protected override async Task PreTokenRequest()
{
await base.PreTokenRequest();
UserRealmDiscoveryResponse userRealmResponse = await UserRealmDiscoveryResponse.CreateByDiscoveryAsync(this.Authenticator.UserRealmUri, this.userCredential.UserName, this.CallState);
PlatformPlugin.Logger.Information(this.CallState, "User '{0}' detected as '{1}'", this.userCredential.UserName, userRealmResponse.AccountType);
if (string.Compare(userRealmResponse.AccountType, "federated", StringComparison.OrdinalIgnoreCase) == 0)
{
if (string.IsNullOrWhiteSpace(userRealmResponse.FederationMetadataUrl))
{
var ex = new AdalException(AdalError.MissingFederationMetadataUrl);
PlatformPlugin.Logger.LogException(this.CallState, ex);
throw ex;
}
Uri wsTrustUrl = await MexParser.FetchWsTrustAddressFromMexAsync(userRealmResponse.FederationMetadataUrl, this.userCredential.UserAuthType, this.CallState);
PlatformPlugin.Logger.Information(this.CallState, "WS-Trust endpoint '{0}' fetched from MEX at '{1}'", wsTrustUrl, userRealmResponse.FederationMetadataUrl);
WsTrustResponse wsTrustResponse = await WsTrustRequest.SendRequestAsync(wsTrustUrl, this.userCredential, this.CallState);
PlatformPlugin.Logger.Information(this.CallState, "Token of type '{0}' acquired from WS-Trust endpoint", wsTrustResponse.TokenType);
// We assume that if the response token type is not SAML 1.1, it is SAML 2
this.samlAssertion = new UserAssertion(wsTrustResponse.Token, (wsTrustResponse.TokenType == WsTrustResponse.Saml1Assertion) ? OAuthGrantType.Saml11Bearer : OAuthGrantType.Saml20Bearer);
}
else if (string.Compare(userRealmResponse.AccountType, "managed", StringComparison.OrdinalIgnoreCase) == 0)
{
// handle password grant flow for the managed user
if (this.userCredential.PasswordToCharArray() == null)
{
var ex = new AdalException(AdalError.PasswordRequiredForManagedUserError);
PlatformPlugin.Logger.LogException(this.CallState, ex);
throw ex;
}
}
else
{
var ex = new AdalException(AdalError.UnknownUserType);
PlatformPlugin.Logger.LogException(this.CallState, ex);
throw ex;
}
}
protected override async Task PreTokenRequest()
{
await base.PreTokenRequest().ConfigureAwait(false);
if (this.PerformUserRealmDiscovery())
{
UserRealmDiscoveryResponse userRealmResponse = await UserRealmDiscoveryResponse.CreateByDiscoveryAsync(this.Authenticator.UserRealmUri, this.userCredential.UserName, this.CallState).ConfigureAwait(false);
PlatformPlugin.Logger.Information(this.CallState, string.Format(CultureInfo.CurrentCulture, " User with hash '{0}' detected as '{1}'", PlatformPlugin.CryptographyHelper.CreateSha256Hash(this.userCredential.UserName), userRealmResponse.AccountType));
if (string.Compare(userRealmResponse.AccountType, "federated", StringComparison.OrdinalIgnoreCase) == 0)
{
if (string.IsNullOrWhiteSpace(userRealmResponse.FederationMetadataUrl))
{
throw new AdalException(AdalError.MissingFederationMetadataUrl);
}
WsTrustAddress wsTrustAddress = await MexParser.FetchWsTrustAddressFromMexAsync(userRealmResponse.FederationMetadataUrl, this.userCredential.UserAuthType, this.CallState).ConfigureAwait(false);
PlatformPlugin.Logger.Information(this.CallState, string.Format(CultureInfo.CurrentCulture, " WS-Trust endpoint '{0}' fetched from MEX at '{1}'", wsTrustAddress.Uri, userRealmResponse.FederationMetadataUrl));
WsTrustResponse wsTrustResponse = await WsTrustRequest.SendRequestAsync(wsTrustAddress, this.userCredential, this.CallState, userRealmResponse.CloudAudienceUrn).ConfigureAwait(false);
PlatformPlugin.Logger.Information(this.CallState, string.Format(CultureInfo.CurrentCulture, " Token of type '{0}' acquired from WS-Trust endpoint", wsTrustResponse.TokenType));
// We assume that if the response token type is not SAML 1.1, it is SAML 2
this.userAssertion = new UserAssertion(wsTrustResponse.Token, (wsTrustResponse.TokenType == WsTrustResponse.Saml1Assertion) ? OAuthGrantType.Saml11Bearer : OAuthGrantType.Saml20Bearer);
}
else if (string.Compare(userRealmResponse.AccountType, "managed", StringComparison.OrdinalIgnoreCase) == 0)
{
// handle password grant flow for the managed user
if (this.userCredential.PasswordToCharArray() == null)
{
throw new AdalException(AdalError.PasswordRequiredForManagedUserError);
}
}
else
{
throw new AdalException(AdalError.UnknownUserType);
}
}
}
private static void VerifyUserRealmResponse(UserRealmDiscoveryResponse userRealmResponse, string expectedAccountType)
{
Verify.AreEqual("1.0", userRealmResponse.Version);
Verify.AreEqual(userRealmResponse.AccountType, expectedAccountType);
if (expectedAccountType == "Federated")
{
Verify.IsNotNull(userRealmResponse.FederationActiveAuthUrl);
Verify.IsNotNull(userRealmResponse.FederationMetadataUrl);
Verify.AreEqual("WSTrust", userRealmResponse.FederationProtocol);
}
else
{
Verify.IsNull(userRealmResponse.FederationActiveAuthUrl);
Verify.IsNull(userRealmResponse.FederationMetadataUrl);
Verify.IsNull(userRealmResponse.FederationProtocol);
}
}