/// <summary>
/// Generates a self-signed assertion.
/// </summary>
/// <param name="webToken">Json web token.</param>
/// <param name="signingCert">Signing certificate.</param>
/// <returns>Self signed assertion.</returns>
public static string GenerateAssertion(
JsonWebToken webToken, X509Certificate2 signingCert)
{
string encodedHash = Base64Utils.Encode(signingCert.GetCertHash());
JsonWebTokenHeader tokenHeaderContract = new JsonWebTokenHeader("RS256", encodedHash);
string tokenHeader = Base64Utils.Encode(tokenHeaderContract.EncodeToJson());
string tokenBody = Base64Utils.Encode(webToken.EncodeToJson());
string rawToken = string.Format("{0}.{1}", tokenHeader, tokenBody);
string hash = Base64Utils.Encode(JsonWebTokenHelper.SignData(signingCert, rawToken));
string accessToken = string.Format(
"{0}.{1}",
rawToken,
hash);
return accessToken;
}
public OAuthAccessToken GetAccessToken()
{
string stsUrl = "https://accounts.accesscontrol.windows.net/tokens/OAuth/2";
string AcsPrincipalId = "00000001-0000-0000-c000-000000000000";
// Service Principal ID for the graphService principal - this is a Universal (reserved) id for all tenants
string protectedResourcePrincipalId = "00000002-0000-0000-c000-000000000000";
string protectedResourceHostName = "directory.windows.net";
var webToken = new JsonWebToken(
this.spnAppPrincipalId,
tenantId.ToString(),
(new Uri(stsUrl)).DnsSafeHost,
AcsPrincipalId,
DateTime.Now.ToUniversalTime(),
60 * 60);
string jwt = JsonWebTokenHelper.GenerateAssertion(webToken, this.spnSymmetricKey);
string resource = String.Format("{0}/{1}@{2}", protectedResourcePrincipalId, protectedResourceHostName, tenantId);
OAuthAccessToken accessToken = JsonWebTokenHelper.GetOAuthAccessTokenFromACS(stsUrl, jwt, resource);
return accessToken;
}
/// <summary>
/// Generate access token with a symmetric signing key.
/// </summary>
/// <param name="webToken">JSON web token.</param>
/// <param name="signingKey">Symmetric signing key.</param>
/// <returns>OAuth bearer token (self signed)</returns>
public static string GenerateAccessToken(JsonWebToken webToken, string signingKey)
{
return String.Format(
"{0}{1}",
JsonWebTokenHelper.BearerTokenPrefix,
JsonWebTokenHelper.GenerateAssertion(webToken, signingKey));
}
/// <summary>
/// Generate access token with a symmetric signing key.
/// </summary>
/// <param name="webToken">JSON web token.</param>
/// <param name="signingKey">Symmetric signing key.</param>
/// <returns>Self signed assertion.</returns>
public static string GenerateAssertion(JsonWebToken webToken, string signingKey)
{
JsonWebTokenHeader tokenHeaderContract = new JsonWebTokenHeader("HS256", String.Empty);
string tokenHeader = Base64Utils.Encode(tokenHeaderContract.EncodeToJson());
string tokenBody = Base64Utils.Encode(webToken.EncodeToJson());
string rawToken = string.Format("{0}.{1}", tokenHeader, tokenBody);
string signature = Base64Utils.Encode(JsonWebTokenHelper.SignData(signingKey, rawToken));
string accessToken = string.Format(
"{0}.{1}",
rawToken,
signature);
return accessToken;
}
