// // GET: /UserProfile/ public async Task<ActionResult> Index() { // // Retrieve the user's name, tenantID, and access token since they are parameters used to query the Graph API. // UserProfile profile; AuthenticationResult result = null; try { string userObjectID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value; AuthenticationContext authContext = new AuthenticationContext(Startup.Authority, new NaiveSessionCache(userObjectID)); ClientCredential credential = new ClientCredential(clientId, appKey); result = authContext.AcquireTokenSilent(todoListResourceId, credential, new UserIdentifier(userObjectID, UserIdentifierType.UniqueId)); // // Retrieve the user's profile from the ToDoList Service // HttpClient client = new HttpClient(); HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, todoListBaseAddress + "/api/userprofile"); request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken); HttpResponseMessage response = await client.SendAsync(request); // // Return the user's profile in the view. // if (response.IsSuccessStatusCode) { string responseString = await response.Content.ReadAsStringAsync(); profile = JsonConvert.DeserializeObject<UserProfile>(responseString); } else { var todoTokens = authContext.TokenCache.ReadItems().Where(a => a.Resource == todoListResourceId); foreach (TokenCacheItem tci in todoTokens) authContext.TokenCache.DeleteItem(tci); // // If the call failed, then drop the current access token and show the user an error indicating they might need to sign-in again. // //var todoTokens = authContext.TokenCache.ReadItems().Where(a => a.Resource == graphResourceId); //foreach (TokenCacheItem tci in todoTokens) // authContext.TokenCache.DeleteItem(tci); profile = new UserProfile(); profile.DisplayName = " "; profile.GivenName = " "; profile.Surname = " "; //ViewBag.ErrorMessage = "UnexpectedError"; ViewBag.ErrorMessage = response.ReasonPhrase; } return View(profile); } catch (Exception ee) { // // If the user doesn't have an access token, they need to re-authorize. // // // If refresh is set to true, the user has clicked the link to be authorized again. // if (Request.QueryString["reauth"] == "True") { // // Send an OpenID Connect sign-in request to get a new set of tokens. // If the user still has a valid session with Azure AD, they will not be prompted for their credentials. // The OpenID Connect middleware will return to this controller after the sign-in response has been handled. // HttpContext.GetOwinContext().Authentication.Challenge(OpenIdConnectAuthenticationDefaults.AuthenticationType); } // // The user needs to re-authorize. Show them a message to that effect. // profile = new UserProfile(); profile.DisplayName = " "; profile.GivenName = " "; profile.Surname = " "; ViewBag.ErrorMessage = "AuthorizationRequired"; ViewBag.ErrorMessage = ee.Message + "\n" + ee.StackTrace; return View(profile); } }
// // GET: /UserProfile/ public async Task<ActionResult> Index() { // // Retrieve the user's name, tenantID, and access token since they are parameters used to query the Graph API. // UserProfile profile; string accessToken = null; string tenantId = ClaimsPrincipal.Current.FindFirst(TenantIdClaimType).Value; if (tenantId != null) { accessToken = TokenCacheUtils.GetAccessTokenFromCacheOrRefreshToken(tenantId, graphResourceId); } // // If the user doesn't have an access token, they need to re-authorize. // if (accessToken == null) { // // If refresh is set to true, the user has clicked the link to be authorized again. // if (Request.QueryString["reauth"] == "True") { // // Send an OpenID Connect sign-in request to get a new set of tokens. // If the user still has a valid session with Azure AD, they will not be prompted for their credentials. // The OpenID Connect middleware will return to this controller after the sign-in response has been handled. // HttpContext.GetOwinContext().Authentication.Challenge(OpenIdConnectAuthenticationDefaults.AuthenticationType); } // // The user needs to re-authorize. Show them a message to that effect. // profile = new UserProfile(); profile.DisplayName = " "; profile.GivenName = " "; profile.Surname = " "; ViewBag.ErrorMessage = "AuthorizationRequired"; return View(profile); } // // Call the Graph API and retrieve the user's profile. // string requestUrl = String.Format( CultureInfo.InvariantCulture, graphUserUrl, HttpUtility.UrlEncode(tenantId)); HttpClient client = new HttpClient(); HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, requestUrl); request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken); HttpResponseMessage response = await client.SendAsync(request); // // Return the user's profile in the view. // if (response.IsSuccessStatusCode) { string responseString = await response.Content.ReadAsStringAsync(); profile = JsonConvert.DeserializeObject<UserProfile>(responseString); } else { // // If the call failed, then drop the current access token and show the user an error indicating they might need to sign-in again. // TokenCacheUtils.RemoveAccessTokenFromCache(graphResourceId); profile = new UserProfile(); profile.DisplayName = " "; profile.GivenName = " "; profile.Surname = " "; ViewBag.ErrorMessage = "UnexpectedError"; } return View(profile); }
// // GET: /UserProfile/ public async Task<ActionResult> Index() { // // Retrieve the user's name, tenantID, and access token since they are parameters used to query the Graph API. // UserProfile profile; AuthenticationResult result = null; // // WithConditionalAccess: // // Check if the user is authenticated. If not, issue a challenge for this resource. // if (ClaimsPrincipal.Current.Identity.IsAuthenticated == false) { HttpContext.GetOwinContext().Authentication.Challenge( new Microsoft.Owin.Security.AuthenticationProperties( new Dictionary<string, string> { {Startup.ResourceKey, graphResourceId} }), OpenIdConnectAuthenticationDefaults.AuthenticationType); profile = new UserProfile(); profile.DisplayName = " "; profile.GivenName = " "; profile.Surname = " "; ViewBag.ErrorMessage = "AuthorizationRequired"; return View(profile); } try { string tenantId = ClaimsPrincipal.Current.FindFirst(TenantIdClaimType).Value; string userObjectID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value; AuthenticationContext authContext = new AuthenticationContext(Startup.Authority, new NaiveSessionCache(userObjectID)); ClientCredential credential = new ClientCredential(clientId, appKey); result = authContext.AcquireTokenSilent(graphResourceId, credential, new UserIdentifier(userObjectID, UserIdentifierType.UniqueId)); // // Call the Graph API and retrieve the user's profile. // string requestUrl = String.Format( CultureInfo.InvariantCulture, graphUserUrl, HttpUtility.UrlEncode(tenantId)); HttpClient client = new HttpClient(); HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, requestUrl); request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken); HttpResponseMessage response = await client.SendAsync(request); // // Return the user's profile in the view. // if (response.IsSuccessStatusCode) { string responseString = await response.Content.ReadAsStringAsync(); profile = JsonConvert.DeserializeObject<UserProfile>(responseString); } else { // // If the call failed, then drop the current access token and show the user an error indicating they might need to sign-in again. // var todoTokens = authContext.TokenCache.ReadItems().Where(a => a.Resource == graphResourceId); foreach (TokenCacheItem tci in todoTokens) authContext.TokenCache.DeleteItem(tci); profile = new UserProfile(); profile.DisplayName = " "; profile.GivenName = " "; profile.Surname = " "; ViewBag.ErrorMessage = "UnexpectedError"; } return View(profile); } catch (AdalSilentTokenAcquisitionException ee) { // // If the user doesn't have an access token, they need to re-authorize. // // // If refresh is set to true, the user has clicked the link to be authorized again. // if (Request.QueryString["reauth"] == "True") { // // Send an OpenID Connect sign-in request to get a new set of tokens. // If the user still has a valid session with Azure AD, they will not be prompted for their credentials. // The OpenID Connect middleware will return to this controller after the sign-in response has been handled. // // WithConditionalAcccess: Include the resource ID for which the token is being requested. // HttpContext.GetOwinContext().Authentication.Challenge( new Microsoft.Owin.Security.AuthenticationProperties( new Dictionary<string, string> { {Startup.ResourceKey, graphResourceId } }), OpenIdConnectAuthenticationDefaults.AuthenticationType); } // // The user needs to re-authorize. Show them a message to that effect. // profile = new UserProfile(); profile.DisplayName = " "; profile.GivenName = " "; profile.Surname = " "; ViewBag.ErrorMessage = "AuthorizationRequired"; return View(profile); } }
// // GET: /UserProfile/ public async Task<ActionResult> Index() { // // Retrieve the user's name, tenantID, and access token since they are parameters used to query the Graph API. // UserProfile profile; AuthenticationResult result = null; try { string tenantId = ClaimsPrincipal.Current.FindFirst(TenantIdClaimType).Value; AuthenticationContext authContext = new AuthenticationContext("https://login.chinacloudapi.cn/common/"); ClientCredential clientCred = new ClientCredential(clientId, appKey); var bootstrapContext = ClaimsPrincipal.Current.Identities.First().BootstrapContext as System.IdentityModel.Tokens.BootstrapContext; string userName = ClaimsPrincipal.Current.FindFirst(ClaimTypes.Upn) != null ? ClaimsPrincipal.Current.FindFirst(ClaimTypes.Upn).Value : ClaimsPrincipal.Current.FindFirst(ClaimTypes.Email).Value; string tenant = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value; ; UserAssertion userAssertion = new UserAssertion(bootstrapContext.Token, "urn:ietf:params:oauth:grant-type:jwt-bearer", userName); result = await authContext.AcquireTokenAsync(graphResourceId, clientCred, userAssertion); // // Call the Graph API and retrieve the user's profile. // string graphUserUrl = string.Format("https://graph.chinacloudapi.cn/{0}/me?api-version=2013-11-08", tenant); string requestUrl = string.Format(CultureInfo.InvariantCulture, graphUserUrl, HttpUtility.UrlEncode(tenantId)); HttpClient client = new HttpClient(); HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, requestUrl); request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken); HttpResponseMessage response = await client.SendAsync(request); // // Return the user's profile in the view. // if (response.IsSuccessStatusCode) { string responseString = await response.Content.ReadAsStringAsync(); profile = JsonConvert.DeserializeObject<UserProfile>(responseString); } else { // // If the call failed, then drop the current access token and show the user an error indicating they might need to sign-in again. // var todoTokens = authContext.TokenCache.ReadItems().Where(a => a.Resource == graphResourceId); foreach (TokenCacheItem tci in todoTokens) authContext.TokenCache.DeleteItem(tci); profile = new UserProfile(); profile.DisplayName = " "; profile.GivenName = " "; profile.Surname = " "; ViewBag.ErrorMessage = "UnexpectedError"; } return View(profile); } catch (AdalException ee) { // // If the user doesn't have an access token, they need to re-authorize. // // // If refresh is set to true, the user has clicked the link to be authorized again. // if (Request.QueryString["reauth"] == "True") { // // Send an OpenID Connect sign-in request to get a new set of tokens. // If the user still has a valid session with Azure AD, they will not be prompted for their credentials. // The OpenID Connect middleware will return to this controller after the sign-in response has been handled. // HttpContext.GetOwinContext().Authentication.Challenge( new AuthenticationProperties(), OpenIdConnectAuthenticationDefaults.AuthenticationType); } // // The user needs to re-authorize. Show them a message to that effect. // profile = new UserProfile(); profile.DisplayName = " "; profile.GivenName = " "; profile.Surname = " "; ViewBag.ErrorMessage = "AuthorizationRequired"; return View(profile); } }