public async Task <IActionResult> Index() { string content = ""; var confidentialClientApplication = ConfidentialClientApplicationBuilder.Create(_options.ClientId) .WithClientSecret(_options.ClientSecret) .WithB2CAuthority(_options.Authority) .WithRedirectUri(_options.RedirectUri) .Build(); var userId = HttpContext.User.FindFirst(ClaimTypes.NameIdentifier).Value; var tokenCache = new SessionTokenCache(HttpContext, userId); tokenCache.Initialize(confidentialClientApplication.UserTokenCache); var accounts = await confidentialClientApplication.GetAccountsAsync(); var account = accounts.FirstOrDefault(); var authenticationResult = await confidentialClientApplication.AcquireTokenSilent(_options.ApiScopes.Split(' '), account) .ExecuteAsync(); using (var request = new HttpRequestMessage(HttpMethod.Get, _options.ApiUrl)) { request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", authenticationResult.AccessToken); using (var response = await _client.SendAsync(request)) { if (response.StatusCode == HttpStatusCode.OK) { content = await response.Content.ReadAsStringAsync(); } else { content = "Error"; } } } ViewData["Content"] = $"{content}"; return(View()); }
public void GetAuthorizationRequestUrlCustomRedirectUriTest() { using (var httpManager = new MockHttpManager()) { httpManager.AddInstanceDiscoveryMockHandler(); var app = ConfidentialClientApplicationBuilder.Create(TestConstants.ClientId) .WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true) .WithRedirectUri(TestConstants.RedirectUri) .WithClientSecret(TestConstants.ClientSecret) .WithHttpManager(httpManager) .BuildConcrete(); var appCacheAccess = app.AppTokenCache.RecordAccess(); var userCacheAccess = app.UserTokenCache.RecordAccess(); httpManager.AddMockHandlerForTenantEndpointDiscovery(TestConstants.AuthorityGuestTenant); const string CustomRedirectUri = "custom://redirect-uri"; Task <Uri> task = app .GetAuthorizationRequestUrl(TestConstants.s_scope) .WithRedirectUri(CustomRedirectUri) .WithLoginHint(TestConstants.DisplayableId) .WithExtraQueryParameters("extra=qp") .WithExtraScopesToConsent(TestConstants.s_scopeForAnotherResource) .WithAuthority(TestConstants.AuthorityGuestTenant) .ExecuteAsync(CancellationToken.None); var uri = task.Result; Assert.IsNotNull(uri); appCacheAccess.AssertAccessCounts(0, 0); userCacheAccess.AssertAccessCounts(0, 0); Assert.IsTrue( uri.AbsoluteUri.StartsWith(TestConstants.AuthorityGuestTenant, StringComparison.CurrentCulture)); Dictionary <string, string> qp = CoreHelpers.ParseKeyValueList(uri.Query.Substring(1), '&', true, null); ValidateCommonQueryParams(qp, CustomRedirectUri); Assert.AreEqual("offline_access openid profile r1/scope1 r1/scope2 r2/scope1 r2/scope2", qp["scope"]); Assert.IsFalse(qp.ContainsKey("client_secret")); Assert.AreEqual("qp", qp["extra"]); } }
public async Task ConfidentialClientWithRSACertificateTestAsync() { AuthenticationResult authResult; IConfidentialClientApplication confidentialApp; X509Certificate2 cert = GetCertificate(true); confidentialApp = ConfidentialClientApplicationBuilder .Create(PublicCloudConfidentialClientID) .WithCertificate(cert) .Build(); var appCacheRecorder = confidentialApp.AppTokenCache.RecordAccess(); authResult = await confidentialApp .AcquireTokenForClient(s_keyvaultScope) .WithAuthority(PublicCloudTestAuthority, true) // authority can also be specified at request level .ExecuteAsync(CancellationToken.None) .ConfigureAwait(false); MsalAssert.AssertAuthResult(authResult); appCacheRecorder.AssertAccessCounts(1, 1); Assert.AreEqual(TokenSource.IdentityProvider, authResult.AuthenticationResultMetadata.TokenSource); Assert.IsTrue(appCacheRecorder.LastAfterAccessNotificationArgs.IsApplicationCache); Assert.AreEqual( GetExpectedCacheKey(PublicCloudConfidentialClientID, Authority.CreateAuthority(PublicCloudTestAuthority, false).TenantId), appCacheRecorder.LastAfterAccessNotificationArgs.SuggestedCacheKey); // Call again to ensure token cache is hit authResult = await confidentialApp .AcquireTokenForClient(s_keyvaultScope) .WithAuthority(PublicCloudTestAuthority, true) // authority can also be specified at request level .ExecuteAsync(CancellationToken.None) .ConfigureAwait(false); MsalAssert.AssertAuthResult(authResult); appCacheRecorder.AssertAccessCounts(2, 1); Assert.AreEqual(TokenSource.Cache, authResult.AuthenticationResultMetadata.TokenSource); Assert.IsTrue(appCacheRecorder.LastAfterAccessNotificationArgs.IsApplicationCache); Assert.AreEqual( GetExpectedCacheKey(PublicCloudConfidentialClientID, Authority.CreateAuthority(PublicCloudTestAuthority, false).TenantId), appCacheRecorder.LastAfterAccessNotificationArgs.SuggestedCacheKey); }
public override void Configure(IFunctionsHostBuilder builder) { _ = builder ?? throw new ArgumentNullException(nameof(builder)); var configuration = new ConfigurationBuilder() .SetBasePath(Environment.CurrentDirectory) .AddJsonFile("local.settings.json", optional: true, reloadOnChange: true) .AddEnvironmentVariables() .Build(); builder.Services.AddLogging(); builder.Services.AddTokenValidatorDependencies(configuration); builder.Services.AddSingleton <IJsonTextSerializer, JsonTextSerializer>(); builder.Services.Configure <StorageConfiguration>(tvc => configuration.Bind("StorageConfiguration", tvc)); builder.Services.AddScoped(typeof(IDataRepository <>), typeof(DataRepository <>)); builder.Services.AddSingleton <AbstractApplicationBuilder <ConfidentialClientApplicationBuilder>, ConfidentialClientApplicationBuilder>((sp) => { var options = sp.GetRequiredService <IOptions <TokenCreatorConfiguration> >(); var tokenCreatorConfiguration = options.Value; return(ConfidentialClientApplicationBuilder .Create(tokenCreatorConfiguration.ClientId) .WithClientSecret(tokenCreatorConfiguration.ClientSecret) .WithAuthority(AzureCloudInstance.AzurePublic, tokenCreatorConfiguration.TenantId)); }); builder.Services.AddSingleton <AbstractApplicationBuilder <PublicClientApplicationBuilder>, PublicClientApplicationBuilder>((sp) => { var options = sp.GetRequiredService <IOptions <TokenCreatorConfiguration> >(); var tokenCreatorConfiguration = options.Value; return(PublicClientApplicationBuilder .Create(tokenCreatorConfiguration.ClientId) .WithAuthority(AzureCloudInstance.AzurePublic, tokenCreatorConfiguration.TenantId)); }); builder.Services.AddTokenCreatorDependencies(configuration); builder.Services.AddSingleton <IMicrosoftGraphRepository, MicrosoftGraphRepository>(); }
protected override async ValueTask <IConfidentialClientApplication> CreateClientAsync(bool async, CancellationToken cancellationToken) { ConfidentialClientApplicationBuilder confClientBuilder = ConfidentialClientApplicationBuilder.Create(ClientId) .WithAuthority(Pipeline.AuthorityHost.AbsoluteUri, TenantId) .WithHttpClientFactory(new HttpPipelineClientFactory(Pipeline.HttpPipeline)) .WithLogging(LogMsal, enablePiiLogging: IsPiiLoggingEnabled); if (_clientSecret != null) { confClientBuilder.WithClientSecret(_clientSecret); } if (_assertionCallback != null) { confClientBuilder.WithClientAssertion(_assertionCallback); } if (_asyncAssertionCallback != null) { confClientBuilder.WithClientAssertion(_asyncAssertionCallback); } if (_certificateProvider != null) { X509Certificate2 clientCertificate = await _certificateProvider.GetCertificateAsync(async, cancellationToken).ConfigureAwait(false); confClientBuilder.WithCertificate(clientCertificate); } if (RegionalAuthority.HasValue) { confClientBuilder.WithAzureRegion(RegionalAuthority.Value.ToString()); } if (!string.IsNullOrEmpty(RedirectUrl)) { confClientBuilder.WithRedirectUri(RedirectUrl); } return(confClientBuilder.Build()); }
[Ignore] // This B2C scenario needs some rethinking public async Task AuthorizationCodeRequestTestAsync() { using (var httpManager = new MockHttpManager()) { var app = ConfidentialClientApplicationBuilder .Create(TestConstants.ClientId) .WithAuthority(new Uri("https://" + TestConstants.ProductionPrefNetworkEnvironment + "/tfp/home/policy"), true) .WithRedirectUri(TestConstants.RedirectUri) .WithClientSecret("secret") .WithHttpManager(httpManager) .BuildConcrete(); app.UserTokenCache.SetBeforeAccess(BeforeCacheAccess); app.UserTokenCache.SetAfterAccess(AfterCacheAccess); httpManager.AddSuccessTokenResponseMockHandlerForPost("https://" + TestConstants.ProductionPrefNetworkEnvironment + "/tfp/home/policy/"); var result = await app .AcquireTokenByAuthorizationCode(TestConstants.s_scope, "some-code") .ExecuteAsync(CancellationToken.None) .ConfigureAwait(false); Assert.IsNotNull(result); Assert.AreEqual(1, app.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count()); Assert.AreEqual(1, app.UserTokenCacheInternal.Accessor.GetAllRefreshTokens().Count()); app = ConfidentialClientApplicationBuilder.Create(TestConstants.ClientId) .WithAuthority(new Uri("https://" + TestConstants.ProductionPrefNetworkEnvironment + "/tfp/home/policy"), true) .WithRedirectUri(TestConstants.RedirectUri) .WithClientSecret("secret") .WithHttpManager(httpManager) .BuildConcrete(); app.UserTokenCache.SetBeforeAccess(BeforeCacheAccess); app.UserTokenCache.SetAfterAccess(AfterCacheAccess); IEnumerable <IAccount> users = await app.GetAccountsAsync().ConfigureAwait(false); Assert.AreEqual(1, users.Count()); } }
public void TestConstructor() { var cca = ConfidentialClientApplicationBuilder.Create(TestConstants.ClientId) .WithClientSecret("cats") .Build(); Assert.AreEqual(TestConstants.ClientId, cca.AppConfig.ClientId); Assert.IsNotNull(cca.UserTokenCache); // Validate Defaults Assert.AreEqual(LogLevel.Info, cca.AppConfig.LogLevel); Assert.AreEqual(TestConstants.ClientId, cca.AppConfig.ClientId); Assert.IsNotNull(cca.AppConfig.ClientName); Assert.IsNotNull(cca.AppConfig.ClientVersion); Assert.AreEqual(false, cca.AppConfig.EnablePiiLogging); Assert.IsNull(cca.AppConfig.HttpClientFactory); Assert.AreEqual(false, cca.AppConfig.IsDefaultPlatformLoggingEnabled); Assert.IsNull(cca.AppConfig.LoggingCallback); Assert.AreEqual(Constants.DefaultConfidentialClientRedirectUri, cca.AppConfig.RedirectUri); Assert.AreEqual(null, cca.AppConfig.TenantId); }
//Graph client for App access with bearer tokens static public async Task <GraphServiceClient> CreateGraphClient() { var authority = $"https://login.microsoftonline.com/{tenantId}"; var app = ConfidentialClientApplicationBuilder.Create(clientID) .WithClientSecret(clientSecret) .WithAuthority(new Uri(authority)) .Build(); var scopes = new[] { "https://graph.microsoft.com/.default" }; var authenticationResult = await app.AcquireTokenForClient(scopes).ExecuteAsync(); var graphClient = new GraphServiceClient( new DelegateAuthenticationProvider(requestMessage => { requestMessage.Headers.Authorization = new AuthenticationHeaderValue("bearer", authenticationResult.AccessToken); return(Task.FromResult(0)); })); return(graphClient); }
/// <summary> /// Configure Graph Component. /// </summary> /// <param name="services">IServiceCollection .</param> /// <param name="configuration">IConfiguration .</param> /// <returns>..</returns> public static IServiceCollection ConfigureGraphComponent(this IServiceCollection services, Action <AzureAdOptions> azureAdOptionsAction) { var options = new AzureAdOptions(); azureAdOptionsAction(options); IConfidentialClientApplication confidentialClientApplication = ConfidentialClientApplicationBuilder .Create(options.ClientId) .WithTenantId(options.TenantId) .WithClientSecret(options.ClientSecret) .Build(); ClientCredentialProvider authenticationProvider = new ClientCredentialProvider(confidentialClientApplication); services.AddScoped <IGraphServiceClient, GraphServiceClient>(sp => { return(new GraphServiceClient(authenticationProvider)); }); return(services); }
public async Task ConfidentialClientWithNoDefaultClaimsTestAsync() { var confidentialClientAuthority = PublicCloudTestAuthority; var claims = GetClaims(); X509Certificate2 cert = GetCertificate(); var confidentialApp = ConfidentialClientApplicationBuilder .Create(PublicCloudConfidentialClientID) .WithAuthority(new Uri(confidentialClientAuthority), true) .WithClientClaims(cert, claims, false) .Build(); var authResult = await confidentialApp.AcquireTokenForClient(s_keyvaultScope) .ExecuteAsync(CancellationToken.None) .ConfigureAwait(false); ValidateClaimsInAssertion(claims, ((ConfidentialClientApplication)confidentialApp).ClientCredential.CachedAssertion); MsalAssert.AssertAuthResult(authResult); }
public async Task ClientCreds_WithClientSecret_Adfs_Async() { SecretBundle secret = _keyVault.GetSecret(Adfs2019LabConstants.ADFS2019ClientSecretURL); ConfidentialClientApplication msalConfidentialClient = ConfidentialClientApplicationBuilder.Create(Adfs2019LabConstants.ConfidentialClientId) .WithAdfsAuthority(Adfs2019LabConstants.Authority, true) .WithRedirectUri(Adfs2019LabConstants.ClientRedirectUri) .WithClientSecret(secret.Value) .WithTestLogging() .BuildConcrete(); AuthenticationResult authResult = await msalConfidentialClient .AcquireTokenForClient(s_adfsScopes) .ExecuteAsync() .ConfigureAwait(false); Assert.IsNotNull(authResult); Assert.AreEqual(TokenSource.IdentityProvider, authResult.AuthenticationResultMetadata.TokenSource); Assert.IsNotNull(authResult.AccessToken); Assert.IsNull(authResult.IdToken); }
private static IAuthenticationProvider CreateAuthorizationProvider() { var clientId = System.Environment.GetEnvironmentVariable("AzureADAppClientId", EnvironmentVariableTarget.Process); var clientSecret = System.Environment.GetEnvironmentVariable("AzureADAppClientSecret", EnvironmentVariableTarget.Process); var redirectUri = System.Environment.GetEnvironmentVariable("AzureADAppRedirectUri", EnvironmentVariableTarget.Process); var tenantId = System.Environment.GetEnvironmentVariable("AzureADAppTenantId", EnvironmentVariableTarget.Process); var authority = $"https://login.microsoftonline.com/{tenantId}/v2.0"; //this specific scope means that application will default to what is defined in the application registration rather than using dynamic scopes List <string> scopes = new List <string>(); scopes.Add("https://graph.microsoft.com/.default"); var cca = ConfidentialClientApplicationBuilder.Create(clientId) .WithAuthority(authority) .WithRedirectUri(redirectUri) .WithClientSecret(clientSecret) .Build(); return(new MsalAuthenticationProvider(cca, scopes.ToArray())); }
public async Task <string> GetGraphToken(string tenantId) { try { IConfidentialClientApplication daemonClient; daemonClient = ConfidentialClientApplicationBuilder.Create("b6be2ec6-eb67-4422-8d57-e673f0cfdfe8") .WithAuthority(string.Format(authorityFormat, tenantId)) .WithRedirectUri("https://localhost:44336/") .WithClientSecret("7GUBnA7Gn5gan4/DEFH_G=Thu/3B..VB") .Build(); AuthenticationResult authResult = await daemonClient.AcquireTokenForClient(new[] { msGraphScope }) .ExecuteAsync(); return(authResult.AccessToken); } catch { return(null); } }
/// <summary> /// Creates an <see cref="AzureActiveDirectoryTokenProvider"/> using a client secret. If no client secret is provided <see cref="DefaultAzureCredential"/> is used. /// </summary> /// <param name="clientSecret">The client secret to use to authenticate with Azure AD</param> /// <param name="authority">A URL that indicates a directory that MSAL can request tokens from. For example, https://login.microsoftonline.com/{AzureADTenantID}/</param> /// <returns><see cref="AzureActiveDirectoryTokenProvider"/></returns> public AzureActiveDirectoryTokenProvider WithSecret(string clientSecret, string authority, Action <DefaultAzureCredentialOptions> optBuilder = null) { AzureActiveDirectoryTokenProvider.AuthenticationCallback authCallback = async(audience, authority, state) => { if (string.IsNullOrWhiteSpace(clientSecret)) { return((await GetTokenFromDefaultAzureCredential(optBuilder)).Token); } IConfidentialClientApplication app = ConfidentialClientApplicationBuilder.Create(_clientId) .WithAuthority(authority) .WithClientSecret(clientSecret) .Build(); var authResult = await app.AcquireTokenForClient(_requestContext.Scopes).ExecuteAsync(); return(authResult.AccessToken); }; return(new AzureActiveDirectoryTokenProvider(authCallback, authority ?? "", null)); }
public static IConfidentialClientApplication BuildConfidentialClientApplication(string clientId, string clientSecret, string redirectUri, string authority) { if (_cca == null) { _cca = ConfidentialClientApplicationBuilder.Create(clientId) .WithClientSecret(clientSecret) .WithRedirectUri(redirectUri) .WithAuthority(new Uri(authority)) .Build(); _cca.AddDistributedTokenCache(services => { services.AddDistributedMemoryCache(); services.Configure <MsalDistributedTokenCacheAdapterOptions>(o => { o.Encrypt = true; }); }); } return(_cca); }
/// <summary>Initializes a new instance of the <see cref="MSGraphService"/> class.</summary> /// <param name="options">The web option value.</param> public AutomatedGraphClient(IOptions <AutomatedGraphClientOptions> options) { // impersonating //IConfidentialClientApplication confidentialClientApplication = ConfidentialClientApplicationBuilder // .CreateWithApplicationOptions(applicationOptions) // .WithRedirectUri(currentUri) // .WithB2CAuthority(authority) // .Build(); IConfidentialClientApplication confidentialClientApplication = ConfidentialClientApplicationBuilder .Create(options.Value.ClientId) .WithTenantId(options.Value.TenantId) .WithClientSecret(options.Value.ClientSecret) .Build(); ClientCredentialProvider authProvider = new ClientCredentialProvider(confidentialClientApplication); // Set up the Microsoft Graph service client with client credentials _graphServiceClient = new GraphServiceClient(authProvider); _automatedGraphClientOptions = options.Value; }
/// <summary> /// Generate Token /// </summary> /// <param name="clientId"></param> /// <returns></returns> private static async Task <string> GenerateToken(string clientId) { if (B2cConfig.IsRunningOnLocalMachine) { //Generate token locally and pass it in appsettings.json return(B2cConfig.LocalTestToken); } else { IConfidentialClientApplication app = ConfidentialClientApplicationBuilder .Create(clientId) .WithTenantId(B2cConfig.TenantId) .WithAuthority($"{EssAuthConfig.MicrosoftOnlineLoginUrl}{B2cConfig.TenantId}", true) .WithClientSecret(B2cConfig.ClientSecret) .Build(); var scopes = new string[] { B2cConfig.Scope }; AuthenticationResult result = await app.AcquireTokenForClient(scopes).ExecuteAsync(); return(result.AccessToken); } }
public async Task <string> GetAuthToken(string[] scopes = default, TenantConfiguration tenantConfiguration = default) { if (Mode == RecordedTestMode.Playback) { return("auth token"); } tenantConfiguration ??= Tenants.TestConfigOAuth; IConfidentialClientApplication application = ConfidentialClientApplicationBuilder.Create(tenantConfiguration.ActiveDirectoryApplicationId) .WithAuthority(AzureCloudInstance.AzurePublic, tenantConfiguration.ActiveDirectoryTenantId) .WithClientSecret(tenantConfiguration.ActiveDirectoryApplicationSecret) .Build(); scopes ??= new string[] { "https://storage.azure.com/.default" }; AcquireTokenForClientParameterBuilder result = application.AcquireTokenForClient(scopes); AuthenticationResult authenticationResult = await result.ExecuteAsync(); return(authenticationResult.AccessToken); }
public void GlobalSetup() { var cca = ConfidentialClientApplicationBuilder .Create(TestConstants.ClientId) .WithAuthority(new Uri(TestConstants.AuthorityTestTenant)) .WithRedirectUri(TestConstants.RedirectUri) .WithClientSecret(TestConstants.ClientSecret) .BuildConcrete(); var inMemoryTokenCache = new InMemoryTokenCache(); inMemoryTokenCache.Bind(cca.AppTokenCache); TokenCacheHelper tokenCacheHelper = new TokenCacheHelper(); tokenCacheHelper.PopulateCacheForClientCredential(cca.AppTokenCacheInternal.Accessor, TokenCacheSize); _acquireTokenForClientBuilder = cca .AcquireTokenForClient(TestConstants.s_scope) .WithForceRefresh(false); }
static async Task Main(string[] args) { var confidentialClientApplication = ConfidentialClientApplicationBuilder .Create("YOUR_CLIENT_ID") .WithTenantId("YOUR_TENANT_ID") .WithClientSecret("YOUR_APP_SECRET") .Build(); var clientCredentialProvider = new ClientCredentialProvider(confidentialClientApplication); var graphServiceClient = new GraphServiceClient(clientCredentialProvider); var users = await graphServiceClient.Users.Request().Filter("displayName eq 'Hassan Habib'").GetAsync(); foreach (var user in users) { Console.WriteLine(user.DisplayName); } }
public GameStart(IConfiguration configuration, IAdaptiveTemplateLoader loader, Dictionary <string, string> convos) { _appId = configuration["MicrosoftAppId"]; _appPassword = configuration["MicrosoftAppPassword"]; AppCredentials.TrustServiceUrl("https://smba.trafficmanager.net/amer/"); this.client = new ConnectorClient(new Uri("https://smba.trafficmanager.net/amer/"), microsoftAppId: this._appId, microsoftAppPassword: this._appPassword); IConfidentialClientApplication confidentialClientApplication = ConfidentialClientApplicationBuilder .Create(this._appId) .WithTenantId("72f988bf-86f1-41af-91ab-2d7cd011db47") .WithClientSecret(this._appPassword) .Build(); ClientCredentialProvider authProvider = new ClientCredentialProvider(confidentialClientApplication); this.graphClient = new GraphServiceClient(authProvider); this.convos = convos; this.gameStartTemplate = loader.InitializeAdaptiveTemplate("MatchStart.json"); this.gameUpdateTemplate = loader.InitializeAdaptiveTemplate("MatchUpdate.json"); }
public Worker(ILogger <Worker> logger, IHttpClientFactory http, IConfiguration config, IOptions <AzureAdOptions> azureAdConfig) { _logger = logger; _http = http; _usersApiBaseUrl = config.GetValue <string>("Services:UsersApiUrl"); var co = new ConfidentialClientApplicationOptions { Instance = "https://login.microsoftonline.com/", TenantId = "6b9be1b6-4f80-4ce7-8479-16c4d7726470", ClientId = azureAdConfig.Value.ClientId, ClientSecret = azureAdConfig.Value.ClientSecret }; //todo configure cache _clientApplication = ConfidentialClientApplicationBuilder.CreateWithApplicationOptions(co) .Build(); }
public async Task ConfidentialClientWithCertificateTestAsync() { AuthenticationResult authResult; IConfidentialClientApplication confidentialApp; X509Certificate2 cert = GetCertificate(); var confidentialClientAuthority = "https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47"; confidentialApp = ConfidentialClientApplicationBuilder .Create(ConfidentialClientID) .WithAuthority(new Uri(confidentialClientAuthority), true) .WithCertificate(cert) .Build(); authResult = await confidentialApp .AcquireTokenForClient(s_keyvaultScope) .ExecuteAsync(CancellationToken.None) .ConfigureAwait(false); MsalAssert.AssertAuthResult(authResult); }
public async Task AcquireTokenToRegionalEndpointAsync() { // Arrange var factory = new HttpSnifferClientFactory(); _confidentialClientApplication = ConfidentialClientApplicationBuilder.Create(PublicCloudConfidentialClientID) .WithClientAssertion(GetSignedClientAssertionUsingMsalInternal(PublicCloudConfidentialClientID, GetClaims())) //.WithClientSecret(_keyVault.GetSecret(TestConstants.MsalCCAKeyVaultUri).Value) //use the client secret in case of cert errors .WithAuthority(PublicCloudTestAuthority) .WithTestLogging() .WithExperimentalFeatures(true) .WithHttpClientFactory(factory) .Build(); Environment.SetEnvironmentVariable(TestConstants.RegionName, TestConstants.Region); AuthenticationResult result = await GetAuthenticationResultAsync().ConfigureAwait(false); // regional endpoint AssertTokenSource_IsIdP(result); AssertValidHost(true, factory); AssertTelemetry(factory, "2|1004,0|centralus,1,0,,"); }
public GraphSender( string GraphEmailAppId, string GraphEmailTenantId, string GraphEmailSecret, bool SaveSentItems) { _appId = GraphEmailAppId; _tenantId = GraphEmailTenantId; _graphSecret = GraphEmailSecret; _saveSent = SaveSentItems; _clientApp = ConfidentialClientApplicationBuilder .Create(_appId) .WithTenantId(_tenantId) .WithClientSecret(_graphSecret) .Build(); _authProvider = new ClientCredentialProvider(_clientApp); _graphClient = new GraphServiceClient(_authProvider); }
public static async Task <GraphService> CreateOnBehalfOfUserAsync(string userToken, IConfiguration configuration) { var clientApp = ConfidentialClientApplicationBuilder .Create(configuration["AzureAD:ClientId"]) .WithTenantId(configuration["AzureAD:TenantId"]) .WithClientSecret(configuration["AzureAD:ClientSecret"]) .Build(); var authResult = await clientApp .AcquireTokenOnBehalfOf(new[] { "User.Read", "GroupMember.Read.All" }, new UserAssertion(userToken)) .ExecuteAsync(); GraphServiceClient graphClient = new GraphServiceClient( "https://graph.microsoft.com/v1.0", new DelegateAuthenticationProvider(async(requestMessage) => { requestMessage.Headers.Authorization = new AuthenticationHeaderValue("bearer", authResult.AccessToken); })); return(new GraphService(graphClient)); }
async Task ClientCredentialsCertScenario() { X509Certificate2 certificate = GetCertificate(); var aadTokenProvider = TokenProvider.CreateAzureActiveDirectoryTokenProvider(async(audience, authority, state) => { IConfidentialClientApplication app = ConfidentialClientApplicationBuilder.Create(ClientId) .WithAuthority(authority) .WithCertificate(certificate) .Build(); var serviceBusAudience = new Uri("https://servicebus.azure.net"); AuthenticationResult authResult = await app.AcquireTokenForClient(new string[] { $"{serviceBusAudience}/.default" }).ExecuteAsync(); return(authResult.AccessToken); }, $"https://login.windows.net/{TenantId}"); var qc = new QueueClient(new Uri($"sb://{ServiceBusNamespace}/").ToString(), QueueName, aadTokenProvider); await SendReceiveAsync(qc); }
public async Task ClientCreds_WithCertificate_Adfs_Async() { var cert = await _keyVault.GetCertificateWithPrivateMaterialAsync(AdfsCertName) .ConfigureAwait(false); ConfidentialClientApplication msalConfidentialClient = ConfidentialClientApplicationBuilder.Create(Adfs2019LabConstants.ConfidentialClientId) .WithAdfsAuthority(Adfs2019LabConstants.Authority, true) .WithRedirectUri(Adfs2019LabConstants.ClientRedirectUri) .WithTestLogging() .WithCertificate(cert) .BuildConcrete(); AuthenticationResult authResult = await msalConfidentialClient .AcquireTokenForClient(s_adfsScopes) .ExecuteAsync() .ConfigureAwait(false); Assert.IsNotNull(authResult); Assert.IsNotNull(authResult.AccessToken); Assert.IsNull(authResult.IdToken); }
public async Task <IActionResult> CallbackAsync(string code, string error, [FromQuery(Name = "error_description")] string description, string resource, string state) { // アクセス トークンを取得します var clientApplicationOptions = new ConfidentialClientApplicationOptions() { TenantId = GraphTenantId, ClientId = GraphClientId, ClientSecret = GraphClientSecret, RedirectUri = RedirectUrl }; var clientApplicationBuilder = ConfidentialClientApplicationBuilder.CreateWithApplicationOptions(clientApplicationOptions); var clientApplication = clientApplicationBuilder.Build(); var authenticationResult = await clientApplication.AcquireTokenByAuthorizationCode(GraphScope, code).ExecuteAsync(); // アクセス トークンをセッションに格納します var accessToken = authenticationResult.AccessToken; this.HttpContext.Session.Set("access_token", Encoding.UTF8.GetBytes(accessToken)); return(this.RedirectToAction("Index", "Home")); }
private static async Task RunAsync() { IConfidentialClientApplication app = ConfidentialClientApplicationBuilder.Create("eb0f6102-***************************") .WithClientSecret("f_x43************************************") .WithAuthority(new Uri("https://login.microsoftonline.com/834bd397-***************************")) .Build(); string[] resources = new string[] { "api://811da938--***************************/.default" }; AuthenticationResult result = await app.AcquireTokenForClient(resources).ExecuteAsync(); Console.WriteLine("Token acquired: " + result.AccessToken); var httpClient = new HttpClient(); var t = "Bearer " + result.AccessToken; httpClient.DefaultRequestHeaders.Add("Authorization", t); HttpResponseMessage response = await httpClient.GetAsync("http://localhost:5000/WeatherForecast"); Console.WriteLine(await response.Content.ReadAsStringAsync()); }