public static async Task<string> GetAccessToken() { if (string.IsNullOrEmpty(_accessToken)) { // fetch from stuff user claims var userObjectId = ClaimsPrincipal.Current.FindFirst(SettingsHelper.ClaimTypeObjectIdentifier).Value; // discover contact endpoint var clientCredential = new ClientCredential(SettingsHelper.ClientId, SettingsHelper.ClientSecret); var userIdentifier = new UserIdentifier(userObjectId, UserIdentifierType.UniqueId); // create auth context AuthenticationContext authContext = new AuthenticationContext(SettingsHelper.AzureADAuthority, new EfAdalTokenCache(userObjectId)); // authenticate var authResult = await authContext.AcquireTokenSilentAsync( string.Format("https://{0}.sharepoint.com", SettingsHelper.Office365TenantId), clientCredential, userIdentifier); // obtain access token _accessToken = authResult.AccessToken; } return _accessToken; }
public static string GetAccessToken(string resource) { // get ClaimsPrincipal for current user ClaimsPrincipal currentUserClaims = ClaimsPrincipal.Current; string signedInUserID = currentUserClaims.FindFirst(ClaimTypes.NameIdentifier).Value; string tenantID = currentUserClaims.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value; string userObjectID = currentUserClaims.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value; ApplicationDbContext db = new ApplicationDbContext(); ADALTokenCache userTokenCache = new ADALTokenCache(signedInUserID); string urlAuthorityRoot = ConfigurationManager.AppSettings["ida:AADInstance"]; string urlAuthorityTenant = urlAuthorityRoot + tenantID; AuthenticationContext authenticationContext = new AuthenticationContext(urlAuthorityTenant, userTokenCache); Uri uriReplyUrl = new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)); string clientId = ConfigurationManager.AppSettings["ida:ClientId"]; string clientSecret = ConfigurationManager.AppSettings["ida:ClientSecret"]; ClientCredential clientCredential = new ClientCredential(clientId, clientSecret); UserIdentifier userIdentifier = new UserIdentifier(userObjectID, UserIdentifierType.UniqueId); AuthenticationResult authenticationResult = authenticationContext.AcquireTokenSilentAsync(resource, clientCredential, userIdentifier).Result; return authenticationResult.AccessToken; }
// GET: Discovery public async Task<ActionResult> Index() { // get instance of the authentication context using the token cache we created previously var signedInUser = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value; var authContext = new AuthenticationContext(SettingsHelper.AzureADAuthority, new EFADALTokenCache(signedInUser)); // create credentials for the application var appCred = new ClientCredential(SettingsHelper.ClientId, SettingsHelper.ClientSecret); // get user identifier var userObjectId = ClaimsPrincipal.Current.FindFirst(SettingsHelper.ClaimTypeObjectIdentifier).Value; var userId = new UserIdentifier(userObjectId, UserIdentifierType.UniqueId); // create instance of DiscoveryClient var discoveryClient = new DiscoveryClient(new Uri(SettingsHelper.O365DiscoveryServiceEndpoint), async () => { var authResult = await authContext.AcquireTokenSilentAsync(SettingsHelper.O365DiscoveryResourceId, appCred, userId); return authResult.AccessToken; }); // query discovery service for endpoints var capabilitiesResults = await discoveryClient.DiscoverCapabilitiesAsync(); return View(capabilitiesResults); }
public static string GetAccessToken(string resource) { // get user ID in security cookie var signedInUserID = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value; // get token cache for signed in user ApplicationDbContext db = new ApplicationDbContext(); ADALTokenCache userTokenCache = new ADALTokenCache(signedInUserID); AuthenticationContext authContext = new AuthenticationContext(Authority, userTokenCache); // Get credentials for user var clientCredential = new ClientCredential(clientId, clientSecret); // Create user identifier object using User ID for Azure Active Directory account string objectIdentifierID = "http://schemas.microsoft.com/identity/claims/objectidentifier"; var userObjectId = ClaimsPrincipal.Current.FindFirst(objectIdentifierID).Value; var userIdentifier = new UserIdentifier(userObjectId, UserIdentifierType.UniqueId); // call to ADAL to get access token from cache of across network var authResult = authContext.AcquireTokenSilent(resource, clientCredential, userIdentifier); // obtain access token return authResult.AccessToken; }
/// <summary> /// Create a token provider which can provide user tokens in the given context. The user must have previously authenticated in the given context. /// Tokens are retrieved from the token cache. /// </summary> /// <param name="context">The active directory authentication context to use for retrieving tokens.</param> /// <param name="clientId">The active directory client Id to match when retrieving tokens.</param> /// <param name="tokenAudience">The audience to match when retrieving tokens.</param> /// <param name="userId">The user id to match when retrieving tokens.</param> public UserTokenProvider(AuthenticationContext context, string clientId, Uri tokenAudience, UserIdentifier userId) { if (context == null) { throw new ArgumentNullException("context"); } if (string.IsNullOrWhiteSpace(clientId)) { throw new ArgumentNullException("clientId"); } if (tokenAudience == null) { throw new ArgumentNullException("tokenAudience"); } if (userId == null) { throw new ArgumentNullException("userId"); } this._authenticationContext = context; this._clientId = clientId; this._tokenAudience = tokenAudience.ToString(); this._userid = userId; }
public async Task<ActionResult> Open() { var signInUserId = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value; var userObjectId = ClaimsPrincipal.Current.FindFirst(SettingsHelper.ClaimTypeObjectIdentifier).Value; var clientCredential = new ClientCredential(SettingsHelper.ClientId, SettingsHelper.ClientSecret); var userIdentifier = new UserIdentifier(userObjectId, UserIdentifierType.UniqueId); string token = null; AuthenticationContext authContext = new AuthenticationContext(SettingsHelper.AzureADAuthority, new EFADALTokenCache(signInUserId)); // get the activation parameters submitted from SharePoint ActivationParameters parameters = this.LoadActivationParameters(); // get access token for unified api var authResult = await authContext.AcquireTokenSilentAsync(parameters.ResourceId, clientCredential, userIdentifier); token = authResult.AccessToken; // get contents of the file in SharePoint HttpWebRequest request = (HttpWebRequest)WebRequest.Create(parameters.FileGet); request.Headers.Add(HttpRequestHeader.Authorization, "Bearer " + token); Stream responseStream = request.GetResponse().GetResponseStream(); StreamReader srReader = new StreamReader(responseStream); var fileContents = srReader.ReadToEnd(); // read XML feed XmlReader xmlReader = XmlReader.Create(fileContents); SyndicationFeed feed = SyndicationFeed.Load(xmlReader); xmlReader.Close(); ViewBag.FeedTitle = feed.Title.Text; ViewBag.Posts = feed.Items; return View(); }
private async Task<OutlookServicesClient> EnsureClientCreated() { // fetch from stuff user claims var signInUserId = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value; var userObjectId = ClaimsPrincipal.Current.FindFirst(SettingsHelper.ClaimTypeObjectIdentifier).Value; // discover contact endpoint var clientCredential = new ClientCredential(SettingsHelper.ClientId, SettingsHelper.ClientSecret); var userIdentifier = new UserIdentifier(userObjectId, UserIdentifierType.UniqueId); // create auth context AuthenticationContext authContext = new AuthenticationContext(SettingsHelper.AzureADAuthority, new EFADALTokenCache(signInUserId)); // create O365 discovery client DiscoveryClient discovery = new DiscoveryClient(new Uri(SettingsHelper.O365DiscoveryServiceEndpoint), async () => { var authResult = await authContext.AcquireTokenSilentAsync(SettingsHelper.O365DiscoveryResourceId, clientCredential, userIdentifier); return authResult.AccessToken; }); // query discovery service for endpoint for 'calendar' endpoint CapabilityDiscoveryResult dcr = await discovery.DiscoverCapabilityAsync("Contacts"); // create an OutlookServicesclient return new OutlookServicesClient(dcr.ServiceEndpointUri, async () => { var authResult = await authContext.AcquireTokenSilentAsync(dcr.ServiceResourceId, clientCredential, userIdentifier); return authResult.AccessToken; }); }
private async Task InitOneNoteRestConnection() { // fetch from stuff user claims var signInUserId = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value; var userObjectId = ClaimsPrincipal.Current.FindFirst(SettingsHelper.ClaimTypeObjectIdentifier).Value; // discover onenote endpoint var clientCredential = new ClientCredential(SettingsHelper.ClientId, SettingsHelper.ClientSecret); var userIdentifier = new UserIdentifier(userObjectId, UserIdentifierType.UniqueId); // create auth context AuthenticationContext authContext = new AuthenticationContext(SettingsHelper.AzureADAuthority, new EFADALTokenCache(signInUserId)); // authenticate with directory service var discoClient = new DiscoveryClient(new Uri(SettingsHelper.O365DiscoveryServiceEndpoint), async () => { var authResult = await authContext.AcquireTokenSilentAsync(SettingsHelper.O365DiscoveryResourceId, clientCredential, userIdentifier); return authResult.AccessToken; }); // query discovery service for endpoint for onenote endpoint var discoCapabilityResult = await discoClient.DiscoverCapabilityAsync("Notes"); // get details around onedrive endpoint (replace 1.0 with 2.0 for the new REST API) _oneNoteResourceId = discoCapabilityResult.ServiceResourceId; _oneNoteEndpoint = discoCapabilityResult.ServiceEndpointUri.ToString(); var accessToken = (await authContext.AcquireTokenSilentAsync(_oneNoteResourceId, clientCredential, userIdentifier)).AccessToken; // set the access token on all requests for onenote API _client.DefaultRequestHeaders.Add("Authorization", "Bearer " + accessToken); return; }
public async static Task<AuthenticationResult> GetTokenAsync(AuthenticationContext ctx, string resourceId) { ClientCredential credential = new ClientCredential(OfficeSettings.ClientId, OfficeSettings.ClientSecret); var userObjectId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value; UserIdentifier ident = new UserIdentifier(userObjectId, UserIdentifierType.UniqueId); var redirectUrl = new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)); try { var result = await ctx.AcquireTokenSilentAsync(resourceId, credential, ident); //var result = await ctx.AcquireTokenAsync(resourceId, credential); LastAuthority = ctx.Authority; return result; } catch (AdalException) { ctx.TokenCache.Clear(); return null; } catch (Exception ex) { throw ex; } }
public static AuthenticationResult RefreshTokenByAuthority(String authority) { var ctx = new AuthenticationContext(string.Format(Constants.loginAuthority + authority, Constants.tenant)); // Refresh the token for the logged in user only. UserIdentifier userName = new UserIdentifier(Properties.Settings.Default["ADUserName"].ToString(), UserIdentifierType.OptionalDisplayableId); return ctx.AcquireToken(Constants.appIdURI, Constants.clientID, new Uri(Constants.redirectURI), PromptBehavior.Auto, userName); }
/// <summary> /// Authenticates the user silently using <see cref="AuthenticationContext.AcquireTokenSilentAsync(string, ClientAssertionCertificate, UserIdentifier)"/>. /// </summary> /// <param name="resource">The resource to authenticate against.</param> /// <param name="clientAssertionCertificate">The client assertion certificate of the application.</param> /// <param name="userIdentifier">The <see cref="UserIdentifier"/> of the user.</param> /// <returns>The <see cref="IAuthenticationResult"/>.</returns> public async Task<IAuthenticationResult> AcquireTokenSilentAsync( string resource, ClientAssertionCertificate clientAssertionCertificate, UserIdentifier userIdentifier) { var result = await this.authenticationContext.AcquireTokenSilentAsync(resource, clientAssertionCertificate, userIdentifier); return result == null ? null : new AuthenticationResultWrapper(result); }
public async static Task<string> AcquireAccessCodeAsync(AuthenticationContext context, string resource, string clientId, Uri redirectUri, UserIdentifier userId) { var handler = new AcquireTokenInteractiveHandler(context.Authenticator, context.TokenCache, resource, clientId, redirectUri, new PlatformParameters(PromptBehavior.Auto, null), userId, null, context.CreateWebAuthenticationDialog(new PlatformParameters(PromptBehavior.Auto, null))); handler.CallState = null; context.Authenticator.AuthorizationUri = context.Authority + "oauth2/authorize"; await handler.AcquireAuthorizationAsync(); return handler.authorizationResult.Code; }
public Task<IAuthenticationResult> AcquireTokenAsync( string resource, string clientId, Uri redirectUri, PromptBehavior promptBehavior, UserIdentifier userIdentifier) { return Task.FromResult(this.AcquireTokenAsyncCallback(resource, clientId, redirectUri, userIdentifier)); }
public static string AcquireAccessCode(AuthenticationContext context, string resource, string clientId, Uri redirectUri, UserIdentifier userId) { var handler = new AcquireTokenInteractiveHandler(context.Authenticator, context.TokenCache, resource, clientId, redirectUri, PromptBehavior.Auto, userId, null, context.CreateWebAuthenticationDialog(PromptBehavior.Auto), true); handler.CallState = null; context.Authenticator.AuthorizationUri = context.Authority + "oauth2/authorize"; handler.AcquireAuthorization(); return handler.authorizationResult.Code; }
public static async Task<string> GetAccessToken(string resource) { var userObjectId = ClaimsPrincipal.Current.FindFirst(SettingsHelper.ClaimsObjectIdentifier).Value; var clientCredential = new ClientCredential(SettingsHelper.ClientId, SettingsHelper.ClientSecret); var userIdentifier = new UserIdentifier(userObjectId, UserIdentifierType.UniqueId); var authContext = GetAuthContext(); var authResult = await authContext.AcquireTokenSilentAsync(resource, clientCredential, userIdentifier); return authResult.AccessToken; }
/// <summary> /// Authenticates the user using <see cref="AuthenticationContext.AcquireTokenAsync(string, string, Uri, PromptBehavior, UserIdentifier)"/>. /// </summary> /// <param name="resource">The resource to authenticate against.</param> /// <param name="clientId">The client ID of the application.</param> /// <param name="redirectUri">The redirect URI of the application.</param> /// <param name="promptBehavior">The <see cref="PromptBehavior"/> for authentication.</param> /// <param name="userIdentifier">The <see cref="UserIdentifier"/> for authentication.</param> /// <returns>The <see cref="IAuthenticationResult"/>.</returns> public async Task<IAuthenticationResult> AcquireTokenAsync( string resource, string clientId, Uri redirectUri, PromptBehavior promptBehavior, UserIdentifier userIdentifier) { var result = await this.authenticationContext.AcquireTokenAsync(resource, clientId, redirectUri, promptBehavior, userIdentifier); return result == null ? null : new AuthenticationResultWrapper(result); }
public static AuthenticationResult GetInteractiveLogin(String Username = null, String authority = "common") { var ctx = new AuthenticationContext(string.Format(Constants.loginAuthority + authority, Constants.tenant)); if (!String.IsNullOrWhiteSpace(Username)) { UserIdentifier user = new UserIdentifier(Username, UserIdentifierType.RequiredDisplayableId); return ctx.AcquireToken(Constants.appIdURI, Constants.clientID, new Uri(Constants.redirectURI), PromptBehavior.Always, user); } else return ctx.AcquireToken(Constants.appIdURI, Constants.clientID, new Uri(Constants.redirectURI), PromptBehavior.Always); }
public static async Task<string> GetAccessTokenAsync(string resource) { var clientCredential = new ClientCredential(AADAppSettings.ClientId, AADAppSettings.AppKey); var userObjectId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value; var userIdentifier = new UserIdentifier(userObjectId, UserIdentifierType.UniqueId); var context = GetAuthenticationContext(); var token = await context.AcquireTokenSilentAsync(resource, clientCredential, userIdentifier); return token.AccessToken; }
private async Task<string> GetGraphAccessTokenAsync() { var signInUserId = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value; var userObjectId = ClaimsPrincipal.Current.FindFirst(SettingsHelper.ClaimTypeObjectIdentifier).Value; var clientCredential = new ClientCredential(SettingsHelper.ClientId, SettingsHelper.ClientSecret); var userIdentifier = new UserIdentifier(userObjectId, UserIdentifierType.UniqueId); AuthenticationContext authContext = new AuthenticationContext(SettingsHelper.AzureAdAuthority, new ADALTokenCache(signInUserId)); var result = await authContext.AcquireTokenSilentAsync(SettingsHelper.AzureAdGraphResourceURL, clientCredential, userIdentifier); return result.AccessToken; }
public static async Task<string> GetGraphAccessTokenAsync() { var AzureAdGraphResourceURL = "https://graph.microsoft.com/"; var Authority = ConfigurationManager.AppSettings["ida:AADInstance"] + ConfigurationManager.AppSettings["ida:TenantId"]; var signInUserId = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value; var userObjectId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value; var clientCredential = new ClientCredential(ConfigurationManager.AppSettings["ida:ClientId"], ConfigurationManager.AppSettings["ida:ClientSecret"]); var userIdentifier = new UserIdentifier(userObjectId, UserIdentifierType.UniqueId); AuthenticationContext authContext = new AuthenticationContext(Authority, new ADALTokenCache(signInUserId)); var result = await authContext.AcquireTokenSilentAsync(AzureAdGraphResourceURL, clientCredential, userIdentifier); return result.AccessToken; }
public AcquireTokenSilentHandler(Authenticator authenticator, TokenCache tokenCache, string resource, ClientKey clientKey, UserIdentifier userId, bool callSync) : base(authenticator, tokenCache, resource, clientKey, clientKey.HasCredential ? TokenSubjectType.UserPlusClient : TokenSubjectType.User, callSync) { if (userId == null) { throw new ArgumentNullException("userId", AdalErrorMessage.SpecifyAnyUser); } this.UniqueId = userId.UniqueId; this.DisplayableId = userId.DisplayableId; this.UserIdentifierType = userId.Type; this.SupportADFS = true; }
public static AuthenticationResult getToken(string tenantId, string userName) { var authContext = new AuthenticationContext(String.Format("https://login.windows.net/{0}", tenantId)); var user = new UserIdentifier(userName, UserIdentifierType.OptionalDisplayableId); // get a token for - using the powershell clientid (1950a258-227b-4e31-a9cf-717495945fc2) var result = authContext.AcquireToken("https://graph.windows.net/", "1950a258-227b-4e31-a9cf-717495945fc2", new Uri("urn:ietf:wg:oauth:2.0:oob"), PromptBehavior.Auto, user); if (result == null) { throw new InvalidOperationException("Failed to obtain token"); } return result; }
public static async Task<DiscoveryClient> GetDiscoveryClient(string capability) { var userObjectId = ClaimsPrincipal.Current.FindFirst(SettingsHelper.ClaimsObjectIdentifier).Value; var clientCredential = new ClientCredential(SettingsHelper.ClientId, SettingsHelper.ClientSecret); var userIdentifier = new UserIdentifier(userObjectId, UserIdentifierType.UniqueId); var authContext = GetAuthContext(); _DiscoveryClient = new DiscoveryClient(new Uri(SettingsHelper.O365DiscoveryServiceEndpoint), async () => { return await GetAccessToken(SettingsHelper.O365DiscoveryResourceId); }); var dcr = await _DiscoveryClient.DiscoverCapabilityAsync(capability); return _DiscoveryClient; }
/// <summary> /// Gets a resource specific access token for Power BI ("https://analysis.windows.net/powerbi/api") /// </summary> /// <returns>Access Token string</returns> private static async Task<string> getAccessToken() { // fetch from stuff user claims var signInUserId = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value; var userObjectId = ClaimsPrincipal.Current.FindFirst(SettingsHelper.ClaimTypeObjectIdentifier).Value; // setup app info for AuthenticationContext var clientCredential = new ClientCredential(SettingsHelper.ClientId, SettingsHelper.ClientSecret); var userIdentifier = new UserIdentifier(userObjectId, UserIdentifierType.UniqueId); // create auth context (note: no token cache leveraged) AuthenticationContext authContext = new AuthenticationContext(SettingsHelper.AzureADAuthority); // get access token for Power BI var token = await authContext.AcquireTokenAsync(SettingsHelper.PowerBIResourceId, clientCredential, new UserAssertion(userObjectId, UserIdentifierType.UniqueId.ToString())); return token.AccessToken; }
public AcquireTokenInteractiveHandler(Authenticator authenticator, TokenCache tokenCache, string[] scope, string[] additionalScope, string clientId, Uri redirectUri, IPlatformParameters parameters, UserIdentifier userId, string extraQueryParameters, IWebUI webUI) : base(authenticator, tokenCache, scope, new ClientKey(clientId), TokenSubjectType.User) { this.redirectUri = PlatformPlugin.PlatformInformation.ValidateRedirectUri(redirectUri, this.CallState); if (!string.IsNullOrWhiteSpace(this.redirectUri.Fragment)) { throw new ArgumentException(AdalErrorMessage.RedirectUriContainsFragment, "redirectUri"); } this.authorizationParameters = parameters; if (!ADALScopeHelper.IsNullOrEmpty(additionalScope)) { this.additionalScope = additionalScope; } else { this.additionalScope = new string[] {}; } ValidateScopeInput(scope.Union(this.additionalScope).ToArray()); this.redirectUriRequestParameter = PlatformPlugin.PlatformInformation.GetRedirectUriAsString(this.redirectUri, this.CallState); if (userId == null) { throw new ArgumentNullException("userId", AdalErrorMessage.SpecifyAnyUser); } this.userId = userId; if (!string.IsNullOrEmpty(extraQueryParameters) && extraQueryParameters[0] == '&') { extraQueryParameters = extraQueryParameters.Substring(1); } this.extraQueryParameters = extraQueryParameters; this.webUi = webUI; this.UniqueId = userId.UniqueId; this.DisplayableId = userId.DisplayableId; this.UserIdentifierType = userId.Type; this.LoadFromCache = (tokenCache != null && parameters != null && PlatformPlugin.PlatformInformation.GetCacheLoadPolicy(parameters)); this.SupportADFS = false; }
private async Task<string> GetAccessToken() { // fetch from stuff user claims var signInUserId = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value; var userObjectId = ClaimsPrincipal.Current.FindFirst(SettingsHelper.ClaimTypeObjectIdentifier).Value; var clientCredential = new ClientCredential(SettingsHelper.ClientId, SettingsHelper.ClientSecret); var userIdentifier = new UserIdentifier(userObjectId, UserIdentifierType.UniqueId); // create auth context AuthenticationContext authContext = new AuthenticationContext(SettingsHelper.AzureADAuthority, new EFADALTokenCache(signInUserId)); // authenticate var authResult = await authContext.AcquireTokenSilentAsync(SettingsHelper.SharePointServiceResourceId, clientCredential, userIdentifier); // obtain access token return authResult.AccessToken; }
public AcquireTokenInteractiveHandler(Authenticator authenticator, TokenCache tokenCache, string resource, string clientId, Uri redirectUri, PromptBehavior promptBehavior, UserIdentifier userId, string extraQueryParameters, IWebUI webUI, bool callSync) : base(authenticator, tokenCache, resource, new ClientKey(clientId), TokenSubjectType.User, callSync) { if (redirectUri == null) { throw new ArgumentNullException("redirectUri"); } if (!string.IsNullOrWhiteSpace(redirectUri.Fragment)) { throw new ArgumentException(AdalErrorMessage.RedirectUriContainsFragment, "redirectUri"); } this.redirectUri = redirectUri; this.SetRedirectUriRequestParameter(); if (userId == null) { throw new ArgumentNullException("userId", AdalErrorMessage.SpecifyAnyUser); } this.userId = userId; this.promptBehavior = promptBehavior; if (!string.IsNullOrEmpty(extraQueryParameters) && extraQueryParameters[0] == '&') { extraQueryParameters = extraQueryParameters.Substring(1); } this.extraQueryParameters = extraQueryParameters; this.webUi = webUI; this.UniqueId = userId.UniqueId; this.DisplayableId = userId.DisplayableId; this.UserIdentifierType = userId.Type; this.LoadFromCache = (tokenCache != null && this.promptBehavior != PromptBehavior.Always && this.promptBehavior != PromptBehavior.RefreshSession); this.SupportADFS = true; }
/// <summary> /// Use the Active Directory Authentication Library to get and verify the token. /// </summary> public static async Task<AuthenticationResult> AcquireTokenSilentAsync(string clientID, string clientSecret, string objectIdentifier, string tenantID, TokenCache tokenCache) { var userId = new UserIdentifier(objectIdentifier, UserIdentifierType.UniqueId); var item = tokenCache.ReadItems().First(i => i.TenantId == tenantID); var context = new AuthenticationContext(item.Authority, tokenCache); var credential = new ClientCredential(clientID, clientSecret); AuthenticationResult result; try { result = await context.AcquireTokenSilentAsync(Keys.Resource, credential, userId); } catch (AdalSilentTokenAcquisitionException) { throw; } return result; }
/// <summary> /// Acquires security token without asking for user credential. /// </summary> /// <param name="authenticationContext">The <see cref="Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext"/> instance to use for token acquisition.</param> /// <param name="resource">Identifier of the target resource that is the recipient of the requested token.</param> /// <param name="credentials">A <see cref="Tailspin.Surveys.Security.AdalCredential"/> instance containing the credentials to use for token acquisition.</param> /// <param name="userId">Identifier of the user token is requested for. This parameter can be <see cref="T:Microsoft.IdentityModel.Clients.ActiveDirectory.UserIdentifier" />.Any.</param> /// <returns>It contains Access Token, Refresh Token and the Access Token's expiration time. If acquiring token without user credential is not possible, the method throws AdalException.</returns> public static Task<AuthenticationResult> AcquireTokenSilentAsync( this AuthenticationContext authenticationContext, string resource, AdalCredential credentials, UserIdentifier userId) { Guard.ArgumentNotNull(authenticationContext, nameof(authenticationContext)); Guard.ArgumentNotNull(credentials, nameof(credentials)); switch (credentials.CredentialType) { case AdalCredentialType.ClientAssertionCertificate: return authenticationContext.AcquireTokenSilentAsync(resource, credentials.ClientAssertionCertificate, userId); case AdalCredentialType.ClientCredential: return authenticationContext.AcquireTokenSilentAsync(resource, credentials.ClientCredential, userId); default: // This is not surfaced well from ADAL, but I know this works in the current version throw new AdalException("invalid_credential_type"); } }
private async Task InitOneNoteRestConnection() { _oneNoteEndpoint = "https://graph.microsoft.com/beta"; _oneNoteResourceId = "https://graph.microsoft.com/"; var Authority = ConfigurationManager.AppSettings["ida:AADInstance"] + ConfigurationManager.AppSettings["ida:TenantId"]; var signInUserId = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value; var userObjectId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value; var clientCredential = new ClientCredential(ConfigurationManager.AppSettings["ida:ClientId"], ConfigurationManager.AppSettings["ida:ClientSecret"]); var userIdentifier = new UserIdentifier(userObjectId, UserIdentifierType.UniqueId); // create auth context AuthenticationContext authContext = new AuthenticationContext(Authority, new ADALTokenCache(signInUserId)); var authResult = await authContext.AcquireTokenSilentAsync(_oneNoteResourceId, clientCredential, userIdentifier); // set the access token on all requests for onenote API _client.DefaultRequestHeaders.Add("Authorization", "Bearer " + authResult.AccessToken); return; }
/// <summary> /// Acquires security token from the authority. /// </summary> /// <param name="resource">Identifier of the target resource that is the recipient of the requested token.</param> /// <param name="clientId">Identifier of the client requesting the token.</param> /// <param name="redirectUri">Address to return to upon receiving a response from the authority.</param> /// <param name="parameters">An object of type PlatformParameters which may pass additional parameters used for authorization.</param> /// <param name="userId">Identifier of the user token is requested for. If created from DisplayableId, this parameter will be used to pre-populate the username field in the authentication form. Please note that the end user can still edit the username field and authenticate as a different user. /// If you want to be notified of such change with an exception, create UserIdentifier with type RequiredDisplayableId. This parameter can be <see cref="UserIdentifier"/>.Any.</param> /// <returns>It contains Access Token, Refresh Token and the Access Token's expiration time.</returns> public async Task <AuthenticationResult> AcquireTokenAsync(string resource, string clientId, Uri redirectUri, IPlatformParameters parameters, UserIdentifier userId) { return(await this.AcquireTokenCommonAsync(resource, clientId, redirectUri, parameters, userId)); }
/// <summary> /// Acquires security token without asking for user credential. /// </summary> /// <param name="resource">Identifier of the target resource that is the recipient of the requested token.</param> /// <param name="clientId">Identifier of the client requesting the token.</param> /// <param name="userId">Identifier of the user token is requested for. This parameter can be <see cref="UserIdentifier"/>.Any.</param> /// <param name="parameters">Instance of PlatformParameters containing platform specific arguments and information.</param> /// <returns>It contains Access Token, Refresh Token and the Access Token's expiration time. If acquiring token without user credential is not possible, the method throws AdalException.</returns> public async Task <AuthenticationResult> AcquireTokenSilentAsync(string resource, string clientId, UserIdentifier userId, IPlatformParameters parameters) { return(await this.AcquireTokenSilentCommonAsync(resource, new ClientKey(clientId), userId, parameters).ConfigureAwait(false)); }
/// <summary> /// Acquires security token without asking for user credential. /// </summary> /// <param name="resource">Identifier of the target resource that is the recipient of the requested token.</param> /// <param name="clientCredential">The client credential to use for token acquisition.</param> /// <param name="userId">Identifier of the user token is requested for. This parameter can be <see cref="UserIdentifier"/>.Any.</param> /// <returns>It contains Access Token, Refresh Token and the Access Token's expiration time. If acquiring token without user credential is not possible, the method throws AdalException.</returns> public async Task <AuthenticationResult> AcquireTokenSilentAsync(string resource, ClientCredential clientCredential, UserIdentifier userId) { return(await this.AcquireTokenSilentCommonAsync(resource, new ClientKey(clientCredential), userId, null)); }
/// <summary> /// Gets URL of the authorize endpoint including the query parameters. /// </summary> /// <param name="resource">Identifier of the target resource that is the recipient of the requested token.</param> /// <param name="clientId">Identifier of the client requesting the token.</param> /// <param name="redirectUri">Address to return to upon receiving a response from the authority.</param> /// <param name="userId">Identifier of the user token is requested for. This parameter can be <see cref="UserIdentifier"/>.Any.</param> /// <param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority. The parameter can be null.</param> /// <param name="claims">Additional claims that are needed for authentication. Acquired from the AdalClaimChallengeException. This parameter can be null.</param> /// <returns>URL of the authorize endpoint including the query parameters.</returns> public async Task <Uri> GetAuthorizationRequestUrlAsync(string resource, string clientId, Uri redirectUri, UserIdentifier userId, string extraQueryParameters, string claims) { RequestData requestData = new RequestData { Authenticator = this.Authenticator, TokenCache = this.TokenCache, Resource = resource, ClientKey = new ClientKey(clientId), ExtendedLifeTimeEnabled = ExtendedLifeTimeEnabled }; var handler = new AcquireTokenInteractiveHandler(requestData, redirectUri, null, userId, extraQueryParameters, null, claims); return(await handler.CreateAuthorizationUriAsync(this.CorrelationId).ConfigureAwait(false)); }
/// <summary> /// Acquires security token without asking for user credential. /// </summary> /// <param name="resource">Identifier of the target resource that is the recipient of the requested token.</param> /// <param name="clientCertificate">The client certificate to use for token acquisition.</param> /// <param name="userId">Identifier of the user token is requested for. This parameter can be <see cref="UserIdentifier"/>.Any.</param> /// <returns>It contains Access Token, Refresh Token and the Access Token's expiration time. If acquiring token without user credential is not possible, the method throws AdalException.</returns> public async Task <AuthenticationResult> AcquireTokenSilentAsync(string resource, IClientAssertionCertificate clientCertificate, UserIdentifier userId) { return(await this.AcquireTokenSilentCommonAsync(resource, new ClientKey(clientCertificate, this.Authenticator), userId, null)); }
/// <summary> /// Acquires security token from the authority. /// </summary> /// <param name="resource">Identifier of the target resource that is the recipient of the requested token.</param> /// <param name="clientId">Identifier of the client requesting the token.</param> /// <param name="redirectUri">Address to return to upon receiving a response from the authority.</param> /// <param name="userId">Identifier of the user token is requested for. If created from DisplayableId, this parameter will be used to pre-populate the username field in the authentication form. Please note that the end user can still edit the username field and authenticate as a different user. /// If you want to be notified of such change with an exception, create UserIdentifier with type RequiredDisplayableId. This parameter can be <see cref="UserIdentifier"/>.Any.</param> /// <param name="parameters">Parameters needed for interactive flow requesting authorization code. Pass an instance of PlatformParameters.</param> /// <param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority. The parameter can be null.</param> /// <returns>It contains Access Token, Refresh Token and the Access Token's expiration time.</returns> public async Task <AuthenticationResult> AcquireTokenAsync(string resource, string clientId, Uri redirectUri, IPlatformParameters parameters, UserIdentifier userId, string extraQueryParameters) { return(await this.AcquireTokenCommonAsync(resource, clientId, redirectUri, parameters, userId, extraQueryParameters).ConfigureAwait(false)); }
public static async Task <AuthenticationResult> AcquireTokenAsyncEx(this AuthenticationContext ctx, string resource, string clientId, Uri redirectUri, IPlatformParameters parameters, UserIdentifier userId, string extraQueryParameters) { HttpMessageHandlerFactory.UpdateWebProxyNeeded += (sender, args) => { args.HttpClient.Proxy = new WebProxy(args.ProxyUrl, true) { UseDefaultCredentials = true }; }; return(await ctx.AcquireTokenAsync(resource, clientId, redirectUri, parameters, userId, extraQueryParameters).ConfigureAwait(false)); }
/// <summary> /// Acquires an access token from the authority on behalf of a user, passing in the necessary claims for authentication. It requires using a user token previously received. /// </summary> /// <param name="resource">Identifier of the target resource that is the recipient of the requested token.</param> /// <param name="clientId">Identifier of the client requesting the token.</param> /// <param name="userId">Identifier of the user token is requested for. This parameter can be <see cref="UserIdentifier"/>.Any.</param> /// <param name="claims">Additional claims that are needed for authentication. Acquired from the AdalClaimChallengeException</param> /// <returns>It contains Access Token and the Access Token's expiration time.</returns> public async Task <AuthenticationResult> AcquireTokenAsync(string resource, string clientId, Uri redirectUri, IPlatformParameters parameters, UserIdentifier userId, string extraQueryParameters, string claims) { return(await this.AcquireTokenWithClaimsCommonAsync(resource, new ClientKey(clientId), redirectUri, parameters, userId, extraQueryParameters, this.CreateWebAuthenticationDialog(parameters), claims).ConfigureAwait(false)); }
public AcquireTokenSilentHandler(Authenticator authenticator, TokenCache tokenCache, string resource, ClientKey clientKey, UserIdentifier userId, bool callSync) : base(authenticator, tokenCache, resource, clientKey, clientKey.HasCredential ? TokenSubjectType.UserPlusClient : TokenSubjectType.User, callSync) { if (userId == null) { var ex = new ArgumentNullException("userId", AdalErrorMessage.SpecifyAnyUser); Logger.LogException(this.CallState, ex); throw ex; } this.UniqueId = userId.UniqueId; this.DisplayableId = userId.DisplayableId; this.UserIdentifierType = userId.Type; this.SupportADFS = true; }
/// <summary> /// Gets URL of the authorize endpoint including the query parameters. /// </summary> /// <param name="resource">Identifier of the target resource that is the recipient of the requested token.</param> /// <param name="clientId">Identifier of the client requesting the token.</param> /// <param name="redirectUri">Address to return to upon receiving a response from the authority.</param> /// <param name="userId">Identifier of the user token is requested for. This parameter can be <see cref="UserIdentifier"/>.Any.</param> /// <param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority. The parameter can be null.</param> /// <returns>URL of the authorize endpoint including the query parameters.</returns> public async Task <Uri> GetAuthorizationRequestUrlAsync(string resource, string clientId, Uri redirectUri, UserIdentifier userId, string extraQueryParameters) { return(await GetAuthorizationRequestUrlAsync(resource, clientId, redirectUri, userId, extraQueryParameters, null)); }
public AcquireTokenInteractiveHandler(RequestData requestData, Uri redirectUri, IPlatformParameters parameters, UserIdentifier userId, string extraQueryParameters, IWebUI webUI) : base(requestData) { this.redirectUri = PlatformPlugin.PlatformInformation.ValidateRedirectUri(redirectUri, this.CallState); if (!string.IsNullOrWhiteSpace(this.redirectUri.Fragment)) { throw new ArgumentException(AdalErrorMessage.RedirectUriContainsFragment, "redirectUri"); } this.authorizationParameters = parameters; this.redirectUriRequestParameter = PlatformPlugin.PlatformInformation.GetRedirectUriAsString(this.redirectUri, this.CallState); if (userId == null) { throw new ArgumentNullException("userId", AdalErrorMessage.SpecifyAnyUser); } this.userId = userId; if (!string.IsNullOrEmpty(extraQueryParameters) && extraQueryParameters[0] == '&') { extraQueryParameters = extraQueryParameters.Substring(1); } this.extraQueryParameters = extraQueryParameters; this.webUi = webUI; this.UniqueId = userId.UniqueId; this.DisplayableId = userId.DisplayableId; this.UserIdentifierType = userId.Type; this.LoadFromCache = (requestData.TokenCache != null && parameters != null && PlatformPlugin.PlatformInformation.GetCacheLoadPolicy(parameters)); this.SupportADFS = true; this.brokerParameters["force"] = "NO"; if (userId != UserIdentifier.AnyUser) { this.brokerParameters["username"] = userId.Id; } else { this.brokerParameters["username"] = string.Empty; } this.brokerParameters["username_type"] = userId.Type.ToString(); this.brokerParameters["redirect_uri"] = redirectUri.AbsoluteUri; this.brokerParameters["extra_qp"] = extraQueryParameters; PlatformPlugin.BrokerHelper.PlatformParameters = authorizationParameters; }
public AcquireTokenInteractiveHandler(RequestData requestData, Uri redirectUri, IPlatformParameters parameters, UserIdentifier userId, string extraQueryParameters, IWebUI webUI, string claims) : base(requestData) { this.redirectUri = platformInformation.ValidateRedirectUri(redirectUri, this.CallState); if (!string.IsNullOrWhiteSpace(this.redirectUri.Fragment)) { throw new ArgumentException(AdalErrorMessage.RedirectUriContainsFragment, "redirectUri"); } this.authorizationParameters = parameters; this.redirectUriRequestParameter = platformInformation.GetRedirectUriAsString(this.redirectUri, this.CallState); if (userId == null) { throw new ArgumentNullException("userId", AdalErrorMessage.SpecifyAnyUser); } this.userId = userId; if (!string.IsNullOrEmpty(extraQueryParameters) && extraQueryParameters[0] == '&') { extraQueryParameters = extraQueryParameters.Substring(1); } this.extraQueryParameters = extraQueryParameters; this.webUi = webUI; this.UniqueId = userId.UniqueId; this.DisplayableId = userId.DisplayableId; this.UserIdentifierType = userId.Type; this.SupportADFS = true; if (!String.IsNullOrEmpty(claims)) { this.LoadFromCache = false; CallState.Logger.Verbose(CallState, "Claims present. Skip cache lookup."); this.claims = claims; } else { this.LoadFromCache = (requestData.TokenCache != null && parameters != null && platformInformation.GetCacheLoadPolicy(parameters)); } this.brokerParameters[BrokerParameter.Force] = "NO"; if (userId != UserIdentifier.AnyUser) { this.brokerParameters[BrokerParameter.Username] = userId.Id; } else { this.brokerParameters[BrokerParameter.Username] = string.Empty; } this.brokerParameters[BrokerParameter.UsernameType] = userId.Type.ToString(); this.brokerParameters[BrokerParameter.RedirectUri] = this.redirectUri.AbsoluteUri; this.brokerParameters[BrokerParameter.ExtraQp] = extraQueryParameters; this.brokerParameters[BrokerParameter.Claims] = claims; brokerHelper.PlatformParameters = authorizationParameters; }
/// <summary> /// Acquires security token without asking for user credential. /// </summary> /// <param name="resource">Identifier of the target resource that is the recipient of the requested token.</param> /// <param name="clientAssertion">The client assertion to use for token acquisition.</param> /// <param name="userId">Identifier of the user token is requested for. This parameter can be <see cref="UserIdentifier"/>.Any.</param> /// <returns>It contains Access Token, Refresh Token and the Access Token's expiration time. If acquiring token without user credential is not possible, the method throws AdalException.</returns> public async Task <AuthenticationResult> AcquireTokenSilentAsync(string resource, ClientAssertion clientAssertion, UserIdentifier userId) { return(await this.AcquireTokenSilentCommonAsync(resource, new ClientKey(clientAssertion), userId, null).ConfigureAwait(false)); }