private async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedNotification context)
{
// If there is a code in the OpenID Connect response, redeem it for an access token and store it away.
var code = context.Code;
string userObjectId = context.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
SampleTokenCache tokenCache = new SampleTokenCache(userObjectId);
var credential = new ClientCredential(ClientSecret);
var cca = new ConfidentialClientApplication(
ClientId,
context.Request.Uri.ToString(),
credential,
tokenCache.GetMsalCacheInstance(),
null);
try
{
var result = await cca.AcquireTokenByAuthorizationCodeAsync(code, Scopes);
}
catch (MsalException ex)
{
context.HandleResponse();
context.Response.Redirect($"/error/index?message={ex.Message}");
}
}
// Remove all cache entries for this user and send an OpenID Connect sign-out request.
public void SignOut()
{
string userObjectId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier")?.Value;
var tokenCache = new SampleTokenCache(userObjectId);
tokenCache.Clear();
HttpContext.GetOwinContext().Authentication.SignOut(
OpenIdConnectAuthenticationDefaults.AuthenticationType, CookieAuthenticationDefaults.AuthenticationType);
}
public static GraphServiceClient GetAuthenticatedClient(string userId, string redirect)
{
var graphClient = new GraphServiceClient(
new DelegateAuthenticationProvider(
async(request) =>
{
var tokenCache = new SampleTokenCache(userId);
var cca = new ConfidentialClientApplication(Startup.ClientId, redirect,
new ClientCredential(Startup.ClientSecret), tokenCache.GetMsalCacheInstance(), null);
var authResult = await cca.AcquireTokenSilentAsync(Startup.Scopes, cca.Users.First());
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
}));
return(graphClient);
}
// Gets an access token. First tries to get the access token from the token cache.
// This sample uses a password (secret) to authenticate. Production apps should use a certificate.
public async Task <string> GetUserAccessTokenAsync(string tenantId)
{
tokenCache = new SampleTokenCache(
tenantId,
memoryCache);
AuthenticationContext authContext = new AuthenticationContext($"{ aadInstance }{ tenantId }", tokenCache);
try
{
AuthenticationResult authResult = await authContext.AcquireTokenAsync(
graphResourceId,
new ClientCredential(appId, appSecret)); // For sample purposes only. Production apps should use a client certificate.
return(authResult.AccessToken);
}
catch (AdalException e)
{
throw e;
}
}
// Used by NotificationController (which is not authenticated) to get an access token from the cache.
public static async Task <string> GetAccessTokenForSubscriptionAsync(string userObjectId, string tenantId)
{
string authority = $"{ aadInstance }/{ tenantId }";
tokenCache = new SampleTokenCache(userObjectId);
AuthenticationContext authContext = new AuthenticationContext(authority, tokenCache);
try
{
AuthenticationResult authResult = await authContext.AcquireTokenSilentAsync(
graphResourceId,
new ClientCredential(appId, appSecret),
new UserIdentifier(userObjectId, UserIdentifierType.UniqueId));
return(authResult.AccessToken);
}
catch (AdalException e)
{
throw e;
}
}
// Gets an access token. First tries to get the token from the token cache.
public async Task <string> GetUserAccessTokenAsync(string userObjectId)
{
tokenCache = new SampleTokenCache(
userObjectId,
memoryCache);
var cachedItems = tokenCache.ReadItems(); // see what's in the cache
AuthenticationContext authContext = new AuthenticationContext(authority, tokenCache);
try
{
AuthenticationResult authResult = await authContext.AcquireTokenSilentAsync(
graphResourceId,
new ClientCredential(appId, appSecret),
new UserIdentifier(userObjectId, UserIdentifierType.UniqueId));
return(authResult.AccessToken);
}
catch (AdalException e)
{
throw e;
}
}
// Used by SubscriptionController to get an access token from the cache.
public static async Task <string> GetAccessTokenAsync()
{
string userObjectId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier")?.Value;
string tenantId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid")?.Value;
string authority = $"{ aadInstance }/{ tenantId }";
tokenCache = new SampleTokenCache(userObjectId);
AuthenticationContext authContext = new AuthenticationContext(authority, tokenCache);
try
{
AuthenticationResult authResult = await authContext.AcquireTokenSilentAsync(
graphResourceId,
new ClientCredential(appId, appSecret),
new UserIdentifier(userObjectId, UserIdentifierType.UniqueId));
return(authResult.AccessToken);
}
catch (AdalException e)
{
throw e;
}
}
