private async Task <UcwaHttpOperationResult> GetRedirectResource(string redirectUrl, bool checkRedirectUrl = true)
{
if (checkRedirectUrl && !RedirectUrlSecurityCheckPassed(redirectUrl))
{
return(new UcwaHttpOperationResult(HttpStatusCode.Redirect, "Failed to pass secury check on redirect of " + redirectUrl));
}
var response = await Transport.GetRequest(redirectUrl);
if (response.StatusCode != HttpStatusCode.OK)
{
return(new UcwaHttpOperationResult(response.StatusCode, UcwaAppUtils.ConvertResponseBodyStreamToString(response.GetResponseStream())));
}
try
{
var res = new UcwaResource(response.GetResponseStream());
return(new UcwaHttpOperationResult(response.StatusCode, null, res));
}
catch (Exception e)
{
return(new UcwaHttpOperationResult(response.StatusCode, e.Message, null, e));
}
}
private async Task <UcwaHttpOperationResult> GetUserResource(string userResUri, string userName, string password, AuthenticationTypes authType = AuthenticationTypes.Password)
{
this.IsSignedIn = false;
//
// First GET user resource to retrieve oAuthToken href.
// Expect 401 Unauthorized response as an HTML payload
var response = await Transport.GetRequest(userResUri);
if (response.StatusCode != HttpStatusCode.Unauthorized && response.StatusCode != HttpStatusCode.OK)
{
return(new UcwaHttpOperationResult(response.StatusCode, "Failed to GetRequest on " + userResUri));
}
if (response.StatusCode == HttpStatusCode.Unauthorized)
{
// Get OAuth resource for a Web ticket
var authHeader = UcwaAppUtils.ConvertWebHeaderCollectionToKeyValuePairs(response.Headers)
.Where(a => a.Key == "WWW-Authenticate" && a.Value.Contains("MsRtcOAuth href"))
.FirstOrDefault().Value;
var oAuthHref = authHeader.Split(',').Where(s => s.Contains("MsRtcOAuth")).FirstOrDefault()
.Split('=')[1].Replace("\"", "").Trim();
string requestBody = GetAuthenticationRequestBody(userName, password, authType);
// Note: the following PostRequest returns a json payload in the responseData, containing the access token,
var cType = "application/x-www-form-urlencoded;charset='utf-8'";
var aType = "application/x-www-form-urlencoded;charset='utf-8'";
response = await Transport.PostRequest(oAuthHref, aType, cType, requestBody);
if (response.StatusCode != HttpStatusCode.OK)
{
return(new UcwaHttpOperationResult(response.StatusCode, "PostRequest on " + oAuthHref + " with " + requestBody));
}
string responseData = UcwaAppUtils.ConvertResponseBodyStreamToString(response.GetResponseStream());
if (authType == AuthenticationTypes.Passive && response.StatusCode == HttpStatusCode.BadRequest &&
responseData.Contains("ms_rtc_passiveauthuri"))
{
// get ms_rtc_passiveauthuri to obtain an ADFS cookie and do another POST request (above) to obtain UCWA oAuth token
System.Text.RegularExpressions.Regex regex = new System.Text.RegularExpressions.Regex("\"ms_rtc_passiveauthuri\":\"(.)\"");
var match = regex.Match(responseData);
var passiveauthuri = match.Groups[1].Value;
// to do: obtain a token from ADFS
// ... .// omitted here
// repost on oAuthHref, once a new ADFS token is had
response = await Transport.PostRequest(oAuthHref, aType, cType, requestBody);
if (response.StatusCode != HttpStatusCode.OK)
{
return(new UcwaHttpOperationResult(response.StatusCode, "PostRequest on " + oAuthHref + " with " + requestBody));
}
responseData = UcwaAppUtils.ConvertResponseBodyStreamToString(response.GetResponseStream());
}
// Extract the access token from the response body to construct the oAuth token
oAuth20Token = GetOAuthToken(responseData);
if (oAuth20Token != null)
{
Transport.OAuthToken = oAuth20Token;
// Second GET userHref, supplying the required compact-web-ticket (cwt) in an Authorization header
response = await Transport.GetRequest(userResUri);
if (response.StatusCode != HttpStatusCode.OK)
{
return(new UcwaHttpOperationResult(response.StatusCode, "GetRequest on " + userResUri + " with oAuth token of " + oAuth20Token));
}
}
else
{
return(new UcwaHttpOperationResult(response.StatusCode, "PostRequest on " + oAuthHref + " returns " + responseData));
}
}
this.IsSignedIn = true;
var res = new UcwaResource(response.GetResponseStream());
return(new UcwaHttpOperationResult(response.StatusCode, null, res));
}