protected BaseRequest(AuthenticationRequestParameters authenticationRequestParameters) { this.Authenticator = authenticationRequestParameters.Authenticator; this.CallState = CreateCallState(this.Authenticator.CorrelationId); PlatformPlugin.Logger.Information(this.CallState, string.Format(CultureInfo.InvariantCulture,"=== Token Acquisition started:\n\tAuthority: {0}\n\tScope: {1}\n\tClientId: {2}\n\tCacheType: {3}", Authenticator.Authority, authenticationRequestParameters.Scope.AsSingleString(), authenticationRequestParameters.ClientKey.ClientId, (tokenCache != null) ? tokenCache.GetType().FullName + string.Format(CultureInfo.InvariantCulture," ({0} items)", tokenCache.Count) : "null")); this.tokenCache = authenticationRequestParameters.TokenCache; this.ClientKey = authenticationRequestParameters.ClientKey; this.Policy = authenticationRequestParameters.Policy; this.restrictToSingleUser = authenticationRequestParameters.RestrictToSingleUser; if (MsalStringHelper.IsNullOrEmpty(authenticationRequestParameters.Scope)) { throw new ArgumentNullException("scope"); } this.Scope = authenticationRequestParameters.Scope.CreateSetFromArray(); ValidateScopeInput(this.Scope); this.LoadFromCache = (tokenCache != null); this.StoreToCache = (tokenCache != null); this.SupportADFS = false; if (this.tokenCache != null && (restrictToSingleUser && this.tokenCache.GetUniqueIdsFromCache(this.ClientKey.ClientId).Count() > 1)) { throw new ArgumentException( "Cache cannot have entries for more than 1 unique id when RestrictToSingleUser is set to TRUE."); } }
/// <summary> /// 获取access_token。会缓存,过期后自动重新获取新的token。 /// </summary> public static string GetAccessToken(WeChatParam param) { var appId = GetConfig.GetAppid(param); var secret = GetConfig.GetSecret(param); if (!AccessTokensCache.ContainsKey(appId) || AccessTokensCache[appId] == null || AccessTokensCache[appId].ExpireTime < DateTime.Now) { var result = HttpHelper.Get<TokenResult>(ApiList.GetTokenUrl, new HttpParam { {"grant_type", "client_credential"}, {"appid", appId}, {"secret", secret} }); if (!result.IsSuccess) throw new WxException(result.errcode, result.errmsg); AccessTokensCache[appId] = new TokenCache { AccessToken = result.access_token, ExpireTime = DateTime.Now.AddSeconds(result.expires_in - 60) }; } return AccessTokensCache[appId].AccessToken; }
/// <summary> /// Returns a SharePoint ClientContext using Azure Active Directory authentication. This requires that you have a Azure AD Native Application registered. The user will be prompted for authentication. /// </summary> /// <param name="siteUrl">Site for which the ClientContext object will be instantiated</param> /// <param name="clientId">The Azure AD Native Application Client ID</param> /// <param name="redirectUri">The Azure AD Native Application Redirect Uri</param> /// <param name="tokenCache">Optional token cache. If not specified an in-memory token cache will be used</param> /// <returns></returns> public ClientContext GetAzureADNativeApplicationAuthenticatedContext(string siteUrl, string clientId, Uri redirectUri, TokenCache tokenCache = null) { var clientContext = new ClientContext(siteUrl); _contextUrl = siteUrl; _tokenCache = tokenCache; _clientId = clientId; _redirectUri = redirectUri; clientContext.ExecutingWebRequest += clientContext_NativeApplicationExecutingWebRequest; return(clientContext); }
public CustomProvider(OpenIdConfig config, TokenCache tokenCache) : base(config, tokenCache) { }
private AuthenticationRequestParameters CreateAuthenticationParametersAndSetupMocks( MockHttpAndServiceBundle harness, int numAuthorizationPendingResults, out HashSet <string> expectedScopes, bool isAdfs = false) { var cache = new TokenCache(harness.ServiceBundle, false); var parameters = harness.CreateAuthenticationRequestParameters( isAdfs ? TestConstants.OnPremiseAuthority : TestConstants.AuthorityHomeTenant, null, cache, null, extraQueryParameters: TestConstants.ExtraQueryParameters, claims: TestConstants.Claims); if (!isAdfs) { harness.HttpManager.AddInstanceDiscoveryMockHandler(); } expectedScopes = new HashSet <string>(); expectedScopes.UnionWith(TestConstants.s_scope); expectedScopes.Add(OAuth2Value.ScopeOfflineAccess); expectedScopes.Add(OAuth2Value.ScopeProfile); expectedScopes.Add(OAuth2Value.ScopeOpenId); // Mock Handler for device code request harness.HttpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Post, ExpectedPostData = new Dictionary <string, string>() { { OAuth2Parameter.ClientId, TestConstants.ClientId }, { OAuth2Parameter.Scope, expectedScopes.AsSingleString() }, { OAuth2Parameter.Claims, TestConstants.Claims } }, ResponseMessage = isAdfs ? CreateAdfsDeviceCodeResponseSuccessMessage() : CreateDeviceCodeResponseSuccessMessage(), ExpectedQueryParams = TestConstants.ExtraQueryParameters, }); for (int i = 0; i < numAuthorizationPendingResults; i++) { harness.HttpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Post, ExpectedUrl = isAdfs ? "https://fs.contoso.com/adfs/oauth2/token" : "https://login.microsoftonline.com/home/oauth2/v2.0/token", ResponseMessage = MockHelpers.CreateFailureMessage( HttpStatusCode.Forbidden, "{\"error\":\"authorization_pending\"," + "\"error_description\":\"AADSTS70016: Pending end-user authorization." + "\\r\\nTrace ID: f6c2c73f-a21d-474e-a71f-d8b121a58205\\r\\nCorrelation ID: " + "36fe3e82-442f-4418-b9f4-9f4b9295831d\\r\\nTimestamp: 2015-09-24 19:51:51Z\"," + "\"error_codes\":[70016],\"timestamp\":\"2015-09-24 19:51:51Z\",\"trace_id\":" + "\"f6c2c73f-a21d-474e-a71f-d8b121a58205\",\"correlation_id\":" + "\"36fe3e82-442f-4418-b9f4-9f4b9295831d\"}") }); } if (numAuthorizationPendingResults > 0) { // Mock Handler for devicecode->token exchange request harness.HttpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Post, ExpectedPostData = new Dictionary <string, string>() { { OAuth2Parameter.ClientId, TestConstants.ClientId }, { OAuth2Parameter.Scope, expectedScopes.AsSingleString() } }, ResponseMessage = isAdfs ? MockHelpers.CreateAdfsSuccessTokenResponseMessage() : MockHelpers.CreateSuccessTokenResponseMessage() }); } return(parameters); }
/// <summary> /// For testing purposes only: allows testing token expiration. /// </summary> /// <param name="domain">The active directory domain or tenantId to authenticate with.</param> /// <param name="clientId">The active directory clientId for the application.</param> /// <param name="authenticationProvider">A source for the secure secret for this application.</param> /// <param name="settings">The active directory service side settings, including authority and token audience.</param> /// <param name="cache">The token cache to target during authentication.</param> /// <param name="expiration">The token expiration.</param> /// <returns>A ServiceClientCredentials object that can authenticate http requests as the given application.</returns> internal static async Task <ServiceClientCredentials> LoginSilentAsync(string domain, string clientId, IApplicationAuthenticationProvider authenticationProvider, ActiveDirectoryServiceSettings settings, TokenCache cache, DateTimeOffset expiration) { var audience = settings.TokenAudience.OriginalString; var context = GetAuthenticationContext(domain, settings, cache); var authResult = await authenticationProvider.AuthenticateAsync(clientId, audience, context).ConfigureAwait(false); return(new TokenCredentials( new ApplicationTokenProvider(context, audience, clientId, authenticationProvider, authResult, expiration), authResult.TenantId, authResult.UserInfo == null ? null : authResult.UserInfo.DisplayableId)); }
/// <summary> /// Creates ServiceClientCredentials for authenticating requests as an active directory application using a certificate credential. Uses the default service settings /// for azure resource manager (authority, token audience) during authentication. /// See <see href="https://azure.microsoft.com/en-us/documentation/articles/active-directory-devquickstarts-dotnet/">Active Directory Quickstart for .Net</see> /// for detailed instructions on creating an Azure Active Directory application. /// </summary> /// <param name="domain">The active directory domain or tenantId to authenticate with.</param> /// <param name="certificate">The certificate associated with Active Directory application.</param> /// <param name="cache">The token cache to target during authentication.</param> /// <returns>A ServiceClientCredentials object that can authenticate http requests as the given application.</returns> public static async Task <ServiceClientCredentials> LoginSilentWithCertificateAsync(string domain, ClientAssertionCertificate certificate, TokenCache cache) { return(await LoginSilentAsync(domain, certificate, ActiveDirectoryServiceSettings.Azure, cache).ConfigureAwait(false)); }
public SubscriptionCloudCredentials GetSubscriptionCloudCredentials(AzureContext context, AzureEnvironment.Endpoint targetEndpoint) { if (context.Subscription == null) { var exceptionMessage = targetEndpoint == AzureEnvironment.Endpoint.ServiceManagement ? Resources.InvalidDefaultSubscription : Resources.NoSubscriptionInContext; throw new ApplicationException(exceptionMessage); } if (context.Account == null) { var exceptionMessage = targetEndpoint == AzureEnvironment.Endpoint.ServiceManagement ? Resources.AccountNotFound : Resources.ArmAccountNotFound; throw new ArgumentException(exceptionMessage); } if (context.Account.Type == AzureAccount.AccountType.Certificate) { var certificate = AzureSession.DataStore.GetCertificate(context.Account.Id); return(new CertificateCloudCredentials(context.Subscription.Id.ToString(), certificate)); } if (context.Account.Type == AzureAccount.AccountType.AccessToken) { return(new TokenCloudCredentials(context.Subscription.Id.ToString(), context.Account.GetProperty(AzureAccount.Property.AccessToken))); } string tenant = null; if (context.Subscription != null && context.Account != null) { tenant = context.Subscription.GetPropertyAsArray(AzureSubscription.Property.Tenants) .Intersect(context.Account.GetPropertyAsArray(AzureAccount.Property.Tenants)) .FirstOrDefault(); } if (tenant == null && context.Tenant != null && context.Tenant.Id != Guid.Empty) { tenant = context.Tenant.Id.ToString(); } if (tenant == null) { var exceptionMessage = targetEndpoint == AzureEnvironment.Endpoint.ServiceManagement ? Resources.TenantNotFound : Resources.NoTenantInContext; throw new ArgumentException(exceptionMessage); } try { var tokenCache = AzureSession.TokenCache; TracingAdapter.Information( Resources.UPNAuthenticationTrace, context.Account.Id, context.Environment.Name, tenant); if (context.TokenCache != null && context.TokenCache.Length > 0) { tokenCache = new TokenCache(context.TokenCache); } var token = Authenticate( context.Account, context.Environment, tenant, null, ShowDialog.Never, tokenCache, context.Environment.GetTokenAudience(targetEndpoint)); if (context.TokenCache != null && context.TokenCache.Length > 0) { context.TokenCache = tokenCache.Serialize(); } TracingAdapter.Information( Resources.UPNAuthenticationTokenTrace, token.LoginType, token.TenantId, token.UserId); return(new AccessTokenCredential(context.Subscription.Id, token)); } catch (Exception ex) { TracingAdapter.Information(Resources.AdalAuthException, ex.Message); var exceptionMessage = targetEndpoint == AzureEnvironment.Endpoint.ServiceManagement ? Resources.InvalidSubscriptionState : Resources.InvalidArmContext; throw new ArgumentException(exceptionMessage, ex); } }
public FormTokenViewer(TokenCache tokenCache) { InitializeComponent(); _tokenCache = tokenCache; ShowTokens(); }
public void SliceParametersTest() { Authority authority = Authority.CreateAuthority(TestConstants.AuthorityHomeTenant, false); cache = new TokenCache() { ClientId = TestConstants.ClientId }; MockWebUI ui = new MockWebUI() { MockResult = new AuthorizationResult(AuthorizationStatus.Success, TestConstants.AuthorityHomeTenant + "?code=some-code"), QueryParamsToValidate = new Dictionary <string, string>() { { "key1", "value1%20with%20encoded%20space" }, { "key2", "value2" } } }; //add mock response for tenant endpoint discovery HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler { Method = HttpMethod.Get, ResponseMessage = MockHelpers.CreateOpenIdConfigurationResponse(TestConstants.AuthorityHomeTenant) }); MockHttpMessageHandler mockHandler = new MockHttpMessageHandler(); mockHandler.Method = HttpMethod.Post; mockHandler.QueryParams = new Dictionary <string, string>() { { "key1", "value1%20with%20encoded%20space" }, { "key2", "value2" } }; mockHandler.ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage(); HttpMessageHandlerFactory.AddMockHandler(mockHandler); AuthenticationRequestParameters parameters = new AuthenticationRequestParameters() { Authority = authority, SliceParameters = "key1=value1%20with%20encoded%20space&key2=value2", ClientId = TestConstants.ClientId, Scope = TestConstants.Scope, TokenCache = cache, RequestContext = new RequestContext(Guid.Empty, null) }; parameters.RedirectUri = new Uri("some://uri"); parameters.ExtraQueryParameters = "extra=qp"; InteractiveRequest request = new InteractiveRequest(parameters, TestConstants.ScopeForAnotherResource.ToArray(), TestConstants.DisplayableId, UIBehavior.SelectAccount, ui); Task <AuthenticationResult> task = request.RunAsync(); task.Wait(); AuthenticationResult result = task.Result; Assert.IsNotNull(result); Assert.AreEqual(1, cache.TokenCacheAccessor.RefreshTokenCacheDictionary.Count); Assert.AreEqual(1, cache.TokenCacheAccessor.AccessTokenCacheDictionary.Count); Assert.AreEqual(result.AccessToken, "some-access-token"); Assert.IsTrue(HttpMessageHandlerFactory.IsMocksQueueEmpty, "All mocks should have been consumed"); }
public void NoCacheLookup() { Authority authority = Authority.CreateAuthority(TestConstants.AuthorityHomeTenant, false); cache = new TokenCache() { ClientId = TestConstants.ClientId }; AccessTokenCacheItem atItem = new AccessTokenCacheItem() { Authority = TestConstants.AuthorityHomeTenant, ClientId = TestConstants.ClientId, RawIdToken = MockHelpers.CreateIdToken(TestConstants.UniqueId, TestConstants.DisplayableId), RawClientInfo = MockHelpers.CreateClientInfo(), TokenType = "Bearer", ExpiresOnUnixTimestamp = MsalHelpers.DateTimeToUnixTimestamp(DateTime.UtcNow + TimeSpan.FromSeconds(3599)), ScopeSet = TestConstants.Scope }; atItem.IdToken = IdToken.Parse(atItem.RawIdToken); atItem.ClientInfo = ClientInfo.CreateFromJson(atItem.RawClientInfo); AccessTokenCacheKey atKey = atItem.GetAccessTokenItemKey(); atItem.AccessToken = atKey.ToString(); cache.TokenCacheAccessor.AccessTokenCacheDictionary[atKey.ToString()] = JsonHelper.SerializeToJson(atItem); MockWebUI ui = new MockWebUI() { MockResult = new AuthorizationResult(AuthorizationStatus.Success, TestConstants.AuthorityHomeTenant + "?code=some-code") }; //add mock response for tenant endpoint discovery HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler { Method = HttpMethod.Get, ResponseMessage = MockHelpers.CreateOpenIdConfigurationResponse(TestConstants.AuthorityHomeTenant) }); MockHttpMessageHandler mockHandler = new MockHttpMessageHandler(); mockHandler.Method = HttpMethod.Post; mockHandler.ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage(); HttpMessageHandlerFactory.AddMockHandler(mockHandler); AuthenticationRequestParameters parameters = new AuthenticationRequestParameters() { Authority = authority, ClientId = TestConstants.ClientId, Scope = TestConstants.Scope, TokenCache = cache, RequestContext = new RequestContext(Guid.Empty, null) }; parameters.RedirectUri = new Uri("some://uri"); parameters.ExtraQueryParameters = "extra=qp"; InteractiveRequest request = new InteractiveRequest(parameters, TestConstants.ScopeForAnotherResource.ToArray(), TestConstants.DisplayableId, UIBehavior.SelectAccount, ui); Task <AuthenticationResult> task = request.RunAsync(); task.Wait(); AuthenticationResult result = task.Result; Assert.IsNotNull(result); Assert.AreEqual(1, cache.TokenCacheAccessor.RefreshTokenCacheDictionary.Count); Assert.AreEqual(2, cache.TokenCacheAccessor.AccessTokenCacheDictionary.Count); Assert.AreEqual(result.AccessToken, "some-access-token"); Assert.IsTrue(HttpMessageHandlerFactory.IsMocksQueueEmpty, "All mocks should have been consumed"); Assert.IsNotNull(_myReceiver.EventsReceived.Find(anEvent => // Expect finding such an event anEvent[EventBase.EventNameKey].EndsWith("ui_event") && anEvent[UiEvent.UserCancelledKey] == "false")); Assert.IsNotNull(_myReceiver.EventsReceived.Find(anEvent => // Expect finding such an event anEvent[EventBase.EventNameKey].EndsWith("api_event") && anEvent[ApiEvent.UiBehaviorKey] == "select_account")); }
/// <summary> /// Returns a SharePoint ClientContext using Azure Active Directory authentication. This requires that you have a Azure AD Native Application registered. The user will be prompted for authentication. /// </summary> /// <param name="siteUrl">Site for which the ClientContext object will be instantiated</param> /// <param name="clientId">The Azure AD Native Application Client ID</param> /// <param name="redirectUri">The Azure AD Native Application Redirect Uri</param> /// <param name="tokenCache">Optional token cache. If not specified an in-memory token cache will be used</param> /// <param name="environment">SharePoint environment being used</param> /// <returns>Client context object</returns> public ClientContext GetAzureADNativeApplicationAuthenticatedContext(string siteUrl, string clientId, Uri redirectUri, TokenCache tokenCache = null, AzureEnvironment environment = AzureEnvironment.Production) { var clientContext = new ClientContext(siteUrl); _contextUrl = siteUrl; _tokenCache = tokenCache; _clientId = clientId; _redirectUri = redirectUri; _commonAuthority = String.Format("{0}/common", GetAzureADLoginEndPoint(environment)); clientContext.ExecutingWebRequest += clientContext_NativeApplicationExecutingWebRequest; return(clientContext); }
/// <summary> /// Returns a SharePoint ClientContext using Azure Active Directory authentication. This requires that you have a Azure AD Native Application registered. The user will be prompted for authentication. /// </summary> /// <param name="siteUrl">Site for which the ClientContext object will be instantiated</param> /// <param name="clientId">The Azure AD Native Application Client ID</param> /// <param name="redirectUrl">The Azure AD Native Application Redirect Uri as a string</param> /// <param name="tokenCache">Optional token cache. If not specified an in-memory token cache will be used</param> /// <param name="environment">SharePoint environment being used</param> /// <returns>Client context object</returns> public ClientContext GetAzureADNativeApplicationAuthenticatedContext(string siteUrl, string clientId, string redirectUrl, TokenCache tokenCache = null, AzureEnvironment environment = AzureEnvironment.Production) { return(GetAzureADNativeApplicationAuthenticatedContext(siteUrl, clientId, new Uri(redirectUrl), tokenCache, environment)); }
public MockHttpTestHarness(string authorityUri) { _mockHttpAndServiceBundle = new MockHttpAndServiceBundle(); Authority = Authority.CreateAuthority(ServiceBundle, authorityUri); Cache = new TokenCache(ServiceBundle); }
public static AuthResult FromMSALAuthenticationResult(this AuthenticationResult authResult, TokenCache tokenCache) { var result = new AuthResult { AccessToken = authResult.AccessToken, UserName = $"{authResult.User.Name}", UserUniqueId = authResult.User.Identifier, ExpiresOnUtcTicks = authResult.ExpiresOn.UtcTicks, TokenCache = tokenCache.Serialize() }; return(result); }
private static void PersistCacheToSession(ISession session, string cacheId, TokenCache cache) { session.Set(cacheId, cache.Serialize()); }
public AcquireTokenForClientHandler(Authenticator authenticator, TokenCache tokenCache, string resource, ClientKey clientKey) : base(authenticator, tokenCache, resource, clientKey, TokenSubjectType.Client) { this.SupportADFS = true; }
private static void LoadCacheFromSession(ISession session, string cacheId, TokenCache cache) { cache.Deserialize(session.Get(cacheId)); }
/// <summary> /// Creates ServiceClientCredentials for authenticating requests as an active directory application using a certificate credential. /// See <see href="https://azure.microsoft.com/en-us/documentation/articles/active-directory-devquickstarts-dotnet/">Active Directory Quickstart for .Net</see> /// for detailed instructions on creating an Azure Active Directory application. /// </summary> /// <param name="domain">The active directory domain or tenantId to authenticate with.</param> /// <param name="certificate">The certificate associated with Active Directory application.</param> /// <param name="settings">The active directory service side settings, including authority and token audience.</param> /// <param name="cache">The token cache to target during authentication.</param> /// <returns>A ServiceClientCredentials object that can authenticate http requests as the given application.</returns> public static async Task <ServiceClientCredentials> LoginSilentAsync(string domain, ClientAssertionCertificate certificate, ActiveDirectoryServiceSettings settings, TokenCache cache) { return(await LoginSilentAsync(domain, certificate.ClientId, new CertificateAuthenticationProvider((clientId) => Task.FromResult(certificate)), settings, cache).ConfigureAwait(false)); }
internal NoLockTokenCacheProxy(TokenCache tokenCache) { _tokenCache = tokenCache; }
/// <summary> /// Creates ServiceClientCredentials for authenticating requests as an active directory application. Uses the default service settings /// (authority and token audience) for authenticating with azure resource manager. /// See <see href="https://azure.microsoft.com/en-us/documentation/articles/active-directory-devquickstarts-dotnet/">Active Directory Quickstart for .Net</see> /// for detailed instructions on creating an Azure Active Directory application. /// </summary> /// <param name="domain">The active directory domain or tenantId to authenticate with.</param> /// <param name="clientId">The active directory clientId for the application.</param> /// <param name="authenticationProvider">A source for the secure secret for this application.</param> /// <param name="cache">The token cache to target during authentication.</param> /// <returns>A ServiceClientCredentials object that can authenticate http requests as the given application.</returns> public static async Task <ServiceClientCredentials> LoginSilentAsync(string domain, string clientId, IApplicationAuthenticationProvider authenticationProvider, TokenCache cache) { return(await LoginSilentAsync(domain, clientId, authenticationProvider, ActiveDirectoryServiceSettings.Azure, cache).ConfigureAwait(false)); }
internal AdalTokenProvider(string authority, string resource, string clientId, TokenCache tokenCache) { this.authority = authority; this.resource = resource; this.clientId = clientId; this.tokenCache = tokenCache; // authenticationContext is re-created on each call since the authority can be unexpectedly mutated by another call. // e.g. AcquireTokenWithWindowsIntegratedAuth could set it to a specific AAD authority preventing a future AcquireTokenWithDeviceFlowAsync from working for a MSA account. }
private static AuthenticationContext GetAuthenticationContext(string domain, ActiveDirectoryServiceSettings serviceSettings, TokenCache cache) { return((cache == null) ? new AuthenticationContext(serviceSettings.AuthenticationEndpoint + domain, serviceSettings.ValidateAuthority) : new AuthenticationContext(serviceSettings.AuthenticationEndpoint + domain, serviceSettings.ValidateAuthority, cache)); }
public void NoCacheLookup() { MyReceiver myReceiver = new MyReceiver(); using (MockHttpAndServiceBundle harness = CreateTestHarness(telemetryCallback: myReceiver.HandleTelemetryEvents)) { TokenCache cache = new TokenCache(harness.ServiceBundle, false); MsalAccessTokenCacheItem atItem = new MsalAccessTokenCacheItem( TestConstants.ProductionPrefNetworkEnvironment, TestConstants.ClientId, TestConstants.s_scope.AsSingleString(), TestConstants.Utid, null, new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(3599)), new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(7200)), MockHelpers.CreateClientInfo()); string atKey = atItem.GetKey().ToString(); atItem.Secret = atKey; ((ITokenCacheInternal)cache).Accessor.SaveAccessToken(atItem); MockWebUI ui = new MockWebUI() { MockResult = AuthorizationResult.FromUri(TestConstants.AuthorityHomeTenant + "?code=some-code") }; MockInstanceDiscoveryAndOpenIdRequest(harness.HttpManager); harness.HttpManager.AddSuccessTokenResponseMockHandlerForPost(TestConstants.AuthorityHomeTenant); AuthenticationRequestParameters parameters = harness.CreateAuthenticationRequestParameters( TestConstants.AuthorityHomeTenant, TestConstants.s_scope, cache, extraQueryParameters: new Dictionary <string, string> { { "extra", "qp" } }); parameters.RedirectUri = new Uri("some://uri"); parameters.LoginHint = TestConstants.DisplayableId; AcquireTokenInteractiveParameters interactiveParameters = new AcquireTokenInteractiveParameters { Prompt = Prompt.SelectAccount, ExtraScopesToConsent = TestConstants.s_scopeForAnotherResource.ToArray(), }; InteractiveRequest request = new InteractiveRequest( harness.ServiceBundle, parameters, interactiveParameters, ui); Task <AuthenticationResult> task = request.RunAsync(CancellationToken.None); task.Wait(); AuthenticationResult result = task.Result; Assert.IsNotNull(result); Assert.AreEqual(1, ((ITokenCacheInternal)cache).Accessor.GetAllRefreshTokens().Count()); Assert.AreEqual(2, ((ITokenCacheInternal)cache).Accessor.GetAllAccessTokens().Count()); Assert.AreEqual(result.AccessToken, "some-access-token"); Assert.IsNotNull( myReceiver.EventsReceived.Find( anEvent => // Expect finding such an event anEvent[EventBase.EventNameKey].EndsWith("ui_event") && anEvent[UiEvent.UserCancelledKey] == "false")); Assert.IsNotNull( myReceiver.EventsReceived.Find( anEvent => // Expect finding such an event anEvent[EventBase.EventNameKey].EndsWith("api_event") && anEvent[ApiEvent.PromptKey] == "select_account")); Assert.IsNotNull( myReceiver.EventsReceived.Find( anEvent => // Expect finding such an event anEvent[EventBase.EventNameKey].EndsWith("ui_event") && anEvent[UiEvent.AccessDeniedKey] == "false")); } }
public void TestCacheDeserializeWithoutServiceBundle() { var tokenCache = new TokenCache(); ((ITokenCacheSerializer)tokenCache).DeserializeMsalV3(new byte[0]); }
static async Task runSample(string tenantId, string clientId, string subscriptionId, string userName, string password, string location, string armEndpoint) { var resourceGroup1Name = SdkContext.RandomResourceName("rgDotnetSdk", 24); var resourceGroup2Name = SdkContext.RandomResourceName("rgDotnetSdk", 24); Console.WriteLine("Get credential token"); var adSettings = getActiveDirectoryServiceSettings(armEndpoint); // Authenticate with ADAL directly. Fluent packages don't support UserPass auth var tokenCache = new TokenCache(); var context = new AuthenticationContext(authority: adSettings.AuthenticationEndpoint.ToString(), validateAuthority: false, tokenCache: tokenCache); var cred = new UserPasswordCredential(userName, password); var token = await AuthenticationContextIntegratedAuthExtensions.AcquireTokenAsync(ctx : context, resource : adSettings.TokenAudience.ToString(), clientId : clientId, userCredential : cred).ConfigureAwait(continueOnCapturedContext: false); var credentials = await UserTokenProvider.CreateCredentialsFromCache(clientId : clientId, domain : tenantId, username : userName, cache : tokenCache, serviceSettings : adSettings).ConfigureAwait(continueOnCapturedContext: false); Console.WriteLine("Instantiate resource management client"); var rmClient = GetResourceManagementClient(new Uri(armEndpoint), credentials, subscriptionId); // Create resource group. try { Console.WriteLine(String.Format("Creating a resource group with name:{0}", resourceGroup1Name)); var rmCreateTask = rmClient.ResourceGroups.CreateOrUpdateWithHttpMessagesAsync( resourceGroup1Name, new Profile2018ResourceManager.Models.ResourceGroup { Location = location }); rmCreateTask.Wait(); } catch (Exception ex) { Console.WriteLine(String.Format("Could not create resource group {0}. Exception: {1}", resourceGroup1Name, ex.Message)); } // Update the resource group. try { Console.WriteLine(String.Format("Updating the resource group with name:{0}", resourceGroup1Name)); var rmTagTask = rmClient.ResourceGroups.PatchWithHttpMessagesAsync(resourceGroup1Name, new Profile2018ResourceManager.Models.ResourceGroup { Tags = new Dictionary <string, string> { { "DotNetTag", "DotNetValue" } } }); rmTagTask.Wait(); } catch (Exception ex) { Console.WriteLine(String.Format("Could not tag resource group {0}. Exception: {1}", resourceGroup1Name, ex.Message)); } // Create another resource group. try { Console.WriteLine(String.Format("Creating a resource group with name:{0}", resourceGroup2Name)); var rmCreateTask = rmClient.ResourceGroups.CreateOrUpdateWithHttpMessagesAsync( resourceGroup2Name, new Profile2018ResourceManager.Models.ResourceGroup { Location = location }); rmCreateTask.Wait(); } catch (Exception ex) { Console.WriteLine(String.Format("Could not create resource group {0}. Exception: {1}", resourceGroup2Name, ex.Message)); } // List resource groups. try { Console.WriteLine("Listing all resource groups."); var rmListTask = rmClient.ResourceGroups.ListWithHttpMessagesAsync(); rmListTask.Wait(); var resourceGroupResults = rmListTask.Result.Body; foreach (var result in resourceGroupResults) { Console.WriteLine(String.Format("Resource group name:{0}", result.Name)); } } catch (Exception ex) { Console.WriteLine(string.Format("Could not list resource groups. Exception: {0}", ex.Message)); } // Delete a resource group. try { Console.WriteLine(String.Format("Deleting resource group with name:{0}", resourceGroup2Name)); var rmDeleteTask = rmClient.ResourceGroups.DeleteWithHttpMessagesAsync(resourceGroup2Name); rmDeleteTask.Wait(); } catch (Exception ex) { Console.WriteLine(String.Format("Could not delete resource group {0}. Exception: {1}", resourceGroup2Name, ex.Message)); } }
/// <summary> /// Returns a SharePoint ClientContext using Azure Active Directory authentication. This requires that you have a Azure AD Native Application registered. The user will be prompted for authentication. /// </summary> /// <param name="siteUrl">Site for which the ClientContext object will be instantiated</param> /// <param name="clientId">The Azure AD Native Application Client ID</param> /// <param name="redirectUrl">The Azure AD Native Application Redirect Uri as a string</param> /// <param name="tokenCache">Optional token cache. If not specified an in-memory token cache will be used</param> /// <returns></returns> public ClientContext GetAzureADNativeApplicationAuthenticatedContext(string siteUrl, string clientId, string redirectUrl, TokenCache tokenCache = null) { return(GetAzureADNativeApplicationAuthenticatedContext(siteUrl, clientId, new Uri(redirectUrl), tokenCache)); }
/// <summary> /// Creates ServiceClientCredentials for authenticating requests as an active directory application using client credentials. /// See <see href="https://azure.microsoft.com/en-us/documentation/articles/active-directory-devquickstarts-dotnet/">Active Directory Quickstart for .Net</see> /// for detailed instructions on creating an Azure Active Directory application. /// </summary> /// <param name="domain">The active directory domain or tenantId to authenticate with.</param> /// <param name="clientId">The active directory clientId for the application.</param> /// <param name="secret">The secret for this active directory application.</param> /// <param name="settings">The active directory service side settings, including authority and token audience.</param> /// <param name="cache">The token cache to target during authentication.</param> /// <returns>A ServiceClientCredentials object that can authenticate http requests as the given application.</returns> public static async Task <ServiceClientCredentials> LoginSilentAsync(string domain, string clientId, string secret, ActiveDirectoryServiceSettings settings, TokenCache cache) { return(await LoginSilentAsync(domain, new ClientCredential(clientId, secret), settings, cache).ConfigureAwait(false)); }
/* * Interactive: User popup * (using a token cache to reuse/save session state) */ private static ServiceClientCredentials GetCredsInteractivePopup(string domain, Uri tokenAudience, TokenCache tokenCache, PromptBehavior promptBehavior = PromptBehavior.Auto) { SynchronizationContext.SetSynchronizationContext(new SynchronizationContext()); var clientSettings = new ActiveDirectoryClientSettings { ClientId = azure_powershell_clientid, ClientRedirectUri = new Uri("urn:ietf:wg:oauth:2.0:oob"), PromptBehavior = promptBehavior }; var serviceSettings = ActiveDirectoryServiceSettings.Azure; serviceSettings.TokenAudience = tokenAudience; var creds = UserTokenProvider.LoginWithPromptAsync(domain, clientSettings, serviceSettings, tokenCache).GetAwaiter().GetResult(); return(creds); }
/// <summary> /// Creates ServiceClientCredentials for authenticating requests as an active directory application using a client credential. /// See <see href="https://azure.microsoft.com/en-us/documentation/articles/active-directory-devquickstarts-dotnet/">Active Directory Quickstart for .Net</see> /// for detailed instructions on creating an Azure Active Directory application. /// </summary> /// <param name="domain">The active directory domain or tenantId to authenticate with.</param> /// <param name="credential">The client credential (client id and secret) for this active directory application.</param> /// <param name="settings">The active directory service side settings, including authority and token audience.</param> /// <param name="cache">The token cache to target during authentication.</param> /// <returns>A ServiceClientCredentials object that can authenticate http requests as the given application.</returns> public static async Task <ServiceClientCredentials> LoginSilentAsync(string domain, ClientCredential credential, ActiveDirectoryServiceSettings settings, TokenCache cache) { return(await LoginSilentAsync(domain, credential.ClientId, new MemoryApplicationAuthenticationProvider(credential), settings, cache).ConfigureAwait(false)); }
public AcquireTokenForClientHandler(Authenticator authenticator, TokenCache tokenCache, string[] scope, ClientKey clientKey) : base(authenticator, tokenCache, scope, clientKey, TokenSubjectType.Client) { this.SupportADFS = false; }
/// <summary> /// Creates ServiceClientCredentials for authenticating requests as an active directory application using certificate credentials. Uses the default service settings /// (authority, token audience) for log in to azure resource manager during authentication. /// See <see href="https://azure.microsoft.com/en-us/documentation/articles/active-directory-devquickstarts-dotnet/">Active Directory Quickstart for .Net</see> /// for detailed instructions on creating an Azure Active Directory application. /// </summary> /// <param name="domain">The active directory domain or tenantId to authenticate with.</param> /// <param name="clientId">The active directory clientId for the application.</param> /// <param name="certificate">The certificate associated with Active Directory application.</param> /// <param name="password">The certificate password.</param> /// <param name="cache">The token cache to target during authentication.</param> /// <returns>A ServiceClientCredentials object that can authenticate http requests as the given application.</returns> public static async Task <ServiceClientCredentials> LoginSilentAsync(string domain, string clientId, byte[] certificate, string password, TokenCache cache) { return(await LoginSilentAsync(domain, clientId, certificate, password, ActiveDirectoryServiceSettings.Azure, cache).ConfigureAwait(false)); }
/// <summary> /// /// </summary> public static string GetJsapiTicket(WeChatParam param) { var appId = GetConfig.GetAppid(param); if (!AccessTicketsCache.ContainsKey(appId) || AccessTicketsCache[appId] == null || AccessTicketsCache[appId].ExpireTime < DateTime.Now) { var result = HttpHelper.Get<TokenResult>(ApiList.GetticketUrl, new HttpParam { {"access_token", GetAccessToken(param)}, {"type", "jsapi"} }); if (result.errmsg != "ok") throw new WxException(result.errcode, result.errmsg); AccessTicketsCache[appId] = new TokenCache { JsapiTicket = result.ticket, ExpireTime = DateTime.Now.AddSeconds(result.expires_in - 3) }; } return AccessTicketsCache[appId].JsapiTicket; }
/// <summary> /// Creates ServiceClientCredentials for authenticating requests as an active directory application using certificate credential. /// See <see href="https://azure.microsoft.com/en-us/documentation/articles/active-directory-devquickstarts-dotnet/">Active Directory Quickstart for .Net</see> /// for detailed instructions on creating an Azure Active Directory application. /// </summary> /// <param name="domain">The active directory domain or tenantId to authenticate with.</param> /// <param name="clientId">The active directory clientId for the application.</param> /// <param name="certificate">The certificate associated with Active Directory application.</param> /// <param name="password">The certificate password.</param> /// <param name="settings">The active directory service side settings, including authority and token audience.</param> /// <param name="cache">The token cache to target during authentication.</param> /// <returns>A ServiceClientCredentials object that can authenticate http requests as the given application.</returns> public static async Task <ServiceClientCredentials> LoginSilentAsync(string domain, string clientId, byte[] certificate, string password, ActiveDirectoryServiceSettings settings, TokenCache cache) { #if !net452 return(await LoginSilentAsync(domain, new ClientAssertionCertificate(clientId, certificate, password), settings, cache).ConfigureAwait(false)); #else return(await LoginSilentAsync(domain, new ClientAssertionCertificate(clientId, new System.Security.Cryptography.X509Certificates.X509Certificate2(certificate)), settings, cache).ConfigureAwait(false)); #endif }
/// <summary> /// Gets the token. /// </summary> /// <param name="url">The URL.</param> /// <param name="username">The username.</param> /// <param name="password">The password.</param> /// <returns></returns> private static string GetToken(string url, string username, string password) { string token = String.Empty; try { string tokenUrl = String.Format("{0}?username={1}&password={2}&format=pox", url, username, password); //Try and get token from the cache if (LocatorManager.CachedTokens != null && LocatorManager.CachedTokens.ContainsKey(tokenUrl)) { if (LocatorManager.CachedTokens[tokenUrl].IsValid()) { token = LocatorManager.CachedTokens[tokenUrl].Token; } else { LocatorManager.CachedTokens.Remove(tokenUrl); } } if (String.IsNullOrEmpty(token)) { WebRequest webRequest = WebRequest.Create(tokenUrl); using (WebResponse webResponse = webRequest.GetResponse()) { using (Stream byteStream = webResponse.GetResponseStream()) { using (XmlTextReader xmlReader = new XmlTextReader(byteStream)) { xmlReader.Read(); xmlReader.Read(); token = xmlReader.Value; int duration = 0; int.TryParse(token.Substring(0, 3), out duration); TokenCache tokenCache = new TokenCache(token, DateTime.Now.AddMinutes(duration - 1).ToUniversalTime()); LocatorManager.CachedTokens.Add(tokenUrl, tokenCache); } } } } } catch (Exception) { } return token; }
private AdalConfiguration GetAdalConfiguration(AzureEnvironment environment, string tenantId, AzureEnvironment.Endpoint resourceId, TokenCache tokenCache) { if (environment == null) { throw new ArgumentNullException("environment"); } var adEndpoint = environment.Endpoints[AzureEnvironment.Endpoint.ActiveDirectory]; if (string.IsNullOrWhiteSpace(adEndpoint)) { throw new ArgumentOutOfRangeException( "environment", string.Format("No Active Directory endpoint specified for environment '{0}'", environment.Name)); } var audience = environment.Endpoints[resourceId]; if (string.IsNullOrWhiteSpace(audience)) { string message = Resources.InvalidManagementTokenAudience; if (resourceId == AzureEnvironment.Endpoint.GraphEndpointResourceId) { message = Resources.InvalidGraphTokenAudience; } throw new ArgumentOutOfRangeException("environment", string.Format(message, environment.Name)); } return(new AdalConfiguration { AdEndpoint = adEndpoint, ResourceClientUri = environment.Endpoints[resourceId], AdDomain = tenantId, ValidateAuthority = !environment.OnPremise, TokenCache = tokenCache }); }