Merge pull request #47 from microsoftgraph/po/msalAuthProvider

Adds MSAL-Graph auth provider support.

Author: darrelmiller

Graph-ASPNET-46-Snippets/Microsoft Graph ASPNET Snippets/App_GlobalResources/Resource.designer.cs

@@ -138,7 +138,7 @@
     <comment>Title and heading for Error view</comment>
   </data>
   <data name="Error_AuthChallengeNeeded" xml:space="preserve">
-    <value>Caller needs to authenticate.</value>
+    <value>authenticationChallengeRequired</value>
     <comment>Error message when unable to retrieve the access token silently.</comment>
   </data>
   <data name="Error_Introduction" xml:space="preserve">

Graph-ASPNET-46-Snippets/Microsoft Graph ASPNET Snippets/App_GlobalResources/Resource.resx

@@ -14,9 +14,9 @@
 using System.Threading.Tasks;
 using Microsoft_Graph_ASPNET_Snippets.TokenStorage;
 using System.IdentityModel.Tokens;
-using System.IdentityModel.Claims;
 using Microsoft.Identity.Client;
 using Microsoft_Graph_ASPNET_Snippets.Utils;
+using Microsoft.Graph.Auth;
 
 namespace Microsoft_Graph_ASPNET_Snippets
 {
@@ -79,14 +79,12 @@ public void ConfigureAuth(IAppBuilder app)
                         AuthorizationCodeReceived = async (context) =>
                         {
                             var code = context.Code;
-                            string signedInUserID = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value;
-                            string graphScopes = nonAdminScopes;
-                            string[] scopes = graphScopes.Split(new char[] { ' ' }, StringSplitOptions.RemoveEmptyEntries);
+                            string[] scopes = nonAdminScopes.Split(new char[] { ' ' }, StringSplitOptions.RemoveEmptyEntries);
 
-                            ConfidentialClientApplication cca = new ConfidentialClientApplication(appId, redirectUri,
-                               new ClientCredential(appSecret),
-                               new SessionTokenCache(signedInUserID, context.OwinContext.Environment["System.Web.HttpContextBase"] as HttpContextBase).GetMsalCacheInstance(), null);
-                            AuthenticationResult result = await cca.AcquireTokenByAuthorizationCodeAsync(code, scopes);
+                            SessionTokenCacheProvider sessionTokenCacheProvider = new SessionTokenCacheProvider(context.OwinContext.Environment["System.Web.HttpContextBase"] as HttpContextBase);
+                            IConfidentialClientApplication cca = AuthorizationCodeProvider.CreateClientApplication(appId, redirectUri, new ClientCredential(appSecret), sessionTokenCacheProvider);
+                            AuthorizationCodeProvider authorizationCodeProvider = new AuthorizationCodeProvider(cca, scopes);
+                            AuthenticationResult result = await authorizationCodeProvider.GetTokenByAuthorizationCodeAsync(code);
 
                             // Check whether the login is from the MSA tenant. 
                             // The sample uses this attribute to disable UI buttons for unsupported operations when the user is logged in with an MSA account.

Graph-ASPNET-46-Snippets/Microsoft Graph ASPNET Snippets/App_Start/Startup.Auth.cs

@@ -8,9 +8,6 @@
 using Microsoft.Owin.Security;
 using Microsoft.Owin.Security.Cookies;
 using Microsoft.Owin.Security.OpenIdConnect;
-using Microsoft_Graph_ASPNET_Snippets.TokenStorage;
-using Microsoft_Graph_ASPNET_Snippets.Helpers;
-using System.Security.Claims;
 
 namespace Microsoft_Graph_ASPNET_Snippets.Controllers
 {
@@ -32,14 +29,9 @@ public void SignOut()
         {
             if (Request.IsAuthenticated)
             {
-                // Get the user's token cache and clear it.
-                string userObjectId = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value;
-
-                SessionTokenCache tokenCache = new SessionTokenCache(userObjectId, HttpContext);
                 HttpContext.GetOwinContext().Authentication.SignOut(OpenIdConnectAuthenticationDefaults.AuthenticationType, CookieAuthenticationDefaults.AuthenticationType);
             }
 
-
             // Send an OpenID Connect sign-out request. 
             HttpContext.GetOwinContext().Authentication.SignOut(
               CookieAuthenticationDefaults.AuthenticationType);

Graph-ASPNET-46-Snippets/Microsoft Graph ASPNET Snippets/Controllers/AccountController.cs

@@ -4,13 +4,11 @@
 */
 
 using System;
-using System.Collections.Generic;
 using System.Configuration;
 using System.Linq;
-using System.Security.Claims;
 using System.Threading.Tasks;
-using System.Web;
 using System.Web.Mvc;
+using Microsoft.Graph.Auth;
 using Microsoft.Identity.Client;
 using Microsoft_Graph_ASPNET_Snippets.TokenStorage;
 using Microsoft_Graph_ASPNET_Snippets.Utils;
@@ -27,29 +25,27 @@ public class AdminController : Controller
         // GET: Admin
         public async Task<ActionResult> Index()
         {
-            // try to get token silently
-            string signedInUserID = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value;
-            TokenCache theCache = new SessionTokenCache(signedInUserID, this.HttpContext).GetMsalCacheInstance();
-
-            ConfidentialClientApplication cca = new ConfidentialClientApplication(clientId, redirectUri,
-                new ClientCredential(appKey), theCache, null);
             string[] scopes = adminScopes.Split(new char[] { ' ' }, StringSplitOptions.RemoveEmptyEntries);
+            SessionTokenCacheProvider sessionTokenCacheProvider = new SessionTokenCacheProvider(this.HttpContext);
+            IConfidentialClientApplication cca = AuthorizationCodeProvider.CreateClientApplication(clientId, redirectUri, new ClientCredential(appKey), sessionTokenCacheProvider);
+
             try
             {
-                AuthenticationResult result = await cca.AcquireTokenSilentAsync(scopes, cca.Users.First());
+                AuthenticationResult result = await cca.AcquireTokenSilentAsync(scopes, (await cca.GetAccountsAsync()).FirstOrDefault());
             }
             catch (Exception)
             {
                 try
                 {// when failing, manufacture the URL and assign it
-                    string authReqUrl = await OAuth2RequestManager.GenerateAuthorizationRequestUrl(scopes, cca, this.HttpContext, Url);
+                    string authReqUrl = await OAuth2RequestManager.GenerateAuthorizationRequestUrl(scopes, cca as ConfidentialClientApplication, this.HttpContext, Url);
                     ViewBag.AuthorizationRequest = authReqUrl;
                 }
                 catch (Exception ee)
                 {
 
                 }
             }
+
             return View("Admin");
 
         }

Graph-ASPNET-46-Snippets/Microsoft Graph ASPNET Snippets/Controllers/AdminController.cs

@@ -4,21 +4,27 @@
 */
 
 using Microsoft.Graph;
+using Microsoft.Graph.Auth;
 using Microsoft_Graph_ASPNET_Snippets.Helpers;
 using Microsoft_Graph_ASPNET_Snippets.Models;
 using Resources;
-using System;
-using System.Collections.Generic;
 using System.Threading.Tasks;
+using System.Web;
 using System.Web.Mvc;
 
 namespace Microsoft_Graph_ASPNET_Snippets.Controllers
 {
     [Authorize]
     public class EventsController : Controller
     {
-        EventsService eventsService = new EventsService();
-
+        EventsService eventsService;
+        
+        public EventsController()
+        {
+            // Initialize the GraphServiceClient.
+            GraphServiceClient graphClient = SDKHelper.GetAuthenticatedClient();
+            eventsService = new EventsService(graphClient);
+        }
         public ActionResult Index()
         {
             return View("Events");
@@ -30,20 +36,17 @@ public async Task<ActionResult> GetMyEvents()
             ResultsViewModel results = new ResultsViewModel();
             try
             {
-
-                // Initialize the GraphServiceClient.
-                GraphServiceClient graphClient = SDKHelper.GetAuthenticatedClient();
-
                 // Get events.
-                results.Items = await eventsService.GetMyEvents(graphClient);
+                results.Items = await eventsService.GetMyEvents();
             }
             catch (ServiceException se)
             {
-                if (se.Error.Message == Resource.Error_AuthChallengeNeeded) return new EmptyResult();
-
-                // Personal accounts that aren't enabled for the Outlook REST API get a "MailboxNotEnabledForRESTAPI" or "MailboxNotSupportedForRESTAPI" error.
+                if ((se.InnerException as AuthenticationException)?.Error.Code == Resource.Error_AuthChallengeNeeded)
+                {
+                    HttpContext.Request.GetOwinContext().Authentication.Challenge();
+                    return new EmptyResult();
+                }
                 return RedirectToAction("Index", "Error", new { message = string.Format(Resource.Error_Message, Request.RawUrl, se.Error.Code, se.Error.Message) });
-
             }
             return View("Events", results);
         }
@@ -54,17 +57,16 @@ public async Task<ActionResult> GetMyCalendarView()
             ResultsViewModel results = new ResultsViewModel();
             try
             {
-                // Initialize the GraphServiceClient.
-                GraphServiceClient graphClient = SDKHelper.GetAuthenticatedClient();
-
                 // Get a calendar view.
-                results.Items = await eventsService.GetMyCalendarView(graphClient);
+                results.Items = await eventsService.GetMyCalendarView();
             }
             catch (ServiceException se)
             {
-                if (se.Error.Message == Resource.Error_AuthChallengeNeeded) return new EmptyResult();
-
-                // Personal accounts that aren't enabled for the Outlook REST API get a "MailboxNotEnabledForRESTAPI" or "MailboxNotSupportedForRESTAPI" error.
+                if ((se.InnerException as AuthenticationException)?.Error.Code == Resource.Error_AuthChallengeNeeded)
+                {
+                    HttpContext.Request.GetOwinContext().Authentication.Challenge();
+                    return new EmptyResult();
+                }
                 return RedirectToAction("Index", "Error", new { message = string.Format(Resource.Error_Message, Request.RawUrl, se.Error.Code, se.Error.Message) });
             }
             return View("Events", results);
@@ -77,18 +79,16 @@ public async Task<ActionResult> CreateEvent()
             ResultsViewModel results = new ResultsViewModel();    
             try
             {
-
-                // Initialize the GraphServiceClient.
-                GraphServiceClient graphClient = SDKHelper.GetAuthenticatedClient();
-
                 // Create the event.
-                results.Items = await eventsService.CreateEvent(graphClient);
+                results.Items = await eventsService.CreateEvent();
             }
             catch (ServiceException se)
             {
-                if (se.Error.Message == Resource.Error_AuthChallengeNeeded) return new EmptyResult();
-
-                // Personal accounts that aren't enabled for the Outlook REST API get a "MailboxNotEnabledForRESTAPI" or "MailboxNotSupportedForRESTAPI" error.
+                if ((se.InnerException as AuthenticationException)?.Error.Code == Resource.Error_AuthChallengeNeeded)
+                {
+                    HttpContext.Request.GetOwinContext().Authentication.Challenge();
+                    return new EmptyResult();
+                }
                 return RedirectToAction("Index", "Error", new { message = string.Format(Resource.Error_Message, Request.RawUrl, se.Error.Code, se.Error.Message) });
             }
             return View("Events", results);
@@ -100,18 +100,16 @@ public async Task<ActionResult> GetEvent(string id)
             ResultsViewModel results = new ResultsViewModel();
             try
             {
-
-                // Initialize the GraphServiceClient.
-                GraphServiceClient graphClient = SDKHelper.GetAuthenticatedClient();
-
                 // Get the event.
-                results.Items = await eventsService.GetEvent(graphClient, id);
+                results.Items = await eventsService.GetEvent(id);
             }
             catch (ServiceException se)
             {
-                if (se.Error.Message == Resource.Error_AuthChallengeNeeded) return new EmptyResult();
-
-                // Personal accounts that aren't enabled for the Outlook REST API get a "MailboxNotEnabledForRESTAPI" or "MailboxNotSupportedForRESTAPI" error.
+                if ((se.InnerException as AuthenticationException)?.Error.Code == Resource.Error_AuthChallengeNeeded)
+                {
+                    HttpContext.Request.GetOwinContext().Authentication.Challenge();
+                    return new EmptyResult();
+                }
                 return RedirectToAction("Index", "Error", new { message = string.Format(Resource.Error_Message, Request.RawUrl, se.Error.Code, se.Error.Message) });
             }
             return View("Events", results);
@@ -124,18 +122,16 @@ public async Task<ActionResult> UpdateEvent(string id, string name)
             ResultsViewModel results = new ResultsViewModel();
             try
             {
-
-                // Initialize the GraphServiceClient.
-                GraphServiceClient graphClient = SDKHelper.GetAuthenticatedClient();
-
                 // Update the event.
-                results.Items = await eventsService.UpdateEvent(graphClient, id, name);
+                results.Items = await eventsService.UpdateEvent(id, name);
             }
             catch (ServiceException se)
             {
-                if (se.Error.Message == Resource.Error_AuthChallengeNeeded) return new EmptyResult();
-
-                // Personal accounts that aren't enabled for the Outlook REST API get a "MailboxNotEnabledForRESTAPI" or "MailboxNotSupportedForRESTAPI" error.
+                if ((se.InnerException as AuthenticationException)?.Error.Code == Resource.Error_AuthChallengeNeeded)
+                {
+                    HttpContext.Request.GetOwinContext().Authentication.Challenge();
+                    return new EmptyResult();
+                }
                 return RedirectToAction("Index", "Error", new { message = string.Format(Resource.Error_Message, Request.RawUrl, se.Error.Code, se.Error.Message) });
             }
             return View("Events", results);
@@ -147,18 +143,16 @@ public async Task<ActionResult> DeleteEvent(string id)
             ResultsViewModel results = new ResultsViewModel(false);
             try
             {
-
-                // Initialize the GraphServiceClient.
-                GraphServiceClient graphClient = SDKHelper.GetAuthenticatedClient();
-
                 // Delete the event.
-                results.Items = await eventsService.DeleteEvent(graphClient, id);
+                results.Items = await eventsService.DeleteEvent(id);
             }
             catch (ServiceException se)
             {
-                if (se.Error.Message == Resource.Error_AuthChallengeNeeded) return new EmptyResult();
-
-                // Personal accounts that aren't enabled for the Outlook REST API get a "MailboxNotEnabledForRESTAPI" or "MailboxNotSupportedForRESTAPI" error.
+                if ((se.InnerException as AuthenticationException)?.Error.Code == Resource.Error_AuthChallengeNeeded)
+                {
+                    HttpContext.Request.GetOwinContext().Authentication.Challenge();
+                    return new EmptyResult();
+                }
                 return RedirectToAction("Index", "Error", new { message = string.Format(Resource.Error_Message, Request.RawUrl, se.Error.Code, se.Error.Message) });
             }
             return View("Events", results);
@@ -172,17 +166,16 @@ public async Task<ActionResult> AcceptMeetingRequest(string id)
             ResultsViewModel results = new ResultsViewModel(false);
             try
             {
-                // Initialize the GraphServiceClient.
-                GraphServiceClient graphClient = SDKHelper.GetAuthenticatedClient();
-
                 // Accept the meeting.
-                results.Items = await eventsService.AcceptMeetingRequest(graphClient, id);
+                results.Items = await eventsService.AcceptMeetingRequest(id);
             }
             catch (ServiceException se)
             {
-                if (se.Error.Message == Resource.Error_AuthChallengeNeeded) return new EmptyResult();
-
-                // Personal accounts that aren't enabled for the Outlook REST API get a "MailboxNotEnabledForRESTAPI" or "MailboxNotSupportedForRESTAPI" error.
+                if ((se.InnerException as AuthenticationException)?.Error.Code == Resource.Error_AuthChallengeNeeded)
+                {
+                    HttpContext.Request.GetOwinContext().Authentication.Challenge();
+                    return new EmptyResult();
+                }
                 return RedirectToAction("Index", "Error", new { message = string.Format(Resource.Error_Message, Request.RawUrl, se.Error.Code, se.Error.Message) });
             }
             return View("Events", results);