// // GET: /UserProfile/ public async Task<ActionResult> Index() { // // Retrieve the user's name, tenantID, and access token since they are parameters used to query the Graph API. // UserProfile profile; string tenantId = ClaimsPrincipal.Current.FindFirst(TenantIdClaimType).Value; AuthenticationResult result = null; try { // Get the access token from the cache string userObjectID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier") .Value; AuthenticationContext authContext = new AuthenticationContext(Startup.Authority, new NaiveSessionCache(userObjectID)); ClientCredential credential = new ClientCredential(clientId, appKey); result = authContext.AcquireTokenSilent(graphResourceId, credential, new UserIdentifier(userObjectID, UserIdentifierType.UniqueId)); // Call the Graph API manually and retrieve the user's profile. string requestUrl = String.Format( CultureInfo.InvariantCulture, graphUserUrl, HttpUtility.UrlEncode(tenantId)); HttpClient client = new HttpClient(); HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, requestUrl); request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken); HttpResponseMessage response = await client.SendAsync(request); // Return the user's profile in the view. if (response.IsSuccessStatusCode) { string responseString = await response.Content.ReadAsStringAsync(); profile = JsonConvert.DeserializeObject<UserProfile>(responseString); } else { // If the call failed, then drop the current access token and show the user an error indicating they might need to sign-in again. authContext.TokenCache.Clear(); profile = new UserProfile(); profile.DisplayName = " "; profile.GivenName = " "; profile.Surname = " "; ViewBag.ErrorMessage = "UnexpectedError"; } } catch (Exception e) { if (Request.QueryString["reauth"] == "True") { // // Send an OpenID Connect sign-in request to get a new set of tokens. // If the user still has a valid session with Azure AD, they will not be prompted for their credentials. // The OpenID Connect middleware will return to this controller after the sign-in response has been handled. // HttpContext.GetOwinContext() .Authentication.Challenge(OpenIdConnectAuthenticationDefaults.AuthenticationType); } // // The user needs to re-authorize. Show them a message to that effect. // profile = new UserProfile(); profile.DisplayName = " "; profile.GivenName = " "; profile.Surname = " "; ViewBag.ErrorMessage = "AuthorizationRequired"; } return View(profile); }
// // GET: /UserProfile/ public async Task<ActionResult> Index() { // // Retrieve the user's name, tenantID, and access token since they are parameters used to query the Graph API. // UserProfile profile; string accessToken = null; string tenantId = ClaimsPrincipal.Current.FindFirst(TenantIdClaimType).Value; if (tenantId != null) { accessToken = TokenCacheUtils.GetAccessTokenFromCacheOrRefreshToken(tenantId, graphResourceId); } // // If the user doesn't have an access token, they need to re-authorize. // if (accessToken == null) { // // If refresh is set to true, the user has clicked the link to be authorized again. // if (Request.QueryString["reauth"] == "True") { // // Send an OpenID Connect sign-in request to get a new set of tokens. // If the user still has a valid session with Azure AD, they will not be prompted for their credentials. // The OpenID Connect middleware will return to this controller after the sign-in response has been handled. // HttpContext.GetOwinContext().Authentication.Challenge(OpenIdConnectAuthenticationDefaults.AuthenticationType); } // // The user needs to re-authorize. Show them a message to that effect. // profile = new UserProfile(); profile.DisplayName = " "; profile.GivenName = " "; profile.Surname = " "; ViewBag.ErrorMessage = "AuthorizationRequired"; return View(profile); } // // Call the Graph API and retrieve the user's profile. // string requestUrl = String.Format( CultureInfo.InvariantCulture, graphUserUrl, HttpUtility.UrlEncode(tenantId)); HttpClient client = new HttpClient(); HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, requestUrl); request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken); HttpResponseMessage response = await client.SendAsync(request); // // Return the user's profile in the view. // if (response.IsSuccessStatusCode) { string responseString = await response.Content.ReadAsStringAsync(); profile = JsonConvert.DeserializeObject<UserProfile>(responseString); } else { // // If the call failed, then drop the current access token and show the user an error indicating they might need to sign-in again. // TokenCacheUtils.RemoveAccessTokenFromCache(graphResourceId); profile = new UserProfile(); profile.DisplayName = " "; profile.GivenName = " "; profile.Surname = " "; ViewBag.ErrorMessage = "UnexpectedError"; } return View(profile); }