forked from microsoftgraph/aspnet-snippets-sample
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathSampleAuthProvider.cs
90 lines (79 loc) · 3.57 KB
/
SampleAuthProvider.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
/*
* Copyright (c) Microsoft. All rights reserved. Licensed under the MIT license.
* See LICENSE in the source repository root for complete license information.
*/
using Microsoft.Graph;
using Microsoft.Identity.Client;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.OpenIdConnect;
using Microsoft_Graph_ASPNET_Snippets.TokenStorage;
using Resources;
using System.Configuration;
using System.Security.Claims;
using System.Threading.Tasks;
using System.Web;
namespace Microsoft_Graph_ASPNET_Snippets.Helpers
{
public sealed class SampleAuthProvider : IAuthProvider
{
// Properties used to get and manage an access token.
private string redirectUri = ConfigurationManager.AppSettings["ida:RedirectUri"];
private string appId = ConfigurationManager.AppSettings["ida:AppId"];
private string appSecret = ConfigurationManager.AppSettings["ida:AppSecret"];
private string nonAdminScopes = ConfigurationManager.AppSettings["ida:NonAdminScopes"];
private string adminScopes = ConfigurationManager.AppSettings["ida:AdminScopes"];
private SessionTokenCache tokenCache { get; set; }
private string url { get; set; }
private static readonly SampleAuthProvider instance = new SampleAuthProvider();
private SampleAuthProvider() { }
public static SampleAuthProvider Instance
{
get
{
return instance;
}
}
// Gets an access token and its expiration date. First tries to get the token from the token cache.
public async Task<string> GetUserAccessTokenAsync()
{
// Initialize the cache.
HttpContextBase context = HttpContext.Current.GetOwinContext().Environment["System.Web.HttpContextBase"] as HttpContextBase;
tokenCache = new SessionTokenCache(
ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value,
context);
//var cachedItems = tokenCache.ReadItems(appId); // see what's in the cache
if (!redirectUri.EndsWith("/")) redirectUri = redirectUri + "/";
string[] segments = context.Request.Path.Split(new char[] { '/' });
ConfidentialClientApplication cca = new ConfidentialClientApplication(
appId,
redirectUri + segments[1],
new ClientCredential(appSecret),
tokenCache);
bool? isAdmin = HttpContext.Current.Session["IsAdmin"] as bool?;
string allScopes = nonAdminScopes;
if (isAdmin.GetValueOrDefault())
{
allScopes += " " + adminScopes;
}
string[] scopes = allScopes.Split(new char[] { ' ' });
try
{
AuthenticationResult result = await cca.AcquireTokenSilentAsync(scopes);
return result.Token;
}
// Unable to retrieve the access token silently.
catch (MsalSilentTokenAcquisitionException)
{
HttpContext.Current.Request.GetOwinContext().Authentication.Challenge(
new AuthenticationProperties() { RedirectUri = redirectUri + segments[1] },
OpenIdConnectAuthenticationDefaults.AuthenticationType);
throw new ServiceException(
new Error
{
Code = GraphErrorCode.AuthenticationFailure.ToString(),
Message = Resource.Error_AuthChallengeNeeded,
});
}
}
}
}