/// <summary>
/// Gets the application credentials. App Credentials are cached so as to ensure we are not refreshing
/// token every time.
/// </summary>
/// <param name="appId">The application identifier (AAD Id for the bot).</param>
/// <param name="oAuthScope">The scope for the token, skills will use the Skill App Id. </param>
/// <param name="cancellationToken">Cancellation token.</param>
/// <returns>App credentials.</returns>
private async Task <AppCredentials> GetAppCredentialsAsync(string appId, string oAuthScope = null, CancellationToken cancellationToken = default)
{
if (appId == null)
{
return(MicrosoftAppCredentials.Empty);
}
var cacheKey = $"{appId}{oAuthScope}";
if (_appCredentialMap.TryGetValue(cacheKey, out var appCredentials))
{
return(appCredentials);
}
// If app credentials were provided, use them as they are the preferred choice moving forward
if (_appCredentials != null)
{
// Cache the credentials for later use
_appCredentialMap[cacheKey] = _appCredentials;
return(_appCredentials);
}
// NOTE: we can't do async operations inside of a AddOrUpdate, so we split access pattern
var appPassword = await _credentialProvider.GetAppPasswordAsync(appId).ConfigureAwait(false);
appCredentials = _channelProvider != null && _channelProvider.IsGovernment() ? new MicrosoftGovernmentAppCredentials(appId, appPassword, _httpClient, _logger) : new MicrosoftAppCredentials(appId, appPassword, _httpClient, _logger, oAuthScope);
// Cache the credentials for later use
_appCredentialMap[cacheKey] = appCredentials;
return(appCredentials);
}
private async Task <IdentityToken> TryAuthenticateAsync(JwtTokenExtractor toBotFromChannelExtractor,
JwtTokenExtractor toBotFromEmulatorExtractor,
string scheme,
string token,
CancellationToken cancellationToken)
{
// then auth is disabled
if (await this.credentialProvider.IsAuthenticationDisabledAsync())
{
return(new IdentityToken(true, null));
}
ClaimsIdentity identity = null;
string appId = null;
identity = await toBotFromChannelExtractor.GetIdentityAsync(scheme, token);
if (identity != null)
{
appId = toBotFromChannelExtractor.GetAppIdFromClaimsIdentity(identity);
}
// No identity? If we're allowed to, fall back to MSA
// This code path is used by the emulator
if (identity == null && !this.disableEmulatorTokens)
{
identity = await toBotFromEmulatorExtractor.GetIdentityAsync(scheme, token);
if (identity != null)
{
appId = toBotFromEmulatorExtractor.GetAppIdFromEmulatorClaimsIdentity(identity);
}
}
if (identity != null)
{
if (await credentialProvider.IsValidAppIdAsync(appId) == false) // keep context
{
// not valid appid, drop the identity
identity = null;
}
else
{
var password = await credentialProvider.GetAppPasswordAsync(appId); // Keep context
if (password != null)
{
// add password as claim so that it is part of ClaimsIdentity and accessible by ConnectorClient()
identity.AddClaim(new Claim(ClaimsIdentityEx.AppPasswordClaim, password));
}
}
}
if (identity != null)
{
return(new IdentityToken(true, identity));
}
return(new IdentityToken(false, null));
}
internal async Task <IdentityToken> TryAuthenticateAsync(HttpRequestMessage request,
CancellationToken token)
{
// then auth is disabled
if (await this.credentialProvider.IsAuthenticationDisabledAsync())
{
return(new IdentityToken(true, null));
}
ClaimsIdentity identity = null;
var tokenExtractor = GetTokenExtractor();
identity = await tokenExtractor.GetIdentityAsync(request);
// No identity? If we're allowed to, fall back to MSA
// This code path is used by the emulator
if (identity == null && !this.disableEmulatorTokens)
{
tokenExtractor = new JwtTokenExtractor(JwtConfig.ToBotFromMSATokenValidationParameters, JwtConfig.ToBotFromMSAOpenIdMetadataUrl);
identity = await tokenExtractor.GetIdentityAsync(request);
}
if (identity != null)
{
var appId = tokenExtractor.GetAppIdFromClaimsIdentity(identity);
if (await credentialProvider.IsValidAppIdAsync(appId) == false) // keep context
{
// not valid appid, drop the identity
identity = null;
}
else
{
var password = await credentialProvider.GetAppPasswordAsync(appId); // Keep context
if (password != null)
{
// add password as claim so that it is part of ClaimsIdentity and accessible by ConnectorClient()
identity.AddClaim(new Claim(ClaimsIdentityEx.AppPasswordClaim, password));
}
}
}
if (identity != null)
{
Thread.CurrentPrincipal = new ClaimsPrincipal(identity);
// Inside of ASP.NET this is required
if (HttpContext.Current != null)
{
HttpContext.Current.User = Thread.CurrentPrincipal;
}
return(new IdentityToken(true, identity));
}
return(new IdentityToken(false, null));
}
private async Task <MicrosoftAppCredentials> GetMicrosoftAppCredentialsAsync(ITurnContext turnContext)
{
ClaimsIdentity claimsIdentity = turnContext.TurnState.Get <ClaimsIdentity>("BotIdentity");
Claim botAppIdClaim = claimsIdentity.Claims?.SingleOrDefault(claim => claim.Type == AuthenticationConstants.AudienceClaim)
??
claimsIdentity.Claims?.SingleOrDefault(claim => claim.Type == AuthenticationConstants.AppIdClaim);
string appPassword = await _credentialProvider.GetAppPasswordAsync(botAppIdClaim?.Value).ConfigureAwait(false);
return(new MicrosoftAppCredentials(botAppIdClaim?.Value, appPassword));
}
public StateClient(Uri baseUri, ICredentialProvider credentialProvider, ClaimsIdentity claimsIdentity = null, params DelegatingHandler[] handlers)
: this(baseUri, handlers: handlers)
{
if (claimsIdentity == null)
claimsIdentity = HttpContext.Current.User.Identity as ClaimsIdentity ?? Thread.CurrentPrincipal.Identity as ClaimsIdentity;
if (claimsIdentity == null)
throw new ArgumentNullException("ClaimsIdentity not passed in and not available via Thread.CurrentPrincipal.Identity");
var appId = claimsIdentity.GetAppIdFromClaims();
var password = credentialProvider.GetAppPasswordAsync(appId).Result;
this.Credentials = new MicrosoftAppCredentials(appId, password);
}
/// <summary>
/// Gets the application credentials. App Credentials are cached so as to ensure we are not refreshing
/// token everytime.
/// </summary>
/// <param name="appId">The application identifier (AAD Id for the bot).</param>
/// <returns>App credentials.</returns>
protected virtual async Task <MicrosoftAppCredentials> GetAppCredentials(string appId)
{
MicrosoftAppCredentials appCredentials;
if (!_appCredentialMap.TryGetValue(appId, out appCredentials))
{
string appPassword = await _credentialProvider.GetAppPasswordAsync(appId);
appCredentials = new MicrosoftAppCredentials(appId, appPassword);
_appCredentialMap[appId] = appCredentials;
}
return(appCredentials);
}
/// <summary>
/// Gets the application credentials. App Credentials are cached so as to ensure we are not refreshing
/// token everytime.
/// </summary>
/// <param name="appId">The application identifier (AAD Id for the bot).</param>
/// <returns>App credentials.</returns>
private async Task <MicrosoftAppCredentials> GetAppCredentialsAsync(string appId)
{
if (appId == null)
{
return(MicrosoftAppCredentials.Empty);
}
if (!_appCredentialMap.TryGetValue(appId, out var appCredentials))
{
string appPassword = await _credentialProvider.GetAppPasswordAsync(appId).ConfigureAwait(false);
appCredentials = new MicrosoftAppCredentials(appId, appPassword);
_appCredentialMap[appId] = appCredentials;
}
return(appCredentials);
}
/// <summary>
/// Gets the application credentials. App Credentials are cached so as to ensure we are not refreshing
/// token everytime.
/// </summary>
/// <param name="appId">The application identifier (AAD Id for the bot).</param>
/// <param name="cancellationToken">Cancellation token.</param>
/// <returns>App credentials.</returns>
private async Task <MicrosoftAppCredentials> GetAppCredentialsAsync(string appId, CancellationToken cancellationToken)
{
if (appId == null)
{
return(MicrosoftAppCredentials.Empty);
}
if (_appCredentialMap.TryGetValue(appId, out var appCredentials))
{
return(appCredentials);
}
// NOTE: we can't do async operations inside of a AddOrUpdate, so we split access pattern
string appPassword = await _credentialProvider.GetAppPasswordAsync(appId).ConfigureAwait(false);
appCredentials = (_channelProvider != null && _channelProvider.IsGovernment()) ?
new MicrosoftGovernmentAppCredentials(appId, appPassword) :
new MicrosoftAppCredentials(appId, appPassword);
_appCredentialMap[appId] = appCredentials;
return(appCredentials);
}
