Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Bootstrapper for Daemon App
public static class DaemonAppBootstrapper
{
public static async Task<AuthenticationResult> BootstrapAsync(string[] scopes)
{
if (scopes == null || scopes.Length == 0)
{
throw new InvalidOperationException("scopes cannot be empty");
}
var app = CreateConfidentialClientApplication();
return await Authenticate(app, scopes);
}
private static async Task<AuthenticationResult> Authenticate(IConfidentialClientApplication app, string[] scopes)
{
AuthenticationResult result = null;
try
{
result = await app.AcquireTokenForClient(scopes).ExecuteAsync();
Console.WriteLine("Token acquired successfully");
}
catch (MsalServiceException ex) when (ex.Message.Contains("AADSTS70011"))
{
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine("Scope provided is not supported");
Console.ResetColor();
}
return result;
}
private static IConfidentialClientApplication CreateConfidentialClientApplication()
{
var config = ConfigurationManager.Current.AzureAd;
bool isClientSecretUsed = ValidateConfigurations();
if (!isClientSecretUsed)
{
var configuredCertificate = ReadCertificate(config.CertificateName);
}
IConfidentialClientApplication app;
if (isClientSecretUsed)
{
app = ConfidentialClientApplicationBuilder.Create(config.ClientId)
.WithClientSecret(config.ClientSecret)
.WithAuthority(new Uri(config.Authority))
.Build();
}
else
{
X509Certificate2 certificate = ReadCertificate(config.CertificateName);
app = ConfidentialClientApplicationBuilder.Create(config.ClientId)
.WithCertificate(certificate)
.WithAuthority(new Uri(config.Authority))
.Build();
}
return app;
}
private static bool ValidateConfigurations()
{
var azureAd = ConfigurationManager.Current.AzureAd;
if (azureAd == null)
{
throw new InvalidOperationException("Configuration section not added");
}
if (string.IsNullOrEmpty(azureAd.CertificateName?.Trim()) && string.IsNullOrEmpty(azureAd.ClientSecret?.Trim()))
{
throw new InvalidOperationException("Either certificate or client secret should be specified.");
}
return !string.IsNullOrEmpty(azureAd.ClientSecret?.Trim());
}
private static X509Certificate2 ReadCertificate(string certificateName)
{
if (string.IsNullOrWhiteSpace(certificateName))
{
throw new ArgumentException("Set the CertificateName setting in the appsettings.json", "certificateName");
}
X509Certificate2 cert = null;
using (X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser))
{
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certCollection = store.Certificates;
// Find unexpired certificates.
X509Certificate2Collection currentCerts = certCollection.Find(X509FindType.FindByTimeValid, DateTime.Now, false);
// From the collection of unexpired certificates, find the ones with the correct name.
X509Certificate2Collection signingCert =
currentCerts.Find(X509FindType.FindBySubjectDistinguishedName, certificateName, false);
// Return the first certificate in the collection, has the right name and is current.
cert = signingCert.OfType<X509Certificate2>().OrderByDescending(c => c.NotBefore).FirstOrDefault();
}
return cert;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment