public async Task <string> GetUserAccessTokenAsync(bool is21v) { string signedInUserID = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value; HttpContextBase httpContextBase = HttpContext.Current.GetOwinContext().Environment["System.Web.HttpContextBase"] as HttpContextBase; SessionTokenCache tokenCache = new SessionTokenCache(signedInUserID, httpContextBase); string tenantID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value; AuthenticationContext authContext = new AuthenticationContext(string.Format((is21v ? Config.O365Authority21VNoCommon: Config.O365AuthorityNoCommon), tenantID), tokenCache); ClientCredential clientCredential = new ClientCredential(is21v ? Config.O365ClientId21V: Config.O365ClientId, is21v ? Config.O365Secret21V : Config.O365Secret); string userObjectId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value; UserIdentifier userId = new UserIdentifier(userObjectId, UserIdentifierType.UniqueId); try { AuthenticationResult result = await authContext.AcquireTokenSilentAsync(is21v?Config.GraphResourceId21V : Config.GraphResourceId, clientCredential, userId); return(result.AccessToken); } catch (AdalException ex) { HttpContext.Current.Request.GetOwinContext().Authentication.Challenge( new AuthenticationProperties() { RedirectUri = is21v ? Config.O365RedirectUri21V:Config.O365RedirectUri }, OpenIdConnectAuthenticationDefaults.AuthenticationType); throw new Exception($" {ex.Message}"); } }
/// <summary> /// Configure OWIN to use OpenIdConnect /// </summary> /// <param name="app"></param> public static void ConfigurationAuth(IAppBuilder app) { app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType); app.UseCookieAuthentication(new CookieAuthenticationOptions()); app.UseOpenIdConnectAuthentication( new OpenIdConnectAuthenticationOptions(MerchantTypeEnum.Office365.ToString()) { ClientId = Config.O365ClientId, Authority = Config.O365Authority, RedirectUri = Config.O365RedirectUri, PostLogoutRedirectUri = Config.O365RedirectUri, Scope = OpenIdConnectScopes.OpenIdProfile, TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters() { ValidateIssuer = false }, Notifications = new OpenIdConnectAuthenticationNotifications { AuthenticationFailed = (AuthenticationFailedNotification <OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> context) => { context.HandleResponse(); context.Response.Redirect("/?errormessage=" + context.Exception.Message); return(Task.FromResult(0)); }, AuthorizationCodeReceived = async(context) => { var code = context.Code; Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential credential = new Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential(Config.O365ClientId, Config.O365Secret); string tenantID = context.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value; string signedInUserID = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value; HttpContextBase httpContextBase = HttpContext.Current.GetOwinContext().Environment["System.Web.HttpContextBase"] as HttpContextBase; SessionTokenCache tokenCache = new SessionTokenCache(signedInUserID, httpContextBase); AuthenticationContext authContext = new AuthenticationContext(string.Format(Config.O365AuthorityNoCommon, tenantID), tokenCache); Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationResult result = await authContext.AcquireTokenByAuthorizationCodeAsync( code, new Uri(Config.O365RedirectUri), credential, Config.GraphResourceId); } } } ); app.UseOpenIdConnectAuthentication( new OpenIdConnectAuthenticationOptions(MerchantTypeEnum.Office365_21V.ToString()) { ClientId = Config.O365ClientId21V, Authority = Config.O365Authority21V, TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters { ValidateIssuer = false, }, Notifications = new OpenIdConnectAuthenticationNotifications() { AuthorizationCodeReceived = async(context) => { var code = context.Code; Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential credential = new Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential(Config.O365ClientId21V, Config.O365Secret21V); string tenantID = context.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value; string signedInUserID = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value; HttpContextBase httpContextBase = HttpContext.Current.GetOwinContext().Environment["System.Web.HttpContextBase"] as HttpContextBase; SessionTokenCache tokenCache = new SessionTokenCache(signedInUserID, httpContextBase); AuthenticationContext authContext = new AuthenticationContext(string.Format(Config.O365Authority21VNoCommon, tenantID), tokenCache); Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationResult result = await authContext.AcquireTokenByAuthorizationCodeAsync( code, new Uri(Config.O365RedirectUri21V), credential, Config.GraphResourceId21V); }, RedirectToIdentityProvider = (context) => { context.ProtocolMessage.RedirectUri = Config.O365RedirectUri21V; context.ProtocolMessage.PostLogoutRedirectUri = Config.URL + "/Account/SignOut"; return(Task.FromResult(0)); }, AuthenticationFailed = (context) => { context.OwinContext.Response.Redirect("/Error/NotFound"); context.HandleResponse(); return(Task.FromResult(0)); } } }); app.UseOpenIdConnectAuthentication( new OpenIdConnectAuthenticationOptions("SharepointOnline") { ClientId = Config.SPOnlineClientId, Authority = Config.SPOnlineAuthority, TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters { // instead of using the default validation (validating against a single issuer value, as we do in line of business apps), // we inject our own multitenant validation logic ValidateIssuer = false, }, Notifications = new OpenIdConnectAuthenticationNotifications() { //AuthorizationCodeReceived = async (context) => //{ // var code = context.Code; // Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential credential = new Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential(Config.SPOnlineClientId, Config.SPOnlineSecret); // string tenantID = context.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value; // string signedInUserID = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value; // HttpContextBase httpContextBase = HttpContext.Current.GetOwinContext().Environment["System.Web.HttpContextBase"] as HttpContextBase; // SessionTokenCache tokenCache = new SessionTokenCache(signedInUserID, httpContextBase); // AuthenticationContext authContext = new AuthenticationContext(string.Format(Config.SPOnlineAuthorityNoCommon, tenantID), tokenCache); // Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationResult result = await authContext.AcquireTokenByAuthorizationCodeAsync( // code, new Uri(Config.SPOnlineRedirectUri), credential, Config.GraphResourceId); // // log.Info("认证成功:" + signedInUserID); // }, RedirectToIdentityProvider = (context) => { // This ensures that the address used for sign in and sign out is picked up dynamically from the request // this allows you to deploy your app (to Azure Web Sites, for example)without having to change settings // Remember that the base URL of the address used here must be provisioned in Azure AD beforehand. // string appBaseUrl = context.Request.Scheme + "://" + context.Request.Host + context.Request.PathBase; context.ProtocolMessage.RedirectUri = Config.SPOnlineRedirectUri; //log.Info("回掉地址"+Config.O365RedirectUri21V); context.ProtocolMessage.PostLogoutRedirectUri = Config.URL + "/Account/SignOut"; return(Task.FromResult(0)); }, AuthenticationFailed = (context) => { //context.OwinContext.Response.Redirect("/Error/NotFound"); context.HandleResponse(); // Suppress the exception return(Task.FromResult(0)); } } }); app.UseOpenIdConnectAuthentication( new OpenIdConnectAuthenticationOptions("SharepointOnline21V") { ClientId = Config.SPOnlineClientId21V, Authority = Config.SPOnlineAuthority21V, TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters { // instead of using the default validation (validating against a single issuer value, as we do in line of business apps), // we inject our own multitenant validation logic ValidateIssuer = false, }, Notifications = new OpenIdConnectAuthenticationNotifications() { RedirectToIdentityProvider = (context) => { context.ProtocolMessage.RedirectUri = Config.SPOnlineRedirectUri; context.ProtocolMessage.PostLogoutRedirectUri = Config.URL + "/Account/SignOut"; return(Task.FromResult(0)); }, AuthenticationFailed = (context) => { // context.OwinContext.Response.Redirect("/Error/NotFound"); context.HandleResponse(); // Suppress the exception return(Task.FromResult(0)); } } }); }