private static IConfidentialClientApplication CreateApp(CredentialType credentialType, IConfidentialAppSettings settings)
        {
            var builder = ConfidentialClientApplicationBuilder
                          .Create(settings.ClientId)
                          .WithAuthority(settings.Authority, true)
                          .WithTestLogging();

            switch (credentialType)
            {
            case CredentialType.Cert:
                builder.WithCertificate(settings.GetCertificate());
                break;

            case CredentialType.Secret:
                builder.WithClientSecret(settings.GetSecret());
                break;

            case CredentialType.ClientAssertion_Manual:

                var aud = settings.Cloud == Cloud.Adfs ?
                          settings.Authority + "/oauth2/token" :
                          settings.Authority + "/oauth2/v2.0/token";

                string signedAssertionManual = GetSignedClientAssertionManual(
                    settings.ClientId,
                    aud,   // for AAD use v2.0, but not for ADFS
                    settings.GetCertificate());

                builder.WithClientAssertion(signedAssertionManual);
                break;

            case CredentialType.ClientAssertion_Wilson:
                var aud2 = settings.Cloud == Cloud.Adfs ?
                           settings.Authority + "/oauth2/token" :
                           settings.Authority + "/oauth2/v2.0/token";

                string clientAssertion = GetSignedClientAssertionUsingWilson(
                    settings.ClientId,
                    aud2,
                    settings.GetCertificate());

                builder.WithClientAssertion(clientAssertion);
                break;

            case CredentialType.ClientClaims_ExtraClaims:
                builder.WithClientClaims(settings.GetCertificate(), GetClaims(true), mergeWithDefaultClaims: false);
                break;

            case CredentialType.ClientClaims_MergeClaims:
                builder.WithClientClaims(settings.GetCertificate(), GetClaims(false), mergeWithDefaultClaims: true);
                break;

            default:
                throw new NotImplementedException();
            }

            var confidentialApp = builder.Build();

            return(confidentialApp);
        }
        private IConfidentialClientApplication BuildCCA(
            IConfidentialAppSettings settings,
            HttpSnifferClientFactory factory,
            bool useClaims = false,
            string region  = ConfidentialClientApplication.AttemptRegionDiscovery)
        {
            var builder = ConfidentialClientApplicationBuilder.Create(settings.ClientId);

            if (useClaims)
            {
                builder.WithClientAssertion(GetSignedClientAssertionUsingMsalInternal(settings.ClientId, GetClaims(settings)));
            }
            else
            {
                builder.WithCertificate(settings.GetCertificate());
            }

            builder.WithAuthority($@"https://{settings.Environment}/{settings.TenantId}")
            .WithTestLogging()
            .WithExperimentalFeatures(true)
            .WithHttpClientFactory(factory);

            if (region != null)
            {
                builder.WithAzureRegion(region);
            }

            return(builder.Build());
        }
        public async Task LegacyPoPAsync()
        {
            IConfidentialAppSettings settings        = ConfidentialAppSettings.GetSettings(Cloud.Public);
            X509Certificate2         clientCredsCert = settings.GetCertificate();
            RsaSecurityKey           popKey          = CreateRsaSecurityKey();

            var cca = ConfidentialClientApplicationBuilder
                      .Create(settings.ClientId)
                      .WithAuthority(settings.Authority, true)
                      .WithExperimentalFeatures(true)
                      .WithTestLogging()
                      .Build();

            var result = await cca.AcquireTokenForClient(settings.AppScopes)
                         .WithProofOfPosessionKeyId(popKey.KeyId)
                         .OnBeforeTokenRequest((data) =>
            {
                ModifyRequestWithLegacyPop(data, settings, clientCredsCert, popKey);
                return(Task.CompletedTask);
            })
                         .ExecuteAsync().ConfigureAwait(false);

            Assert.AreEqual(TokenSource.IdentityProvider, result.AuthenticationResultMetadata.TokenSource);
            MsalAccessTokenCacheItem at = (cca.AppTokenCache as ITokenCacheInternal).Accessor.GetAllAccessTokens().Single();

            Assert.AreEqual(at.KeyId, popKey.KeyId);

            result = await cca.AcquireTokenForClient(settings.AppScopes)
                     .WithProofOfPosessionKeyId(popKey.KeyId)
                     .OnBeforeTokenRequest((data) =>
            {
                ModifyRequestWithLegacyPop(data, settings, clientCredsCert, popKey);
                return(Task.CompletedTask);
            }).ExecuteAsync().ConfigureAwait(false);

            Assert.AreEqual(TokenSource.Cache, result.AuthenticationResultMetadata.TokenSource);
            at = (cca.AppTokenCache as ITokenCacheInternal).Accessor.GetAllAccessTokens().Single();
            Assert.AreEqual(at.KeyId, popKey.KeyId);

            RsaSecurityKey popKey2 = CreateRsaSecurityKey();

            result = await cca.AcquireTokenForClient(settings.AppScopes)
                     .WithProofOfPosessionKeyId(popKey2.KeyId)
                     .OnBeforeTokenRequest((data) =>
            {
                ModifyRequestWithLegacyPop(data, settings, clientCredsCert, popKey2);
                return(Task.CompletedTask);
            }).ExecuteAsync().ConfigureAwait(false);

            Assert.AreEqual(TokenSource.IdentityProvider, result.AuthenticationResultMetadata.TokenSource);
            var ats = (cca.AppTokenCache as ITokenCacheInternal).Accessor.GetAllAccessTokens();

            Assert.IsNotNull(ats.SingleOrDefault(a => a.KeyId == popKey2.KeyId));
            Assert.IsNotNull(ats.SingleOrDefault(a => a.KeyId == popKey.KeyId));
        }
示例#4
0
        private static async Task AcquireTokenAsync(string region, bool setEnvVariable = true)
        {
            if (!string.IsNullOrEmpty(region) && setEnvVariable)
            {
                Environment.SetEnvironmentVariable(s_environmentVarName, s_region);
            }

            string[] scopes = new string[] { $"{s_appSettings.ClientId}/.default", };
            Dictionary <string, string> dict = new Dictionary <string, string>
            {
                ["allowestsrnonmsi"] = "true"
            };

            var builder = ConfidentialClientApplicationBuilder.Create(s_appSettings.ClientId)
                          .WithAuthority(s_appSettings.Authority, false)
                          .WithCertificate(s_appSettings.GetCertificate())
                          .WithLogging(Log, LogLevel.Verbose, true);

            // Regional if region specified, global otherwise
            if (!string.IsNullOrEmpty(region))
            {
                builder.WithAzureRegion(region);
            }

            var cca = builder.Build();

            Console.WriteLine($"CCA created. Is regional:{region}, Set env var:{setEnvVariable}.");

            AuthenticationResult result = await cca.AcquireTokenForClient(scopes)
                                          .WithExtraQueryParameters(dict)
                                          .ExecuteAsync()
                                          .ConfigureAwait(false);

            Console.WriteLine("Access token:" + result.AccessToken);

            if (!string.IsNullOrEmpty(region) && setEnvVariable)
            {
                Environment.SetEnvironmentVariable(s_environmentVarName, null);
            }
        }
示例#5
0
        public async Task WithOnBeforeTokenRequest_TestAsync(Cloud cloud, RunOn runOn)
        {
            IConfidentialAppSettings settings = ConfidentialAppSettings.GetSettings(cloud);

            AuthenticationResult authResult;

            IConfidentialClientApplication confidentialApp = ConfidentialClientApplicationBuilder
                                                             .Create(settings.ClientId)
                                                             .WithAuthority(settings.Authority, true)
                                                             .WithExperimentalFeatures(true)
                                                             .WithTestLogging()
                                                             .Build();

            authResult = await confidentialApp
                         .AcquireTokenForClient(settings.AppScopes)
                         .OnBeforeTokenRequest((data) =>
            {
                ModifyRequest(data, settings.GetCertificate());     // Adding a certificate via handler instead of using WithCertificate
                return(Task.CompletedTask);
            })
                         .ExecuteAsync(CancellationToken.None)
                         .ConfigureAwait(false);

            Assert.AreEqual(TokenSource.IdentityProvider, authResult.AuthenticationResultMetadata.TokenSource);

            // Call again to ensure token cache is hit
            authResult = await confidentialApp
                         .AcquireTokenForClient(settings.AppScopes)
                         .OnBeforeTokenRequest((data) =>
            {
                throw new InvalidOperationException("Should not be invoking this callback when the token is fetched from the cache");
            })
                         .ExecuteAsync()
                         .ConfigureAwait(false);

            Assert.AreEqual(TokenSource.Cache, authResult.AuthenticationResultMetadata.TokenSource);
        }