/// <summary> /// Gets the application credentials. App Credentials are cached so as to ensure we are not refreshing /// token every time. /// </summary> /// <param name="appId">The application identifier (AAD Id for the bot).</param> /// <param name="oAuthScope">The scope for the token, skills will use the Skill App Id. </param> /// <param name="cancellationToken">Cancellation token.</param> /// <returns>App credentials.</returns> private async Task <AppCredentials> GetAppCredentialsAsync(string appId, string oAuthScope = null, CancellationToken cancellationToken = default) { if (appId == null) { return(MicrosoftAppCredentials.Empty); } var cacheKey = $"{appId}{oAuthScope}"; if (_appCredentialMap.TryGetValue(cacheKey, out var appCredentials)) { return(appCredentials); } // If app credentials were provided, use them as they are the preferred choice moving forward if (_appCredentials != null) { // Cache the credentials for later use _appCredentialMap[cacheKey] = _appCredentials; return(_appCredentials); } // NOTE: we can't do async operations inside of a AddOrUpdate, so we split access pattern var appPassword = await _credentialProvider.GetAppPasswordAsync(appId).ConfigureAwait(false); appCredentials = _channelProvider != null && _channelProvider.IsGovernment() ? new MicrosoftGovernmentAppCredentials(appId, appPassword, _httpClient, _logger) : new MicrosoftAppCredentials(appId, appPassword, _httpClient, _logger, oAuthScope); // Cache the credentials for later use _appCredentialMap[cacheKey] = appCredentials; return(appCredentials); }
private async Task <IdentityToken> TryAuthenticateAsync(JwtTokenExtractor toBotFromChannelExtractor, JwtTokenExtractor toBotFromEmulatorExtractor, string scheme, string token, CancellationToken cancellationToken) { // then auth is disabled if (await this.credentialProvider.IsAuthenticationDisabledAsync()) { return(new IdentityToken(true, null)); } ClaimsIdentity identity = null; string appId = null; identity = await toBotFromChannelExtractor.GetIdentityAsync(scheme, token); if (identity != null) { appId = toBotFromChannelExtractor.GetAppIdFromClaimsIdentity(identity); } // No identity? If we're allowed to, fall back to MSA // This code path is used by the emulator if (identity == null && !this.disableEmulatorTokens) { identity = await toBotFromEmulatorExtractor.GetIdentityAsync(scheme, token); if (identity != null) { appId = toBotFromEmulatorExtractor.GetAppIdFromEmulatorClaimsIdentity(identity); } } if (identity != null) { if (await credentialProvider.IsValidAppIdAsync(appId) == false) // keep context { // not valid appid, drop the identity identity = null; } else { var password = await credentialProvider.GetAppPasswordAsync(appId); // Keep context if (password != null) { // add password as claim so that it is part of ClaimsIdentity and accessible by ConnectorClient() identity.AddClaim(new Claim(ClaimsIdentityEx.AppPasswordClaim, password)); } } } if (identity != null) { return(new IdentityToken(true, identity)); } return(new IdentityToken(false, null)); }
internal async Task <IdentityToken> TryAuthenticateAsync(HttpRequestMessage request, CancellationToken token) { // then auth is disabled if (await this.credentialProvider.IsAuthenticationDisabledAsync()) { return(new IdentityToken(true, null)); } ClaimsIdentity identity = null; var tokenExtractor = GetTokenExtractor(); identity = await tokenExtractor.GetIdentityAsync(request); // No identity? If we're allowed to, fall back to MSA // This code path is used by the emulator if (identity == null && !this.disableEmulatorTokens) { tokenExtractor = new JwtTokenExtractor(JwtConfig.ToBotFromMSATokenValidationParameters, JwtConfig.ToBotFromMSAOpenIdMetadataUrl); identity = await tokenExtractor.GetIdentityAsync(request); } if (identity != null) { var appId = tokenExtractor.GetAppIdFromClaimsIdentity(identity); if (await credentialProvider.IsValidAppIdAsync(appId) == false) // keep context { // not valid appid, drop the identity identity = null; } else { var password = await credentialProvider.GetAppPasswordAsync(appId); // Keep context if (password != null) { // add password as claim so that it is part of ClaimsIdentity and accessible by ConnectorClient() identity.AddClaim(new Claim(ClaimsIdentityEx.AppPasswordClaim, password)); } } } if (identity != null) { Thread.CurrentPrincipal = new ClaimsPrincipal(identity); // Inside of ASP.NET this is required if (HttpContext.Current != null) { HttpContext.Current.User = Thread.CurrentPrincipal; } return(new IdentityToken(true, identity)); } return(new IdentityToken(false, null)); }
private async Task <MicrosoftAppCredentials> GetMicrosoftAppCredentialsAsync(ITurnContext turnContext) { ClaimsIdentity claimsIdentity = turnContext.TurnState.Get <ClaimsIdentity>("BotIdentity"); Claim botAppIdClaim = claimsIdentity.Claims?.SingleOrDefault(claim => claim.Type == AuthenticationConstants.AudienceClaim) ?? claimsIdentity.Claims?.SingleOrDefault(claim => claim.Type == AuthenticationConstants.AppIdClaim); string appPassword = await _credentialProvider.GetAppPasswordAsync(botAppIdClaim?.Value).ConfigureAwait(false); return(new MicrosoftAppCredentials(botAppIdClaim?.Value, appPassword)); }
public StateClient(Uri baseUri, ICredentialProvider credentialProvider, ClaimsIdentity claimsIdentity = null, params DelegatingHandler[] handlers) : this(baseUri, handlers: handlers) { if (claimsIdentity == null) claimsIdentity = HttpContext.Current.User.Identity as ClaimsIdentity ?? Thread.CurrentPrincipal.Identity as ClaimsIdentity; if (claimsIdentity == null) throw new ArgumentNullException("ClaimsIdentity not passed in and not available via Thread.CurrentPrincipal.Identity"); var appId = claimsIdentity.GetAppIdFromClaims(); var password = credentialProvider.GetAppPasswordAsync(appId).Result; this.Credentials = new MicrosoftAppCredentials(appId, password); }
/// <summary> /// Gets the application credentials. App Credentials are cached so as to ensure we are not refreshing /// token everytime. /// </summary> /// <param name="appId">The application identifier (AAD Id for the bot).</param> /// <returns>App credentials.</returns> protected virtual async Task <MicrosoftAppCredentials> GetAppCredentials(string appId) { MicrosoftAppCredentials appCredentials; if (!_appCredentialMap.TryGetValue(appId, out appCredentials)) { string appPassword = await _credentialProvider.GetAppPasswordAsync(appId); appCredentials = new MicrosoftAppCredentials(appId, appPassword); _appCredentialMap[appId] = appCredentials; } return(appCredentials); }
/// <summary> /// Gets the application credentials. App Credentials are cached so as to ensure we are not refreshing /// token everytime. /// </summary> /// <param name="appId">The application identifier (AAD Id for the bot).</param> /// <returns>App credentials.</returns> private async Task <MicrosoftAppCredentials> GetAppCredentialsAsync(string appId) { if (appId == null) { return(MicrosoftAppCredentials.Empty); } if (!_appCredentialMap.TryGetValue(appId, out var appCredentials)) { string appPassword = await _credentialProvider.GetAppPasswordAsync(appId).ConfigureAwait(false); appCredentials = new MicrosoftAppCredentials(appId, appPassword); _appCredentialMap[appId] = appCredentials; } return(appCredentials); }
/// <summary> /// Gets the application credentials. App Credentials are cached so as to ensure we are not refreshing /// token everytime. /// </summary> /// <param name="appId">The application identifier (AAD Id for the bot).</param> /// <param name="cancellationToken">Cancellation token.</param> /// <returns>App credentials.</returns> private async Task <MicrosoftAppCredentials> GetAppCredentialsAsync(string appId, CancellationToken cancellationToken) { if (appId == null) { return(MicrosoftAppCredentials.Empty); } if (_appCredentialMap.TryGetValue(appId, out var appCredentials)) { return(appCredentials); } // NOTE: we can't do async operations inside of a AddOrUpdate, so we split access pattern string appPassword = await _credentialProvider.GetAppPasswordAsync(appId).ConfigureAwait(false); appCredentials = (_channelProvider != null && _channelProvider.IsGovernment()) ? new MicrosoftGovernmentAppCredentials(appId, appPassword) : new MicrosoftAppCredentials(appId, appPassword); _appCredentialMap[appId] = appCredentials; return(appCredentials); }