private static async Task <string> AcquireB2CToken(string audience) { var userObjectId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value; var authority = GetAuthority(audience); var credential = new Adalv4.ClientCredential(Config.ExternalUsersClientId, Config.ExternalUsersClientSecret); var authContext = new Adalv4.AuthenticationContext(authority, new NaiveSessionCache(userObjectId)); var mostRecentPolicy = ClaimsPrincipal.Current.FindFirst(Config.AcrClaimType).Value; var result = await authContext.AcquireTokenSilentAsync(new string[] { Config.ExternalUsersClientId }, credential, Adalv4.UserIdentifier.AnyUser, mostRecentPolicy); return(result.Token); }
private static async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedNotification notification) { // The user's objectId is extracted from the claims provided in the id_token, and used to cache tokens in ADAL // The authority is constructed by appending your B2C directory's name to "https://login.microsoftonline.com/" // The client credential is where you provide your application secret, and is used to authenticate the application to Azure AD var userObjectId = notification.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value; var audience = notification.AuthenticationTicket.Identity.FindFirst("aud").Value; if (audience == Auth.Config.ExternalUsersClientId) { var authority = string.Format(CultureInfo.InvariantCulture, Auth.Config.AadInstance, Auth.Config.ExternalUsersTenant, string.Empty, string.Empty); var credential = new ClientCredential(Auth.Config.ExternalUsersClientId, Auth.Config.ExternalUsersClientSecret); // We don't care which policy is used to access the TaskService, so let's use the most recent policy var mostRecentPolicy = notification.AuthenticationTicket.Identity.FindFirst(Auth.Config.AcrClaimType).Value; // The Authentication Context is ADAL's primary class, which represents your connection to your B2C directory // ADAL uses an in-memory token cache by default. In this case, we've extended the default cache to use a simple per-user session cache var authContext = new AuthenticationContext(authority, new NaiveSessionCache(userObjectId)); // Here you ask for a token using the web app's clientId as the scope, since the web app and service share the same clientId. // The token will be stored in the ADAL token cache, for use in our controllers await authContext.AcquireTokenByAuthorizationCodeAsync(notification.Code, new Uri(Auth.Config.RedirectUri), credential, new[] { Auth.Config.ExternalUsersClientId }, mostRecentPolicy); } else { var authority = string.Format(CultureInfo.InvariantCulture, Auth.Config.AadInstance, Auth.Config.InternalUsersTenant, string.Empty, string.Empty); var credential = new Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential(Auth.Config.InternalUsersClientId, Auth.Config.InternalUsersClientSecret); // The Authentication Context is ADAL's primary class, which represents your connection to your B2C directory // ADAL uses an in-memory token cache by default. In this case, we've extended the default cache to use a simple per-user session cache var authContext = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext(authority); // Here you ask for a token using the web app's clientId as the scope, since the web app and service share the same clientId. // The token will be stored in the ADAL token cache, for use in our controllers await authContext.AcquireTokenByAuthorizationCodeAsync(notification.Code, new Uri(Auth.Config.RedirectUri), credential); } }