public void AuthenticateRequest(object sender, EventArgs e) { ClaimsPrincipal principal = null; var application = (HttpApplication)sender; var request = application.Request; var response = application.Response; // only perform authentication if localhost //if (!request.Url.IsLoopback) //{ //var displayName = HttpContext.Current.Request.Headers["X-MS-CLIENT-DISPLAY-NAME"]; //var principalName = HttpContext.Current.Request.Headers["X-MS-CLIENT-PRINCIPAL-NAME"]; //if (!string.IsNullOrWhiteSpace(principalName) || // !string.IsNullOrWhiteSpace(displayName)) //{ // principal = new GenericPrincipal(new GenericIdentity(principalName ?? displayName), new[] { "User" }); //} //else //{ // principal = new ClaimsPrincipal(new ClaimsIdentity("SCM")); //} //HttpContext.Current.User = principal; //Thread.CurrentPrincipal = principal; //return; //} response.Headers["Strict-Transport-Security"] = "max-age=0"; if (request.Url.Scheme != "https") { response.Redirect(String.Format("https://{0}{1}", request.Url.Authority, request.Url.PathAndQuery), endResponse: true); return; } if (request.Url.PathAndQuery.StartsWith("/logout", StringComparison.OrdinalIgnoreCase)) { RemoveSessionCookie(application); var logoutUrl = GetLogoutUrl(application); response.Redirect(logoutUrl, endResponse: true); return; } string tenantId; if (SwitchTenant(application, out tenantId)) { RemoveSessionCookie(application); var loginUrl = GetLoginUrl(application, tenantId, "/token"); response.Redirect(loginUrl, endResponse: true); return; } var id_token = request.Form["id_token"]; var code = request.Form["code"]; var state = request.Form["state"]; if (!String.IsNullOrEmpty(id_token) && !String.IsNullOrEmpty(code)) { principal = AuthenticateIdToken(application, id_token); var tenantIdClaim = principal.Claims.FirstOrDefault(c => c.Type == TenantIdClaimType); if (tenantIdClaim == null) { throw new InvalidOperationException("Missing tenantid claim"); } var base_uri = request.Url.GetLeftPart(UriPartial.Authority); var redirect_uri = base_uri + "/manage"; var token = AADOAuth2AccessToken.GetAccessTokenByCode(tenantIdClaim.Value, code, redirect_uri); WriteOAuthTokenCookie(application, token); response.Redirect(base_uri + state, endResponse: true); return; } else { var token = ReadOAuthTokenCookie(application); if (token != null) { if (!token.IsValid()) { token = AADOAuth2AccessToken.GetAccessTokenByRefreshToken(token.TenantId, token.refresh_token, ManagementResource); WriteOAuthTokenCookie(application, token); } principal = new ClaimsPrincipal(new ClaimsIdentity("AAD")); request.ServerVariables["HTTP_X_MS_OAUTH_TOKEN"] = token.access_token; } } if (principal == null) { var loginUrl = GetLoginUrl(application); response.Redirect(loginUrl, endResponse: true); return; } HttpContext.Current.User = principal; Thread.CurrentPrincipal = principal; }
public static AADOAuth2AccessToken ReadOAuthTokenCookie(HttpApplication application) { var request = application.Context.Request; // read oauthtoken cookie var cookies = request.Cookies; var strb = new StringBuilder(); int index = 0; while (true) { var cookieName = OAuthTokenCookie; if (index > 0) { cookieName += index.ToString(CultureInfo.InvariantCulture); } var cookie = cookies[cookieName]; if (cookie == null) { break; } strb.Append(cookie.Value); ++index; } if (strb.Length == 0) { return(null); } var bytes = Convert.FromBase64String(strb.ToString()); var oauthToken = DecodeCookie(bytes); if (oauthToken == null || !oauthToken.IsValid()) { try { if (oauthToken != null) { oauthToken = AADOAuth2AccessToken.GetAccessTokenByRefreshToken(oauthToken.TenantId, oauthToken.refresh_token, oauthToken.resource); } } catch (Exception) { oauthToken = null; } if (oauthToken == null) { RemoveSessionCookie(application); return(null); } WriteOAuthTokenCookie(application, oauthToken); } return(oauthToken); }