefaultRequestHeaders.Add("Authorization", t);
HttpResponseMessage response = await httpClient.GetAsync("http://localhost:5000/WeatherForecast");
Console.WriteLine(await response.Content.ReadAsStringAsync());
}
