private static async Task <string> AcquireB2CToken(string audience)
{
var userObjectId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
var authority = GetAuthority(audience);
var credential = new Adalv4.ClientCredential(Config.ExternalUsersClientId, Config.ExternalUsersClientSecret);
var authContext = new Adalv4.AuthenticationContext(authority, new NaiveSessionCache(userObjectId));
var mostRecentPolicy = ClaimsPrincipal.Current.FindFirst(Config.AcrClaimType).Value;
var result = await authContext.AcquireTokenSilentAsync(new string[] { Config.ExternalUsersClientId }, credential, Adalv4.UserIdentifier.AnyUser, mostRecentPolicy);
return(result.Token);
}
private static async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedNotification notification)
{
// The user's objectId is extracted from the claims provided in the id_token, and used to cache tokens in ADAL
// The authority is constructed by appending your B2C directory's name to "https://login.microsoftonline.com/"
// The client credential is where you provide your application secret, and is used to authenticate the application to Azure AD
var userObjectId = notification.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
var audience = notification.AuthenticationTicket.Identity.FindFirst("aud").Value;
if (audience == Auth.Config.ExternalUsersClientId)
{
var authority = string.Format(CultureInfo.InvariantCulture, Auth.Config.AadInstance, Auth.Config.ExternalUsersTenant, string.Empty, string.Empty);
var credential = new ClientCredential(Auth.Config.ExternalUsersClientId, Auth.Config.ExternalUsersClientSecret);
// We don't care which policy is used to access the TaskService, so let's use the most recent policy
var mostRecentPolicy = notification.AuthenticationTicket.Identity.FindFirst(Auth.Config.AcrClaimType).Value;
// The Authentication Context is ADAL's primary class, which represents your connection to your B2C directory
// ADAL uses an in-memory token cache by default. In this case, we've extended the default cache to use a simple per-user session cache
var authContext = new AuthenticationContext(authority, new NaiveSessionCache(userObjectId));
// Here you ask for a token using the web app's clientId as the scope, since the web app and service share the same clientId.
// The token will be stored in the ADAL token cache, for use in our controllers
await authContext.AcquireTokenByAuthorizationCodeAsync(notification.Code, new Uri(Auth.Config.RedirectUri), credential,
new[] { Auth.Config.ExternalUsersClientId }, mostRecentPolicy);
}
else
{
var authority = string.Format(CultureInfo.InvariantCulture, Auth.Config.AadInstance, Auth.Config.InternalUsersTenant, string.Empty, string.Empty);
var credential = new Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential(Auth.Config.InternalUsersClientId, Auth.Config.InternalUsersClientSecret);
// The Authentication Context is ADAL's primary class, which represents your connection to your B2C directory
// ADAL uses an in-memory token cache by default. In this case, we've extended the default cache to use a simple per-user session cache
var authContext = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext(authority);
// Here you ask for a token using the web app's clientId as the scope, since the web app and service share the same clientId.
// The token will be stored in the ADAL token cache, for use in our controllers
await authContext.AcquireTokenByAuthorizationCodeAsync(notification.Code, new Uri(Auth.Config.RedirectUri), credential);
}
}
