/// <summary> /// Retrieves a new auth token from AAD. /// </summary> /// <param name="authUrl">The root of the authority url.</param> /// <param name="tenantDomain">The domain name of the Azure tenant as the second part of the authority url.</param> /// <param name="targetServiceUrl">The url of the service that should be accessed. Be sure to check trailing slashes!</param> /// <param name="clientId">The unique client id as it is configured in Azure Portal.</param> /// <param name="appKey">This value is optional and contains the App-Key-Secret if it is configured in azure portal.</param> /// <param name="redirectUrl">The redirect url as it is configured in Azure Portal.</param> /// <returns>The authentication token.</returns> public static async Task<string> RetrieveTokenAsync(string authUrl, string tenantDomain, string targetServiceUrl, string clientId, Uri redirectUrl, string appKey = null) { var authenticationContext = new AuthenticationContext($"{authUrl}/{tenantDomain}"); try { AuthenticationResult result = null; if (appKey.IsNullOrEmpty()) { // use user auth var parameters = new PlatformParameters(PromptBehavior.Auto); result = await authenticationContext.AcquireTokenAsync(targetServiceUrl, clientId, redirectUrl, parameters).ConfigureAwait(false); } else { // use key auth var clientCredential = new ClientCredential(clientId, appKey); result = await authenticationContext.AcquireTokenAsync(targetServiceUrl, clientCredential).ConfigureAwait(false); } if (result == null) { throw new InvalidOperationException("Failed to obtain the JWT token"); } // store token for reuse return result.AccessToken; } catch (Exception ex) { throw new InvalidOperationException("Could not retrieve token.", ex); } }
static async Task MainAsync(string[] args) { var keyClient = new KeyVaultClient((authority, resource, scope) => { var adCredential = new ClientCredential(applicationId, applicationSecret); var authenticationContext = new AuthenticationContext(authority, null); return authenticationContext.AcquireToken(resource, adCredential).AccessToken; }); // Get the key details var keyIdentifier = "https://testvaultrahul.vault.azure.net/keys/rahulkey/0f653b06c1d94159bc7090596bbf7784"; var key = await keyClient.GetKeyAsync(keyIdentifier); var publicKey = Convert.ToBase64String(key.Key.N); using (var rsa = new RSACryptoServiceProvider()) { var p = new RSAParameters() { Modulus = key.Key.N, Exponent = key.Key.E }; rsa.ImportParameters(p); var byteData = Encoding.Unicode.GetBytes(textToEncrypt); // Encrypt and Decrypt var encryptedText = rsa.Encrypt(byteData, true); var decryptedData = await keyClient.DecryptDataAsync(keyIdentifier, "RSA_OAEP", encryptedText); var decryptedText = Encoding.Unicode.GetString(decryptedData.Result); // Sign and Verify var hasher = new SHA256CryptoServiceProvider(); var digest = hasher.ComputeHash(byteData); var signature = await keyClient.SignAsync(keyIdentifier, "RS256", digest); var isVerified = rsa.VerifyHash(digest, "Sha256", signature.Result); } }
static void Main(string[] args) { System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Ssl3 | System.Net.SecurityProtocolType.Tls12 | System.Net.SecurityProtocolType.Tls11 | System.Net.SecurityProtocolType.Tls; ClientCredential clientCredential = new ClientCredential(clientId, clientSecret); var authenticationContext = new AuthenticationContext(authorityUriv2, true); var authContext = new AuthenticationContext(authorityUriv2); var authenticationResult = authContext.AcquireTokenAsync(resource, clientId, new Uri(ClientRedirectUrl), new PlatformParameters(PromptBehavior.Auto)).GetAwaiter().GetResult(); accessToken = authenticationResult.AccessToken; //var clientBC = new RestClient("https://api.businesscentral.dynamics.com/v2.0/Production/api/CertTech/Integrations/v1.0"); var clientBC = new RestClient("https://api.businesscentral.dynamics.com/v2.0/Production/api/CertTech/Integrations/v1.0/companies"); clientBC.Timeout = -1; var requestBC = new RestRequest(Method.GET); requestBC.AddHeader("Authorization", "Bearer " + accessToken); IRestResponse responseBC = clientBC.Execute(requestBC); bcResponse = responseBC.Content; object resposeDataBC = JsonConvert.DeserializeObject(bcResponse); Console.Write(resposeDataBC); Console.ReadKey(); }
public async Task JsonWebTokenWithX509PublicCertSendX5CTestAsync() { var certificate = new X509Certificate2("valid_cert.pfx", TestConstants.DefaultPassword); var clientAssertion = new ClientAssertionCertificate(TestConstants.DefaultClientId, certificate); var context = new AuthenticationContext(TestConstants.TenantSpecificAuthority, new TokenCache()); var validCertClaim = "\"x5c\":\"" + Convert.ToBase64String(certificate.GetRawCertData()); //Check for x5c claim HttpMessageHandlerFactory.AddMockHandler(X5CMockHandler); AuthenticationResult result = await context.AcquireTokenAsync(TestConstants.DefaultResource, clientAssertion, true).ConfigureAwait(false); Assert.IsNotNull(result.AccessToken); HttpMessageHandlerFactory.AddMockHandler(X5CMockHandler); result = await context.AcquireTokenByAuthorizationCodeAsync(TestConstants.DefaultAuthorizationCode, TestConstants.DefaultRedirectUri, clientAssertion, TestConstants.DefaultResource, true).ConfigureAwait(false); Assert.IsNotNull(result.AccessToken); //Check for empty x5c claim HttpMessageHandlerFactory.AddMockHandler(EmptyX5CMockHandler); context.TokenCache.Clear(); result = await context.AcquireTokenAsync(TestConstants.DefaultResource, clientAssertion, false).ConfigureAwait(false); Assert.IsNotNull(result.AccessToken); HttpMessageHandlerFactory.AddMockHandler(EmptyX5CMockHandler); result = await context.AcquireTokenByAuthorizationCodeAsync(TestConstants.DefaultAuthorizationCode, TestConstants.DefaultRedirectUri, clientAssertion, TestConstants.DefaultResource, false).ConfigureAwait(false); Assert.IsNotNull(result.AccessToken); }
public async Task JsonWebTokenWithX509PublicCertClaimTest() { var certificate = new X509Certificate2("valid_cert.pfx", TestConstants.DefaultPassword); var clientAssertion = new ClientAssertionCertificate(TestConstants.DefaultClientId, certificate); var context = new AuthenticationContext(TestConstants.TenantSpecificAuthority, new TokenCache()); var validCertClaim = "\"x5c\":\"" + Convert.ToBase64String(certificate.GetRawCertData()); HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler(TestConstants.GetTokenEndpoint(TestConstants.TenantSpecificAuthority)) { Method = HttpMethod.Post, ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent("{\"token_type\":\"Bearer\",\"expires_in\":\"3599\",\"access_token\":\"some-access-token\"}") }, AdditionalRequestValidation = request => { var requestContent = request.Content.ReadAsStringAsync().GetAwaiter().GetResult(); var formsData = EncodingHelper.ParseKeyValueList(requestContent, '&', true, null); // Check presence of client_assertion in request string encodedJwt; Assert.IsTrue(formsData.TryGetValue("client_assertion", out encodedJwt), "Missing client_assertion from request"); // Check presence of x5c cert claim. It should not exist. var jwtHeader = EncodingHelper.UrlDecode(encodedJwt.Split('.')[0]); Assert.IsTrue(!jwtHeader.Contains("\"x5c\":")); } }); AuthenticationResult result = await context.AcquireTokenAsync(TestConstants.DefaultResource, clientAssertion); Assert.IsNotNull(result.AccessToken); }
// Redeem code for token asynchronosly for performance, must not do synchronous call for Production private async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedNotification context) { Startup.LastContext = context; code = context.Code; returnUri = new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)); // Token Service appKey is required to authenticate with Azure AD for redeeming the authorization code // Note that the code is returned to LE-SfBApp, but the JavaScript client cannot make use of it ClientCredential credential = new ClientCredential(clientId, appKey); // userObjectID is the objectGUID of the O365 user in Azure AD string userObjectID = context.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value; // intialize with common to retrieve MRRT, index Cache with both user GUID and resource url due to UCWA usage pattern // Startup.sessionCache = new NaiveSessionCache(userObjectID); // Startup.sessionCache = new NaiveSessionCache(userObjectID); // Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext authContext = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext(Startup.Authority, Startup.sessionCache); AuthContext authContext = new AuthContext(Authority, new DistributedTokenCache(cacheconnStr, userObjectID)); AuthenticationResult result = await authContext.AcquireTokenByAuthorizationCodeAsync(code, returnUri, credential, ucwaResourceUrl); // Azure AD schema change // string tenantID = context.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value; // string signedInUserID = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value; // AuthenticationContext authContext = new AuthenticationContext(aadInstance + tenantID, new ADALTokenCache(signedInUserID)); Startup.accessToken = result.AccessToken; Startup.refreshToken = result.RefreshToken; Startup.idToken = result.IdToken; }
/// <summary> /// get crm service client /// </summary> public void GetCrmServiceClient() { if (string.IsNullOrWhiteSpace(this.crmConnection)) { this.ReadKeyVault(); } try { var credentials = new ClientCredential(this.appClientID, this.appClientSecret); var authContext = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext(this.authority); var result = authContext.AcquireTokenAsync(this.resourceURL, credentials).Result; var accesToken = result.AccessToken; Uri serviceUrl = new Uri(this.CRMConnection); using (sdkService = new OrganizationWebProxyClient(serviceUrl, false)) { sdkService.HeaderToken = accesToken; this.ServiceClient = (IOrganizationService)sdkService != null ? (IOrganizationService)sdkService : null; } } catch (FaultException<Microsoft.Xrm.Sdk.OrganizationServiceFault> ex) { this.logger.Error("CRM Connection Issue: ", ex); throw; } catch (Exception ex) { this.logger.Error("CRM Connection Issue: ", ex); throw; } }
/// <summary> /// Gets the AD token for the requests, for the received customer tenant. /// </summary> public async Task<AuthorizationToken> GetADTokenForRequests(string customerTenant) { if (_tokenForRequests != null) { // already initialized return _tokenForRequests; } AuthenticationContext _authenticationContext = new AuthenticationContext(string.Format(Constants.AAD_INSTANCE, customerTenant)); UserCredential _userCredential = new UserCredential(Constants.CSP_SERVICE_USERNAME, Constants.CSP_SERVICE_PASSWORD); // else. Initialize and return AuthenticationResult authenticationResult = await _authenticationContext.AcquireTokenAsync( Constants.GRAPH_RESOURCE_URL, Constants.AZURE_AD_APP_ID_NATIVE_APP, _userCredential); _tokenForRequests = new AuthorizationToken(authenticationResult.AccessToken, authenticationResult.ExpiresOn.DateTime); return _tokenForRequests; }
protected void Page_Load(object sender, EventArgs e) { //Redirect uri must match the redirect_uri used when requesting Authorization code. string redirectUri = Properties.Settings.Default.RedirectUrl; string authorityUri = "https://login.windows.net/common/oauth2/authorize/"; // Get the auth code string code = Request.Params.GetValues(0)[0]; // Get auth token from auth code TokenCache TC = new TokenCache(); AuthenticationContext AC = new AuthenticationContext(authorityUri, TC); ClientCredential cc = new ClientCredential (Properties.Settings.Default.ClientID, Properties.Settings.Default.ClientSecretKey); AuthenticationResult AR = AC.AcquireTokenByAuthorizationCode(code, new Uri(redirectUri), cc); //Set Session "authResult" index string to the AuthenticationResult Session["authResult"] = AR; //Redirect back to Default.aspx Response.Redirect("/Default.aspx"); }
static void Main(string[] args) { /// Azure AD WebApi's APP ID URL string resource = ""; /// Azure AD WebApi's Client ID string clientId = ""; /// Azure AD User's credentials string userName = ""; string userPassword = ""; /// Web API's URL string apiUrl = "http://localhost:3672/api/Test"; var user = new UserCredential(userName, userPassword); var authContext = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext("https://login.windows.net/common"); /// Get an Access Token to Access the Web API on behalf of the user AuthenticationResult authResult = authContext.AcquireTokenAsync(resource, clientId, user).Result; /// Call WebAPI passing Access token on header HttpClient client = new HttpClient(); client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", authResult.AccessToken); /// Get the result HttpResponseMessage response = client.GetAsync(apiUrl).Result; string text = response.Content.ReadAsStringAsync().Result; }
private async Task <AuthenticationResult> GetToken() { try { ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12; AuthenticationParameters ap = AuthenticationParameters.CreateFromUrlAsync(new Uri(Configuration["CRMConnection:ServiceUrl"])).Result; string authorityUrl = ap.Authority.Remove(ap.Authority.IndexOf("/oauth2/authorize")); AuthenticationContext authContext = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext(authorityUrl, false); CRMOrgURL = ap.Resource; try { return(await GetAccessToken(authorityUrl, CRMOrgURL, Configuration["CRMConnection:ClientID"], Configuration["CRMConnection:ClientSecret"])); } catch (AdalException e) { throw e; } } catch (Exception ex) { throw ex; } }
public async Task <IAdalResult> AcquireTokenAsync( string authorityHostUrl, string resource, string clientId) { if (authorityHostUrl is null) { throw new ArgumentNullException(nameof(authorityHostUrl)); } if (resource is null) { throw new ArgumentNullException(nameof(resource)); } if (clientId is null) { throw new ArgumentNullException(nameof(clientId)); } try { var authenticationContext = new ActiveDirectory.AuthenticationContext(authorityHostUrl, _cache); var userCredential = new ActiveDirectory.UserCredential(); ActiveDirectory.AuthenticationResult result = await AdalExtentions.AcquireTokenAsync(authenticationContext, resource, clientId, userCredential); return(new Result(result)); } catch (ActiveDirectory.AdalException exception) { throw new AuthenticationException(exception); } }
private JwtSecurityToken GetJwtSecurityToken() { IOwinContext owinContext = HttpContext.GetOwinContext(); string userObjectID = owinContext.Authentication.User.Claims.First(c => c.Type == Configuration.ClaimsObjectidentifier).Value; NaiveSessionCache cache = new NaiveSessionCache(userObjectID); AuthenticationContext authContext = new AuthenticationContext(Configuration.Authority, cache); TokenCacheItem kdAPITokenCache = authContext.TokenCache.ReadItems().Where(c => c.Resource == Configuration.KdResourceId).FirstOrDefault(); if (kdAPITokenCache == null) { authContext.TokenCache.Clear(); ViewBag.ErrorMessage = "AuthorizationRequired"; if (Request.QueryString["reauth"] == "True") { // // Send an OpenID Connect sign-in request to get a new set of tokens. // If the user still has a valid session with Azure AD, they will not be prompted for their credentials. // The OpenID Connect middleware will return to this controller after the sign-in response has been handled. // HttpContext.GetOwinContext().Authentication.Challenge(OpenIdConnectAuthenticationDefaults.AuthenticationType); } return(null); } return(new JwtSecurityToken(kdAPITokenCache.AccessToken)); }
public string GetAccessToken() { ApplicationDbContext db = new ApplicationDbContext(); string clientId = ConfigurationManager.AppSettings["ida:ClientId"]; string appKey = ConfigurationManager.AppSettings["ida:ClientSecret"]; string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"]; string tenantId = ConfigurationManager.AppSettings["ida:TenantId"]; string Authority = aadInstance + tenantId; string claimIdName = ClaimTypes.NameIdentifier; string claimIdTenantId = "http://schemas.microsoft.com/identity/claims/tenantid"; string claimIdUserId = "http://schemas.microsoft.com/identity/claims/objectidentifier"; ClaimsPrincipal currentUserClaims = ClaimsPrincipal.Current; string signedInUserID = currentUserClaims.FindFirst(claimIdName).Value; string tenantID = currentUserClaims.FindFirst(claimIdTenantId).Value; string userObjectID = currentUserClaims.FindFirst(claimIdUserId).Value; // get a token for the Graph without triggering any user interaction (from the cache, via multi-resource refresh token, etc) ClientCredential clientcred = new ClientCredential(clientId, appKey); // initialize AuthenticationContext with the token cache of the currently signed in user, as kept in the app's database AuthenticationContext authenticationContext = new AuthenticationContext(aadInstance + tenantID, new ADALTokenCache(signedInUserID)); AuthenticationResult authenticationResult = authenticationContext.AcquireTokenSilentAsync(resource, clientcred, new UserIdentifier(userObjectID, UserIdentifierType.UniqueId)).Result; return authenticationResult.AccessToken; }
public ICustomActivityResult Execute() { string Message = string.Empty; string authContextURL = "https://login.windows.net/" + tenantId; var authenticationContext = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext(authContextURL); var credential = new ClientCredential(clientId, clientSecret); var result = authenticationContext.AcquireTokenAsync(resource: "https://management.azure.com/", clientCredential: credential).Result; if (result == null) { Message = "Failed to obtain the JWT token"; return(this.GenerateActivityResult(Message)); } string token = result.AccessToken; HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create("https://management.azure.com/subscriptions/" + subscriptionId + "/resourceGroups/" + resourceGroupName + "/providers/Microsoft.Compute/snapshots/" + snapshotName + "?api-version=2018-06-01"); request.Method = "DELETE"; request.Headers["Authorization"] = "Bearer " + token; request.ContentType = "application/json"; try { request.GetRequestStream(); var httpResponse = (HttpWebResponse)request.GetResponse(); httpResponse.GetResponseStream(); } catch (Exception ex) { Message = ex.Message; return(this.GenerateActivityResult(Message)); } Message = "Success"; return(this.GenerateActivityResult(Message)); }
public async Task AutoPromptBehaviorTestAsync() { MockHelpers.ConfigureMockWebUI(new AuthorizationResult(AuthorizationStatus.Success, TestConstants.DefaultRedirectUri + "?code=some-code")); HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler(TestConstants.GetTokenEndpoint(TestConstants.DefaultAuthorityHomeTenant)) { Method = HttpMethod.Post, ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage(), PostData = new Dictionary <string, string>() { { "grant_type", "authorization_code" } } }); var context = new AuthenticationContext(TestConstants.DefaultAuthorityHomeTenant, true, new TokenCache()); AuthenticationResult result = await context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId, TestConstants.DefaultRedirectUri, new PlatformParameters(PromptBehavior.Auto)).ConfigureAwait(false); Assert.IsNotNull(result); Assert.AreEqual(TestConstants.DefaultAuthorityHomeTenant, context.Authenticator.Authority); Assert.AreEqual("some-access-token", result.AccessToken); Assert.IsNotNull(result.UserInfo); Assert.AreEqual(TestConstants.DefaultDisplayableId, result.UserInfo.DisplayableId); Assert.AreEqual(TestConstants.DefaultUniqueId, result.UserInfo.UniqueId); // There should be one cached entry. Assert.AreEqual(1, context.TokenCache.Count); }
public async Task<ActionResult> Open() { var signInUserId = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value; var userObjectId = ClaimsPrincipal.Current.FindFirst(SettingsHelper.ClaimTypeObjectIdentifier).Value; var clientCredential = new ClientCredential(SettingsHelper.ClientId, SettingsHelper.ClientSecret); var userIdentifier = new UserIdentifier(userObjectId, UserIdentifierType.UniqueId); string token = null; AuthenticationContext authContext = new AuthenticationContext(SettingsHelper.AzureADAuthority, new EFADALTokenCache(signInUserId)); // get the activation parameters submitted from SharePoint ActivationParameters parameters = this.LoadActivationParameters(); // get access token for unified api var authResult = await authContext.AcquireTokenSilentAsync(parameters.ResourceId, clientCredential, userIdentifier); token = authResult.AccessToken; // get contents of the file in SharePoint HttpWebRequest request = (HttpWebRequest)WebRequest.Create(parameters.FileGet); request.Headers.Add(HttpRequestHeader.Authorization, "Bearer " + token); Stream responseStream = request.GetResponse().GetResponseStream(); StreamReader srReader = new StreamReader(responseStream); var fileContents = srReader.ReadToEnd(); // read XML feed XmlReader xmlReader = XmlReader.Create(fileContents); SyndicationFeed feed = SyndicationFeed.Load(xmlReader); xmlReader.Close(); ViewBag.FeedTitle = feed.Title.Text; ViewBag.Posts = feed.Items; return View(); }
public static string GetTokenForSpn(string authority, string audience, string domain, string applicationId, string secret) { var context = new AuthenticationContext(EnsureTrailingSlash(authority) + domain, true, TokenCache.DefaultShared); var authResult = context.AcquireToken(audience, new ClientCredential(applicationId, secret)); return authResult.AccessToken; }
/// <summary> /// Methods for getting a token from ACS /// Updated 10/21, to use Active Directory Authn Library (ADAL) /// Method uses OAuth Authorization Code Grant flow (3-legged OAuth) /// ADAL package avaialble from https://www.nuget.org/packages/Microsoft.IdentityModel.Clients.ActiveDirectory/1.0.0 /// </summary> public static AADJWTToken GetAuthorizationToken(string tenantName, string appPrincipalId, Uri appUri) { string authString = String.Format(StringConstants.AzureADSTSURL, tenantName); AuthenticationContext authenticationContext = new AuthenticationContext(authString); try { AuthenticationResult authenticationResult = authenticationContext.AcquireToken(StringConstants.GraphPrincipalId.ToString(), appPrincipalId, appUri); if (authenticationResult != null) { AADJWTToken token = new AADJWTToken(); token.AccessToken = authenticationResult.AccessToken; token.TokenType = authenticationResult.AccessTokenType; token.ExpiresOn = authenticationResult.ExpiresOn.UtcTicks; token.AdalToken = authenticationResult; return token; } else return null; } catch (Exception e) { //Console.WriteLine("Exception: " + e.Message + " " + e.InnerException); return null; } }
public async Task UnknownUserRealmDiscoveryTestAsync() { AuthenticationContext context = new AuthenticationContext(TestConstants.DefaultAuthorityCommonTenant); await context.Authenticator.UpdateFromTemplateAsync(null).ConfigureAwait(false); HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler(TestConstants.GetUserRealmEndpoint(TestConstants.DefaultAuthorityCommonTenant) + "/" + TestConstants.DefaultDisplayableId) { Method = HttpMethod.Get, ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent("{\"ver\":\"1.0\",\"account_type\":\"Unknown\",\"cloud_instance_name\":\"login.microsoftonline.com\"}") }, QueryParams = new Dictionary <string, string>() { { "api-version", "1.0" } } }); var ex = AssertException.TaskThrows <AdalException>(() => context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId, new UserPasswordCredential(TestConstants.DefaultDisplayableId, TestConstants.DefaultPassword))); Assert.AreEqual(AdalError.UnknownUserType, ex.ErrorCode); Assert.AreEqual(0, HttpMessageHandlerFactory.MockHandlersCount()); Assert.AreEqual(0, context.TokenCache.Count); }
public static async Task<string> GetAccessToken() { if (string.IsNullOrEmpty(_accessToken)) { // fetch from stuff user claims var userObjectId = ClaimsPrincipal.Current.FindFirst(SettingsHelper.ClaimTypeObjectIdentifier).Value; // discover contact endpoint var clientCredential = new ClientCredential(SettingsHelper.ClientId, SettingsHelper.ClientSecret); var userIdentifier = new UserIdentifier(userObjectId, UserIdentifierType.UniqueId); // create auth context AuthenticationContext authContext = new AuthenticationContext(SettingsHelper.AzureADAuthority, new EfAdalTokenCache(userObjectId)); // authenticate var authResult = await authContext.AcquireTokenSilentAsync( string.Format("https://{0}.sharepoint.com", SettingsHelper.Office365TenantId), clientCredential, userIdentifier); // obtain access token _accessToken = authResult.AccessToken; } return _accessToken; }
private async Task<AuthenticationResult> GetAccessToken() { AuthenticationContext context = new AuthenticationContext(SettingsHelper.AzureADAuthority); var clientCredential = new ClientCredential(SettingsHelper.ClientId, SettingsHelper.ClientSecret); AuthenticationResult result = (AuthenticationResult)this.Session[SettingsHelper.UserTokenCacheKey]; return await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, clientCredential, SettingsHelper.UnifiedApiResource); }
private async void btnCallDirect_Click(object sender, EventArgs e) { try { authContext = new AuthenticationContext(authority); AuthenticationResult authResult = authContext.AcquireToken(apiResourceId, clientId, redirectUri); HttpClient client = new HttpClient(); client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", authResult.AccessToken); HttpResponseMessage response = await client.GetAsync(apiBaseAddress + "api/add?a=100&b=100"); response.EnsureSuccessStatusCode(); string responseString = await response.Content.ReadAsStringAsync(); MessageBox.Show(responseString); } catch (HttpRequestException ex) { MessageBox.Show(ex.Message); } catch (Exception ex) { MessageBox.Show(ex.Message); } }
public void ConfigureAuth(IAppBuilder app) { ApplicationDbContext db = new ApplicationDbContext(); app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType); app.UseCookieAuthentication(new CookieAuthenticationOptions()); app.UseOpenIdConnectAuthentication( new OpenIdConnectAuthenticationOptions { ClientId = clientId, Authority = Authority, PostLogoutRedirectUri = postLogoutRedirectUri, Notifications = new OpenIdConnectAuthenticationNotifications() { // If there is a code in the OpenID Connect response, redeem it for an access token and refresh token, and store those away. AuthorizationCodeReceived = (context) => { var code = context.Code; ClientCredential credential = new ClientCredential(clientId, appKey); string signedInUserID = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value; AuthenticationContext authContext = new AuthenticationContext(Authority, new ADALTokenCache(signedInUserID)); AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode( code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, graphResourceId); return Task.FromResult(0); } } }); }
public void ConfigureAuth(IAppBuilder app) { app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType); app.UseCookieAuthentication(new CookieAuthenticationOptions()); app.UseOpenIdConnectAuthentication( new OpenIdConnectAuthenticationOptions { ClientId = _appConfig.ClientID, Authority = Constants.Authentication.CommonAuthority, PostLogoutRedirectUri = _appConfig.PostLogoutRedirectURI, TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters { // instead of using the default validation (validating against a single issuer value, as we do in line of business apps), // we inject our own multitenant validation logic ValidateIssuer = false, }, Notifications = new OpenIdConnectAuthenticationNotifications() { // If there is a code in the OpenID Connect response, redeem it for an access token and refresh token, and store those away. AuthorizationCodeReceived = (context) => { var code = context.Code; ClientCredential credential = new ClientCredential(_appConfig.ClientID,_appConfig.ClientSecret); string tenantID = context.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value; string signedInUserID = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value; AuthenticationContext authContext = new AuthenticationContext(string.Format("https://login.microsoftonline.com/{0}", tenantID), new ADALTokenCache(signedInUserID)); AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode( code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, Constants.Authentication.GraphServiceUrl); return Task.FromResult(0); }, RedirectToIdentityProvider = (context) => { // This ensures that the address used for sign in and sign out is picked up dynamically from the request // this allows you to deploy your app (to Azure Web Sites, for example)without having to change settings // Remember that the base URL of the address used here must be provisioned in Azure AD beforehand. string appBaseUrl = context.Request.Scheme + "://" + context.Request.Host + context.Request.PathBase; context.ProtocolMessage.RedirectUri = appBaseUrl + "/"; context.ProtocolMessage.PostLogoutRedirectUri = appBaseUrl; return Task.FromResult(0); }, AuthenticationFailed = (context) => { System.Diagnostics.Trace.TraceError(context.Exception.ToString()); string redirectPath = string.Format("/Error/?errorMessage={0}", context.Exception.Message); context.OwinContext.Response.Redirect(redirectPath); // context.OwinContext.Response.Redirect("/Error/Index"); context.HandleResponse(); // Suppress the exception return Task.FromResult(0); } } }); }
protected static void GetAccessToken() { // shared login authority for all Office 365 tenants string authority = "https://login.microsoftonline.com/common"; // create new authentication context var authenticationContext = new AuthenticationContext(authority); // create URI for target resource string urlAzureGraphApi = "https://graph.windows.net/"; string tenantDomain = "SharePointConfessions.onMicrosoft.com"; Uri uriAzureGraphApiResource = new Uri(urlAzureGraphApi + tenantDomain); // string clientID = "128d1e44-5e55-4027-96e6-bc36e5b10a0a"; string redirectUri = "https://localhost/AzureGraphNativeClient"; // use authentication context to trigger user sign-in and return access token var userAuthnResult = authenticationContext.AcquireToken(urlAzureGraphApi, clientID, new Uri(redirectUri), PromptBehavior.RefreshSession); // cache access token in AccessToken field AccessToken = userAuthnResult.AccessToken; }
/// <summary> /// Create a token provider which can provide user tokens in the given context. The user must have previously authenticated in the given context. /// Tokens are retrieved from the token cache. /// </summary> /// <param name="context">The active directory authentication context to use for retrieving tokens.</param> /// <param name="clientId">The active directory client Id to match when retrieving tokens.</param> /// <param name="tokenAudience">The audience to match when retrieving tokens.</param> /// <param name="userId">The user id to match when retrieving tokens.</param> public UserTokenProvider(AuthenticationContext context, string clientId, Uri tokenAudience, UserIdentifier userId) { if (context == null) { throw new ArgumentNullException("context"); } if (string.IsNullOrWhiteSpace(clientId)) { throw new ArgumentNullException("clientId"); } if (tokenAudience == null) { throw new ArgumentNullException("tokenAudience"); } if (userId == null) { throw new ArgumentNullException("userId"); } this._authenticationContext = context; this._clientId = clientId; this._tokenAudience = tokenAudience.ToString(); this._userid = userId; }
private async Task AddRoles(SecurityTokenValidatedNotification <OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> arg) { var context = new Adal.AuthenticationContext("https://login.microsoftonline.com/" + tenant); var clientCredentials = new Adal.ClientCredential(GraphClientId, GraphClientSecret); var token = await context.AcquireTokenAsync("https://graph.windows.net/", clientCredentials); var userId = arg.AuthenticationTicket.Identity.Claims .First(x => x.Type == "http://schemas.microsoft.com/identity/claims/objectidentifier") .Value; HttpClient http = new HttpClient(); string url = "https://graph.windows.net/b2ctestdes.onmicrosoft.com/users/" + userId + "/memberOf?api-version=1.6"; // Append the access token for the Graph API to the Authorization header of the request by using the Bearer scheme. HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, url); request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token.AccessToken); HttpResponseMessage response = await http.SendAsync(request); if (response.IsSuccessStatusCode) { var result = await response.Content.ReadAsStringAsync(); dynamic groups = JObject.Parse(result); foreach (var group in groups.value) { string groupName = group.displayName; arg.AuthenticationTicket.Identity.AddClaim( new Claim(ClaimTypes.Role, groupName)); } } }
/// <summary> /// Gets the access token /// </summary> /// <param name="authority"> Authority </param> /// <param name="resource"> Resource </param> /// <param name="scope"> scope </param> /// <returns> token </returns> public async Task<string> GetAccessToken(string authority, string resource, string scope) { var context = new AuthenticationContext(authority, TokenCache.DefaultShared); var result = await context.AcquireTokenAsync(resource, _credential); return result.AccessToken; }
public static string GetAccessToken(string resource) { // get user ID in security cookie var signedInUserID = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value; // get token cache for signed in user ApplicationDbContext db = new ApplicationDbContext(); ADALTokenCache userTokenCache = new ADALTokenCache(signedInUserID); AuthenticationContext authContext = new AuthenticationContext(Authority, userTokenCache); // Get credentials for user var clientCredential = new ClientCredential(clientId, clientSecret); // Create user identifier object using User ID for Azure Active Directory account string objectIdentifierID = "http://schemas.microsoft.com/identity/claims/objectidentifier"; var userObjectId = ClaimsPrincipal.Current.FindFirst(objectIdentifierID).Value; var userIdentifier = new UserIdentifier(userObjectId, UserIdentifierType.UniqueId); // call to ADAL to get access token from cache of across network var authResult = authContext.AcquireTokenSilent(resource, clientCredential, userIdentifier); // obtain access token return authResult.AccessToken; }
private void Button_Click(object sender, RoutedEventArgs e) { string result = string.Empty; // Get token AuthenticationContext ac = new AuthenticationContext("https://login.windows.net/SalesApplication.onmicrosoft.com");//the 'App ID URI' of the secured resource/API trying to access as configured in AAD AuthenticationResult ar = ac.AcquireToken("https://SalesApplication.onmicrosoft.com/WebAPIDemo", //the "name" of the secured resource/API trying to access as configured in AAD ('App ID URI') "5685ff14-3fb8-4785-a78e-6f81219b39f8",// the 'client ID' for this client application as configured in AAD new Uri("https://SalesApplication.onmicrosoft.com/myWebAPInativeclient"));// the redirect URI for this client application as configured in AAD // http://goo.gl/Ypb6yv // the following generates a security exception since we don't have a valid certificate ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(customXertificateValidation); // Call Web API HttpClient httpClient = new HttpClient(); httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", ar.AccessToken); HttpResponseMessage response = httpClient.GetAsync("https://localhost:44304/api/Values").Result; // display the result if (response.IsSuccessStatusCode) { result = response.Content.ReadAsStringAsync().Result; MessageBox.Show(result); } else { result = response.Content.ReadAsStringAsync().Result; MessageBox.Show(result, response.StatusCode.ToString(), MessageBoxButton.OK, MessageBoxImage.Error); } }
// GET: MyFiles public async Task<ActionResult> Index() { List<MyFile> myFiles = new List<MyFile>(); var signInUserId = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value; var userObjectId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value; var tenantId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value; AuthenticationContext authContext = new AuthenticationContext(string.Format(AADAppSettings.AuthorizationUri, tenantId), new ADALTokenCache(signInUserId)); try { DiscoveryClient discClient = new DiscoveryClient(AADAppSettings.DiscoveryServiceEndpointUri, async () => { var authResult = await authContext.AcquireTokenSilentAsync(AADAppSettings.DiscoveryServiceResourceId, new ClientCredential(AADAppSettings.ClientId, AADAppSettings.AppKey), new UserIdentifier(userObjectId, UserIdentifierType.UniqueId)); return authResult.AccessToken; }); var dcr = await discClient.DiscoverCapabilityAsync("MyFiles"); ViewBag.ResourceId = dcr.ServiceResourceId; SharePointClient spClient = new SharePointClient(dcr.ServiceEndpointUri, async () => { var authResult = await authContext.AcquireTokenSilentAsync(dcr.ServiceResourceId, new ClientCredential(AADAppSettings.ClientId, AADAppSettings.AppKey), new UserIdentifier(userObjectId, UserIdentifierType.UniqueId)); return authResult.AccessToken; }); var filesResult = await spClient.Files.ExecuteAsync(); do { var files = filesResult.CurrentPage.OfType<File>(); foreach (var file in files) { myFiles.Add(new MyFile { Name = file.Name }); } filesResult = await filesResult.GetNextPageAsync(); } while (filesResult != null); } catch (AdalException exception) { //handle token acquisition failure if (exception.ErrorCode == AdalError.FailedToAcquireTokenSilently) { authContext.TokenCache.Clear(); ViewBag.ErrorMessage = "AuthorizationRequired"; } } return View(myFiles); }
/// <summary> /// Acquires an IUserIdentity from Azure Active Directory using the argument authorizationCode. /// </summary> /// <param name="authorizationCode">An authorization code provided by Azure Active Directory used to retrieve an IUserIdentity</param> /// <returns>Returns an IUserIdentity representing a successfully authenticated Azure Active Directory user who has privileges for this configured application</returns> public static IUserIdentity GetAuthenticatedUserIDentity(string authorizationCode) { var authenticationContext = new AuthenticationContext(string.Format("https://login.windows.net/{0}", AAD.TENANT_ID)); var clientCredential = new ClientCredential(AAD.CLIENT_ID, AAD.CLIENT_KEY); var authenticationResult = authenticationContext.AcquireTokenByAuthorizationCode(authorizationCode, new Uri(AAD.REPLY_URL), clientCredential); return new UserIdentity(authenticationResult.UserInfo); }
/// <summary> /// Returns token (requires user input) /// </summary> /// <returns></returns> public static AuthenticationResult GetToken(string authEndpoint, string tenant, string clientId) { var adalWinFormType = typeof(WebBrowserNavigateErrorEventArgs); Trace.WriteLine("Getting a random type from \'Microsoft.IdentityModel.Clients.ActiveDirectory.WindowsForms\' to force it be deployed by mstest"); AuthenticationResult result = null; var thread = new Thread(() => { try { var context = new AuthenticationContext(Path.Combine(authEndpoint, tenant)); result = context.AcquireToken( resource: "https://management.core.windows.net/", clientId: clientId, redirectUri: new Uri("urn:ietf:wg:oauth:2.0:oob"), promptBehavior: PromptBehavior.Auto); } catch (Exception threadEx) { Console.WriteLine(threadEx.Message); } }); thread.SetApartmentState(ApartmentState.STA); thread.Name = "AcquireTokenThread"; thread.Start(); thread.Join(); return result; }
private async Task InitOneNoteRestConnection() { // fetch from stuff user claims var signInUserId = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value; var userObjectId = ClaimsPrincipal.Current.FindFirst(SettingsHelper.ClaimTypeObjectIdentifier).Value; // discover onenote endpoint var clientCredential = new ClientCredential(SettingsHelper.ClientId, SettingsHelper.ClientSecret); var userIdentifier = new UserIdentifier(userObjectId, UserIdentifierType.UniqueId); // create auth context AuthenticationContext authContext = new AuthenticationContext(SettingsHelper.AzureADAuthority, new EFADALTokenCache(signInUserId)); // authenticate with directory service var discoClient = new DiscoveryClient(new Uri(SettingsHelper.O365DiscoveryServiceEndpoint), async () => { var authResult = await authContext.AcquireTokenSilentAsync(SettingsHelper.O365DiscoveryResourceId, clientCredential, userIdentifier); return authResult.AccessToken; }); // query discovery service for endpoint for onenote endpoint var discoCapabilityResult = await discoClient.DiscoverCapabilityAsync("Notes"); // get details around onedrive endpoint (replace 1.0 with 2.0 for the new REST API) _oneNoteResourceId = discoCapabilityResult.ServiceResourceId; _oneNoteEndpoint = discoCapabilityResult.ServiceEndpointUri.ToString(); var accessToken = (await authContext.AcquireTokenSilentAsync(_oneNoteResourceId, clientCredential, userIdentifier)).AccessToken; // set the access token on all requests for onenote API _client.DefaultRequestHeaders.Add("Authorization", "Bearer " + accessToken); return; }
//Get access token: // To call a Data Catalog REST operation, create an instance of AuthenticationContext and call AcquireToken // AuthenticationContext is part of the Active Directory Authentication Library NuGet package // To install the Active Directory Authentication Library NuGet package in Visual Studio, // run "Install-Package Microsoft.IdentityModel.Clients.ActiveDirectory" from the NuGet Package Manager Console. static AuthenticationResult AccessToken() { if (authResult == null) { //Resource Uri for Data Catalog API string resourceUri = "https://datacatalog.azure.com"; //To learn how to register a client app and get a Client ID, see https://msdn.microsoft.com/en-us/library/azure/mt403303.aspx#clientID string clientId = clientIDFromAzureAppRegistration; //A redirect uri gives AAD more details about the specific application that it will authenticate. //Since a client app does not have an external service to redirect to, this Uri is the standard placeholder for a client app. string redirectUri = "https://login.live.com/oauth20_desktop.srf"; // Create an instance of AuthenticationContext to acquire an Azure access token // OAuth2 authority Uri string authorityUri = "https://login.windows.net/common/oauth2/authorize"; AuthenticationContext authContext = new AuthenticationContext(authorityUri); // Call AcquireToken to get an Azure token from Azure Active Directory token issuance endpoint // AcquireToken takes a Client Id that Azure AD creates when you register your client app. authResult = authContext.AcquireToken(resourceUri, clientId, new Uri(redirectUri), PromptBehavior.RefreshSession); } return authResult; }
public void UserRealmDiscoveryFailsTest() { AuthenticationContext context = new AuthenticationContext(TestConstants.DefaultAuthorityCommonTenant); HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler(TestConstants.GetUserRealmEndpoint(TestConstants.DefaultAuthorityCommonTenant) + "/" + TestConstants.DefaultDisplayableId) { Method = HttpMethod.Get, ResponseMessage = new HttpResponseMessage(HttpStatusCode.BadRequest) { Content = new StringContent("Bad request received") }, QueryParams = new Dictionary <string, string>() { { "api-version", "1.0" } } }); var ex = AssertException.TaskThrows <AdalException>(() => context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId, new UserPasswordCredential(TestConstants.DefaultDisplayableId, TestConstants.DefaultPassword))); Assert.AreEqual(0, HttpMessageHandlerFactory.MockHandlersCount()); Assert.AreEqual(0, context.TokenCache.Count); //To be addressed in a later fix //Assert.AreEqual(((AdalException)ex.InnerException.InnerException).ErrorCode, AdalError.UserRealmDiscoveryFailed); }
public static string AcquireToken(string userObjectId) { ClientCredential cred = new ClientCredential(ConfigHelper.ClientId, ConfigHelper.AppKey); AuthenticationContext authContext = new AuthenticationContext(ConfigHelper.Authority, new TokenDbCache(userObjectId)); AuthenticationResult result = authContext.AcquireTokenSilent(ConfigHelper.GraphResourceId, cred, new UserIdentifier(userObjectId, UserIdentifierType.UniqueId)); return result.AccessToken; }
private async Task<OutlookServicesClient> EnsureClientCreated() { // fetch from stuff user claims var signInUserId = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value; var userObjectId = ClaimsPrincipal.Current.FindFirst(SettingsHelper.ClaimTypeObjectIdentifier).Value; // discover contact endpoint var clientCredential = new ClientCredential(SettingsHelper.ClientId, SettingsHelper.ClientSecret); var userIdentifier = new UserIdentifier(userObjectId, UserIdentifierType.UniqueId); // create auth context AuthenticationContext authContext = new AuthenticationContext(SettingsHelper.AzureADAuthority, new EFADALTokenCache(signInUserId)); // create O365 discovery client DiscoveryClient discovery = new DiscoveryClient(new Uri(SettingsHelper.O365DiscoveryServiceEndpoint), async () => { var authResult = await authContext.AcquireTokenSilentAsync(SettingsHelper.O365DiscoveryResourceId, clientCredential, userIdentifier); return authResult.AccessToken; }); // query discovery service for endpoint for 'calendar' endpoint CapabilityDiscoveryResult dcr = await discovery.DiscoverCapabilityAsync("Contacts"); // create an OutlookServicesclient return new OutlookServicesClient(dcr.ServiceEndpointUri, async () => { var authResult = await authContext.AcquireTokenSilentAsync(dcr.ServiceResourceId, clientCredential, userIdentifier); return authResult.AccessToken; }); }
/// <summary> /// Checks that an OutlookServicesClient object is available. /// </summary> /// <returns>The OutlookServicesClient object. </returns> public static async Task<OutlookServicesClient> EnsureClientCreated() { AuthenticationContext = new AuthenticationContext(CommonAuthority); if (AuthenticationContext.TokenCache.ReadItems().Count() > 0) { // Bind the AuthenticationContext to the authority that sourced the token in the cache // this is needed for the cache to work when asking for a token from that authority // (the common endpoint never triggers cache hits) string cachedAuthority = AuthenticationContext.TokenCache.ReadItems().First().Authority; AuthenticationContext = new AuthenticationContext(cachedAuthority); } // Create a DiscoveryClient using the discovery endpoint Uri. DiscoveryClient discovery = new DiscoveryClient(DiscoveryServiceEndpointUri, async () => await AcquireTokenAsync(AuthenticationContext, DiscoveryResourceId)); // Now get the capability that you are interested in. var result = await discovery.DiscoverCapabilityAsync("Mail"); var client = new OutlookServicesClient( result.ServiceEndpointUri, async () => await AcquireTokenAsync(AuthenticationContext, result.ServiceResourceId)); return client; }
/// <summary> /// acquires a <see cref="TokenPair"/> from the authority via an interactive user logon /// prompt. /// </summary> /// <param name="targetUri"> /// The uniform resource indicator of the resource access tokens are being requested for. /// </param> /// <param name="clientId">Identifier of the client requesting the token.</param> /// <param name="resource"> /// Identifier of the target resource that is the recipient of the requested token. /// </param> /// <param name="redirectUri"> /// Address to return to upon receiving a response from the authority. /// </param> /// <param name="queryParameters"> /// Optional: appended as-is to the query string in the HTTP authentication request to the /// authority. /// </param> /// <returns>If successful a <see cref="TokenPair"/>; otherwise <see langword="null"/>.</returns> public TokenPair AcquireToken(Uri targetUri, string clientId, string resource, Uri redirectUri, string queryParameters = null) { Debug.Assert(targetUri != null && targetUri.IsAbsoluteUri, "The targetUri parameter is null or invalid"); Debug.Assert(!String.IsNullOrWhiteSpace(clientId), "The clientId parameter is null or empty"); Debug.Assert(!String.IsNullOrWhiteSpace(resource), "The resource parameter is null or empty"); Debug.Assert(redirectUri != null, "The redirectUri parameter is null"); Debug.Assert(redirectUri.IsAbsoluteUri, "The redirectUri parameter is not an absolute Uri"); Trace.WriteLine("AzureAuthority::AcquireToken"); TokenPair tokens = null; queryParameters = queryParameters ?? String.Empty; try { Trace.WriteLine(String.Format(" authority host url = '{0}'.", AuthorityHostUrl)); AuthenticationContext authCtx = new AuthenticationContext(AuthorityHostUrl, _adalTokenCache); AuthenticationResult authResult = authCtx.AcquireToken(resource, clientId, redirectUri, PromptBehavior.Always, UserIdentifier.AnyUser, queryParameters); tokens = new TokenPair(authResult); Trace.WriteLine(" token acquisition succeeded."); } catch (AdalException) { Trace.WriteLine(" token acquisition failed."); } return tokens; }
/// <summary> /// Authenticates the specified request message. /// This method will be called any time there is an outbound request. /// In this case we are using the Microsoft.IdentityModel.Clients.ActiveDirectory library /// to stamp the outbound http request with the OAuth 2.0 token using an AAD application id /// and application secret. Alternatively, this method can support certificate validation. /// </summary> /// <param name="request">The request.</param> /// <param name="tenant">The tenant.</param> /// <returns> /// The <see cref="Task" />. /// </returns> public async Task AuthenticateOutboundRequestAsync(HttpRequestMessage request, string tenant) { const string schema = "Bearer"; const string replaceString = "{tenant}"; const string oauthV2TokenLink = "https://login.microsoftonline.com/{tenant}"; const string resource = "https://graph.microsoft.com"; // If no tenant was specified, we craft the token link using the common tenant. // https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols#endpoints tenant = string.IsNullOrWhiteSpace(tenant) ? "common" : tenant; var tokenLink = oauthV2TokenLink.Replace(replaceString, tenant); this.GraphLogger.Info("AuthenticationProvider: Generating OAuth token."); var context = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext(tokenLink); var creds = new ClientCredential(this.appId, this.appSecret); AuthenticationResult result; try { result = await this.AcquireTokenWithRetryAsync(context, resource, creds, attempts : 3).ConfigureAwait(false); } catch (Exception ex) { this.GraphLogger.Error(ex, $"Failed to generate token for client: {this.appId}"); throw; } this.GraphLogger.Info($"AuthenticationProvider: Generated OAuth token. Expires in {result.ExpiresOn.Subtract(DateTimeOffset.UtcNow).TotalMinutes} minutes."); request.Headers.Authorization = new AuthenticationHeaderValue(schema, result.AccessToken); }
public void ForcePromptForNeverPromptBehaviorTest() { var context = new AuthenticationContext(TestConstants.DefaultAuthorityHomeTenant, new TokenCache()); TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant, TestConstants.DefaultResource, TestConstants.DefaultClientId, TokenSubjectType.User, TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId); context.TokenCache.tokenCacheDictionary[key] = new AuthenticationResultEx { RefreshToken = "some-rt", ResourceInResponse = TestConstants.DefaultResource, Result = new AuthenticationResult("Bearer", "existing-access-token", DateTimeOffset.UtcNow) }; HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler(TestConstants.GetTokenEndpoint(TestConstants.DefaultAuthorityHomeTenant)) { Method = HttpMethod.Post, ResponseMessage = MockHelpers.CreateInvalidRequestTokenResponseMessage() }); var exc = AssertException.TaskThrows <AdalServiceException>(() => context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId, TestConstants.DefaultRedirectUri, new PlatformParameters(PromptBehavior.Never))); Assert.AreEqual(AdalError.FailedToRefreshToken, exc.ErrorCode); // There should be only one cache entry. Assert.AreEqual(1, context.TokenCache.Count); }
private async Task <AuthenticationResult> GetAppOnlyAccessToken(string resource, string tenantId) { string authority = appConfig.AuthorizationUri.Replace("common", tenantId); Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext authenticationContext = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext( authority, false); string certfile = Server.MapPath(appConfig.ClientCertificatePfx); X509Certificate2 cert = new X509Certificate2( certfile, appConfig.ClientCertificatePfxPassword, X509KeyStorageFlags.MachineKeySet); // ADAL new ... (in Beta, might change) // ClientAssertionCertificate cac = new ClientAssertionCertificate( // appConfig.ClientId, // cert.GetRawCertData(), // appConfig.ClientCertificatePfxPassword); // ADAL current released (2.12.111071459) ClientAssertionCertificate cac = new ClientAssertionCertificate( appConfig.ClientId, cert); var authenticationResult = await authenticationContext.AcquireTokenAsync( resource, cac); return(authenticationResult); }
public async Task AutoPromptBehaviorWithTokenInCacheTestAsync() { var context = new AuthenticationContext(TestConstants.DefaultAuthorityHomeTenant, true, new TokenCache()); TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant, TestConstants.DefaultResource, TestConstants.DefaultClientId, TokenSubjectType.User, TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId); context.TokenCache.tokenCacheDictionary[key] = new AuthenticationResultEx { RefreshToken = "some-rt", ResourceInResponse = TestConstants.DefaultResource, Result = new AuthenticationResult("Bearer", "existing-access-token", DateTimeOffset.UtcNow + TimeSpan.FromMinutes(100)) }; AuthenticationResult result = await context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId, TestConstants.DefaultRedirectUri, new PlatformParameters(PromptBehavior.Auto)).ConfigureAwait(false); Assert.IsNotNull(result); Assert.AreEqual("existing-access-token", result.AccessToken); // There should be only one cache entry. Assert.AreEqual(1, context.TokenCache.Count); }
public void ConfigureAuth(IAppBuilder app) { app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType); app.UseCookieAuthentication(new CookieAuthenticationOptions()); app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions { ClientId = SettingsHelper.ClientId, Authority = SettingsHelper.AzureADAuthority, Notifications = new OpenIdConnectAuthenticationNotifications() { AuthorizationCodeReceived = (context) => { string code = context.Code; ClientCredential creds = new ClientCredential(SettingsHelper.ClientId, SettingsHelper.ClientSecret); string userObjectId = context.AuthenticationTicket.Identity.FindFirst(System.IdentityModel.Claims.ClaimTypes.NameIdentifier).Value; EFADALTokenCache cache = new EFADALTokenCache(userObjectId); AuthenticationContext authContext = new AuthenticationContext(SettingsHelper.AzureADAuthority, cache); Uri redirectUri = new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)); AuthenticationResult authResult = authContext.AcquireTokenByAuthorizationCode(code, redirectUri, creds, SettingsHelper.AzureAdGraphResourceId); return Task.FromResult(0); }, AuthenticationFailed = (context) => { context.HandleResponse(); return Task.FromResult(0); } }, TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters { ValidateIssuer = false } }); }
private async Task AdalLogin(bool forcePrompt) { var spUri = new Uri($"{txtSiteFor2FA.Text}"); string resourceUri = spUri.Scheme + "://" + spUri.Authority; const string clientId = "9bc3ab49-b65d-410a-85ad-de819febfddc"; const string redirectUri = "https://oauth.spops.microsoft.com/"; ADAL.AuthenticationResult authenticationResult; if (authContext == null || forcePrompt) { ADAL.TokenCache cache = new ADAL.TokenCache(); authContext = new ADAL.AuthenticationContext(AuthorityUri, cache); } try { if (forcePrompt) { throw new ADAL.AdalSilentTokenAcquisitionException(); } authenticationResult = await authContext.AcquireTokenSilentAsync(resourceUri, clientId); } catch (ADAL.AdalSilentTokenAcquisitionException) { authenticationResult = await authContext.AcquireTokenAsync(resourceUri, clientId, new Uri(redirectUri), new PlatformParameters(PromptBehavior.Always, null), ADAL.UserIdentifier.AnyUser, null, null); } options.AccessToken = authenticationResult.AccessToken; accessTokenObtained = true; }
public async Task AcquireTokenWithValidTokenInCache_ReturnsCachedTokenAsync() { var context = new AuthenticationContext(TestConstants.DefaultAuthorityHomeTenant, true, new TokenCache()); TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant, TestConstants.DefaultResource, TestConstants.DefaultClientId, TokenSubjectType.User, TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId); context.TokenCache.tokenCacheDictionary[key] = new AuthenticationResultEx { RefreshToken = "some-rt", ResourceInResponse = TestConstants.DefaultResource, Result = new AuthenticationResult("Bearer", "existing-access-token", DateTimeOffset.UtcNow + TimeSpan.FromMinutes(100)) }; var result = await context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId, new UserPasswordCredential(TestConstants.DefaultDisplayableId, TestConstants.DefaultPassword)).ConfigureAwait(false); Assert.IsNotNull(result); Assert.AreEqual("existing-access-token", result.AccessToken); Assert.AreEqual(TestConstants.DefaultAuthorityHomeTenant, context.Authenticator.Authority); Assert.IsNotNull(result.UserInfo); // There should be one cached entry. Assert.AreEqual(1, context.TokenCache.Count); }
// // GET: /UserProfile/ public async Task <ActionResult> Index() { // // Retrieve the user's name, tenantID, and access token since they are parameters used to query the Graph API. // UserProfile profile; string jwtToken = ClaimsPrincipal.Current.FindFirst(Configuration.ClaimsJwtToken).Value; JwtSecurityToken token = new JwtSecurityToken(jwtToken); string userObjectID = ClaimsPrincipal.Current.FindFirst(Configuration.ClaimsObjectidentifier).Value; AuthenticationContext authContext = new AuthenticationContext(Configuration.Authority, new NaiveSessionCache(userObjectID)); try { ActiveDirectoryClient activeDirectoryClient = Factory.GetActiveDirectoryClientAsApplication(jwtToken); User userProfile = (User)await activeDirectoryClient.Users.GetByObjectId(userObjectID).ExecuteAsync(); List <string> membergroups = (await userProfile.GetMemberGroupsAsync(false)).ToList(); var groups = await activeDirectoryClient.Groups.ExecuteAsync(); profile = new UserProfile(); profile.Token = token; profile.MemberGroups = membergroups; profile.AllGroups = groups.CurrentPage; profile.User = userProfile; return(View(profile)); } catch (Exception) { // // If the call failed, then drop the current access token and show the user an error indicating they might need to sign-in again. // var todoTokens = authContext.TokenCache.ReadItems().Where(a => a.Resource == Configuration.GraphResourceId); foreach (TokenCacheItem tci in todoTokens) { authContext.TokenCache.DeleteItem(tci); } // // If refresh is set to true, the user has clicked the link to be authorized again. // if (Request.QueryString["reauth"] == "True") { // // Send an OpenID Connect sign-in request to get a new set of tokens. // If the user still has a valid session with Azure AD, they will not be prompted for their credentials. // The OpenID Connect middleware will return to this controller after the sign-in response has been handled. // HttpContext.GetOwinContext().Authentication.Challenge(OpenIdConnectAuthenticationDefaults.AuthenticationType); } // // The user needs to re-authorize. Show them a message to that effect. // profile = new UserProfile(); ViewBag.ErrorMessage = "AuthorizationRequired"; return(View(profile)); } }
private static async Task <string> GetNewToken( ILogger logger, AppSettings appSettings) { var authContext = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext(appSettings.Authority); return((await GetResultsUsingDeviceCode(authContext, appSettings)).AccessToken); }
public static async Task <string> GetAccessToken(string azureTenantId, string clientId, string redirectUri) { var context = new AuthenticationContext("https://login.windows.net/" + tenantId); var credential = new ClientCredential(appId, appSecret); var tokenResult = await context.AcquireTokenAsync("https://vault.azure.net", credential); return(tokenResult.AccessToken); }
private async Task <AuthenticationResult> GetTokenForPBIEmbedded() { UserPasswordCredential credentials = new UserPasswordCredential(username, password); var authenticationContext = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext(authority); return(await authenticationContext.AcquireTokenAsync(pbiApiResourceUrl, clientId, credentials)); }
public static string GetToken(string clientId, string clientSecret, string authority, string resourceUrl) { ClientCredential credentials = new ClientCredential(clientId, clientSecret); var authContext = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext(authority); var result = authContext.AcquireTokenAsync(resourceUrl, credentials).Result; return(result.AccessToken); }
public async Task <string> GetAccessTokenAdal() { var creds = new Adal.ClientCredential(CLIENT_ID, CLIENT_SECRET); var ctx = new Adal.AuthenticationContext($"https://login.microsoftonline.com/{TENANT_ID}", false); var token = await ctx.AcquireTokenAsync("https://database.windows.net/", creds); return(token.AccessToken); }
private async Task <string> GetTokenAsync() { var resourceID = $"https://{config.Region}.asazure.windows.net"; var authContext = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext($"https://login.windows.net/{config.TenantId}"); ClientCredential credential = new ClientCredential(config.ClientId, config.ClientSecret); AuthenticationResult token = await authContext.AcquireTokenAsync(resourceID, credential).ConfigureAwait(false); return(token.AccessToken); //Use this token to connect to AAS. }
private static async Task <Adalv2.AuthenticationResult> AcquireAadToken(string audience) { var authority = GetAuthority(audience); var credential = new Adalv2.ClientCredential(Config.InternalUsersClientId, Config.InternalUsersClientSecret); var authContext = new Adalv2.AuthenticationContext(authority); var result = await authContext.AcquireTokenAsync(Config.InternalUsersClientId, credential); return(result); }
private string AcquireToken(string resourceURI, string authority, string clientId, string clientSecret, string redirectUrl, string userName) { var clientCredential = new ClientCredential(clientId, clientSecret); AuthenticationContext authContext = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext(authority, false); AuthenticationResult result = authContext.AcquireTokenAsync(resourceURI, clientCredential).Result; return(result.AccessToken); }
public async Task ForcePromptForSelectAccountPromptBehaviorTestAsync() { MockHelpers.ConfigureMockWebUI(new AuthorizationResult(AuthorizationStatus.Success, TestConstants.DefaultRedirectUri + "?code=some-code"), // validate that authorizationUri passed to WebUi contains prompt=select_account query parameter new Dictionary <string, string> { { "prompt", "select_account" } }); var context = new AuthenticationContext(TestConstants.DefaultAuthorityHomeTenant, true, new TokenCache()); await context.TokenCache.StoreToCacheAsync(new AuthenticationResultEx { RefreshToken = "some-rt", ResourceInResponse = TestConstants.DefaultResource, Result = new AuthenticationResult("Bearer", "existing-access-token", DateTimeOffset.UtcNow + TimeSpan.FromMinutes(100)) { UserInfo = new UserInfo() { DisplayableId = TestConstants.DefaultDisplayableId, UniqueId = TestConstants.DefaultUniqueId } }, }, TestConstants.DefaultAuthorityHomeTenant, TestConstants.DefaultResource, TestConstants.DefaultClientId, TokenSubjectType.User, new CallState(new Guid())).ConfigureAwait(false); ResetInstanceDiscovery(); HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler(TestConstants.GetTokenEndpoint(TestConstants.DefaultAuthorityHomeTenant)) { Method = HttpMethod.Post, ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage(), PostData = new Dictionary <string, string> { { "grant_type", "authorization_code" } } }); AuthenticationResult result = await context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId, TestConstants.DefaultRedirectUri, new PlatformParameters(PromptBehavior.SelectAccount)).ConfigureAwait(false); Assert.IsNotNull(result); Assert.AreEqual(TestConstants.DefaultAuthorityHomeTenant, context.Authenticator.Authority); Assert.AreEqual("some-access-token", result.AccessToken); Assert.IsNotNull(result.UserInfo); Assert.AreEqual(TestConstants.DefaultDisplayableId, result.UserInfo.DisplayableId); Assert.AreEqual(TestConstants.DefaultUniqueId, result.UserInfo.UniqueId); // There should be only one cache entry. Assert.AreEqual(1, context.TokenCache.Count); }
public void Run() { // Try to obtain the authorization token var clientCredential = new ClientCredential(clientId, clientSecret); var context = new AuthenticationContext(string.Format("https://login.windows.net/{0}", tenantId)); var result = context.AcquireTokenAsync("https://management.azure.com/", clientCredential).Result; if (result == null) { throw new InvalidOperationException("Failed to obtain authorization token"); } // Read the token and create the appropriate credentials object string token = result.AccessToken; var credentials = new TokenCredentials(token); // Read the template and parameter file contents JObject templateFileContents = GetJsonFileContents(pathToTemplateFile); JObject parameterFileContents = GetJsonFileContents(pathToParameterFile); // Create the resource manager client var resourceManagementClient = new ResourceManagementClient(credentials); resourceManagementClient.SubscriptionId = subscriptionId; // Create or check that resource group exists EnsureResourceGroupExists(resourceManagementClient, resourceGroupName, resourceGroupLocation); // Start a deployment DeployTemplate(resourceManagementClient, resourceGroupName, deploymentName, templateFileContents, parameterFileContents); }