From a6f2a484850ca092e8e1cca2ec5bd8008b1ba794 Mon Sep 17 00:00:00 2001 From: Bert Cotton Date: Wed, 11 Oct 2017 21:47:19 -0600 Subject: [PATCH] Not sure what changed but it appears that doing StringContent is not longer supported by AAD for getting the token --- src/TfsAdvanced.Models/RequestData.cs | 1 - .../Controllers/LoginController.cs | 40 +++++----- .../ServiceRequests/AuthorizationRequest.cs | 75 ++++++++++--------- 3 files changed, 59 insertions(+), 57 deletions(-) diff --git a/src/TfsAdvanced.Models/RequestData.cs b/src/TfsAdvanced.Models/RequestData.cs index ca63adb..7831ea8 100644 --- a/src/TfsAdvanced.Models/RequestData.cs +++ b/src/TfsAdvanced.Models/RequestData.cs @@ -34,7 +34,6 @@ public RequestData(IOptions settings) HttpClient = new HttpClient(handler); HttpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); - //HttpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", authenticationToken.base64_token); var authorization = Convert.ToBase64String(Encoding.ASCII.GetBytes($"{appSettings.Security.Username}:{appSettings.Security.Password}")); HttpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", authorization); } diff --git a/src/TfsAdvanced/Controllers/LoginController.cs b/src/TfsAdvanced/Controllers/LoginController.cs index c485f7a..9764fa2 100644 --- a/src/TfsAdvanced/Controllers/LoginController.cs +++ b/src/TfsAdvanced/Controllers/LoginController.cs @@ -39,30 +39,30 @@ public async Task ADLogin(string code = null, string state = null return Redirect("/"); } - [HttpGet("LoginVSOAuth")] - [AllowAnonymous] - public async Task LoginAuth(string code = null, string state = null, bool Admin_consent = false, string Session_state = null) - { - var tokenString = await authorizationRequest.GetVSOAccessToken(GetBaseURL(), code, state); + //[HttpGet("LoginVSOAuth")] + //[AllowAnonymous] + //public async Task LoginAuth(string code = null, string state = null, bool Admin_consent = false, string Session_state = null) + //{ + // var tokenString = await authorizationRequest.GetVSOAccessToken(GetBaseURL(), code, state); - var token = JsonConvert.DeserializeObject(tokenString); + // var token = JsonConvert.DeserializeObject(tokenString); - if (String.IsNullOrEmpty(token.access_token)) - throw new Exception("The access token is null"); + // if (String.IsNullOrEmpty(token.access_token)) + // throw new Exception("The access token is null"); - var cookieValue = JsonConvert.SerializeObject(token); - HttpContext.Session.Set("AuthToken", ASCIIEncoding.ASCII.GetBytes(JsonConvert.SerializeObject(token))); - HttpContext.Response.Cookies.Append("Auth", cookieValue, new CookieOptions - { - Secure = true, - Expires = DateTime.Now.AddYears(1), - HttpOnly = true, - Path = "/", - Domain = HttpContext.Request.Host.ToString() - }); + // var cookieValue = JsonConvert.SerializeObject(token); + // HttpContext.Session.Set("AuthToken", ASCIIEncoding.ASCII.GetBytes(JsonConvert.SerializeObject(token))); + // HttpContext.Response.Cookies.Append("Auth", cookieValue, new CookieOptions + // { + // Secure = true, + // Expires = DateTime.Now.AddYears(1), + // HttpOnly = true, + // Path = "/", + // Domain = HttpContext.Request.Host.ToString() + // }); - return Redirect("/"); - } + // return Redirect("/"); + //} private string GetBaseURL() { diff --git a/src/TfsAdvanced/ServiceRequests/AuthorizationRequest.cs b/src/TfsAdvanced/ServiceRequests/AuthorizationRequest.cs index 1873665..d2fcc74 100644 --- a/src/TfsAdvanced/ServiceRequests/AuthorizationRequest.cs +++ b/src/TfsAdvanced/ServiceRequests/AuthorizationRequest.cs @@ -19,40 +19,40 @@ public AuthorizationRequest(IOptions appSettings) this.appSettings = appSettings.Value; } - public string GetVSOChallengeUrl(string baseURL) - { - return - $"https://app.vssps.visualstudio.com/oauth2/authorize?" + - $"client_id={appSettings.authorization.AppId}&response_type=Assertion" + - $"&state={appSettings.authorization.State}&scope={appSettings.authorization.Scope}" + - $"&redirect_uri={baseURL}{appSettings.authorization.RedirectURI}"; - } + //public string GetVSOChallengeUrl(string baseURL) + //{ + // return + // $"https://app.vssps.visualstudio.com/oauth2/authorize?" + + // $"client_id={appSettings.authorization.AppId}&response_type=Assertion" + + // $"&state={appSettings.authorization.State}&scope={appSettings.authorization.Scope}" + + // $"&redirect_uri={baseURL}{appSettings.authorization.RedirectURI}"; + //} - public async Task GetVSOAccessToken(string baseURL, string code, string state) - { - var request = new HttpRequestMessage(HttpMethod.Post, "https://app.vssps.visualstudio.com/oauth2/token"); - request.Content = new FormUrlEncodedContent(new[] - { - new KeyValuePair("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"), - new KeyValuePair("client_assertion", appSettings.authorization.AppSecret), - new KeyValuePair("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer"), - new KeyValuePair("assertion", code), - new KeyValuePair("redirect_uri", baseURL + appSettings.authorization.RedirectURI) - }); - HttpClientHandler handler = new HttpClientHandler() - { - AutomaticDecompression = DecompressionMethods.GZip | DecompressionMethods.Deflate - }; + //public async Task GetVSOAccessToken(string baseURL, string code, string state) + //{ + // var request = new HttpRequestMessage(HttpMethod.Post, "https://app.vssps.visualstudio.com/oauth2/token"); + // request.Content = new FormUrlEncodedContent(new[] + // { + // new KeyValuePair("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"), + // new KeyValuePair("client_assertion", appSettings.authorization.AppSecret), + // new KeyValuePair("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer"), + // new KeyValuePair("assertion", code), + // new KeyValuePair("redirect_uri", baseURL + appSettings.authorization.RedirectURI) + // }); + // HttpClientHandler handler = new HttpClientHandler() + // { + // AutomaticDecompression = DecompressionMethods.GZip | DecompressionMethods.Deflate + // }; - var saveResponse = await new HttpClient(handler).SendAsync(request); + // var saveResponse = await new HttpClient(handler).SendAsync(request); - var responseText = await saveResponse.Content.ReadAsStringAsync(); - return responseText; + // var responseText = await saveResponse.Content.ReadAsStringAsync(); + // return responseText; - //AuthenticationToken token = JsonConvert.DeserializeObject(responseText); - //return token; - } + // //AuthenticationToken token = JsonConvert.DeserializeObject(responseText); + // //return token; + //} public string GetADChallengeUrl(string baseURL) { @@ -66,12 +66,15 @@ public string GetADChallengeUrl(string baseURL) public async Task GetADAccessToken(string baseURL, string code, string state) { - var content = new StringContent($"grant_type=authorization_code&client_id={appSettings.authorization.ClientId}"+ - $"&code={code}&redirect_uri={baseURL}{appSettings.authorization.RedirectURI}" + - $"&resource=https://graph.windows.net"+ - $"&client_secret={appSettings.authorization.ClientSecret}", - Encoding.UTF8, - "application/x-www-form-urlencoded"); + var content = new List> + { + new KeyValuePair("grant_type", "authorization_code"), + new KeyValuePair("client_id", appSettings.authorization.ClientId), + new KeyValuePair("code", code), + new KeyValuePair("client_secret", appSettings.authorization.ClientSecret), + new KeyValuePair("redirect_uri", $"{baseURL}{appSettings.authorization.RedirectURI}" ) + }; + HttpClientHandler handler = new HttpClientHandler() { @@ -79,7 +82,7 @@ public async Task GetADAccessToken(string baseURL, string c }; var client = new HttpClient(handler); - var saveResponse = await client.PostAsync($"https://login.microsoftonline.com/{appSettings.authorization.TenantId}/oauth2/token", content); + var saveResponse = await client.PostAsync($"https://login.microsoftonline.com/{appSettings.authorization.TenantId}/oauth2/token", new FormUrlEncodedContent(content)); var responseText = await saveResponse.Content.ReadAsStringAsync();