Created
May 26, 2020 19:48
-
-
Save manoj-choudhari-git/251c7c4123f549e2814c9c8e6b33a1c0 to your computer and use it in GitHub Desktop.
Bootstrapper for Daemon App
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
public static class DaemonAppBootstrapper | |
{ | |
public static async Task<AuthenticationResult> BootstrapAsync(string[] scopes) | |
{ | |
if (scopes == null || scopes.Length == 0) | |
{ | |
throw new InvalidOperationException("scopes cannot be empty"); | |
} | |
var app = CreateConfidentialClientApplication(); | |
return await Authenticate(app, scopes); | |
} | |
private static async Task<AuthenticationResult> Authenticate(IConfidentialClientApplication app, string[] scopes) | |
{ | |
AuthenticationResult result = null; | |
try | |
{ | |
result = await app.AcquireTokenForClient(scopes).ExecuteAsync(); | |
Console.WriteLine("Token acquired successfully"); | |
} | |
catch (MsalServiceException ex) when (ex.Message.Contains("AADSTS70011")) | |
{ | |
Console.ForegroundColor = ConsoleColor.Red; | |
Console.WriteLine("Scope provided is not supported"); | |
Console.ResetColor(); | |
} | |
return result; | |
} | |
private static IConfidentialClientApplication CreateConfidentialClientApplication() | |
{ | |
var config = ConfigurationManager.Current.AzureAd; | |
bool isClientSecretUsed = ValidateConfigurations(); | |
if (!isClientSecretUsed) | |
{ | |
var configuredCertificate = ReadCertificate(config.CertificateName); | |
} | |
IConfidentialClientApplication app; | |
if (isClientSecretUsed) | |
{ | |
app = ConfidentialClientApplicationBuilder.Create(config.ClientId) | |
.WithClientSecret(config.ClientSecret) | |
.WithAuthority(new Uri(config.Authority)) | |
.Build(); | |
} | |
else | |
{ | |
X509Certificate2 certificate = ReadCertificate(config.CertificateName); | |
app = ConfidentialClientApplicationBuilder.Create(config.ClientId) | |
.WithCertificate(certificate) | |
.WithAuthority(new Uri(config.Authority)) | |
.Build(); | |
} | |
return app; | |
} | |
private static bool ValidateConfigurations() | |
{ | |
var azureAd = ConfigurationManager.Current.AzureAd; | |
if (azureAd == null) | |
{ | |
throw new InvalidOperationException("Configuration section not added"); | |
} | |
if (string.IsNullOrEmpty(azureAd.CertificateName?.Trim()) && string.IsNullOrEmpty(azureAd.ClientSecret?.Trim())) | |
{ | |
throw new InvalidOperationException("Either certificate or client secret should be specified."); | |
} | |
return !string.IsNullOrEmpty(azureAd.ClientSecret?.Trim()); | |
} | |
private static X509Certificate2 ReadCertificate(string certificateName) | |
{ | |
if (string.IsNullOrWhiteSpace(certificateName)) | |
{ | |
throw new ArgumentException("Set the CertificateName setting in the appsettings.json", "certificateName"); | |
} | |
X509Certificate2 cert = null; | |
using (X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser)) | |
{ | |
store.Open(OpenFlags.ReadOnly); | |
X509Certificate2Collection certCollection = store.Certificates; | |
// Find unexpired certificates. | |
X509Certificate2Collection currentCerts = certCollection.Find(X509FindType.FindByTimeValid, DateTime.Now, false); | |
// From the collection of unexpired certificates, find the ones with the correct name. | |
X509Certificate2Collection signingCert = | |
currentCerts.Find(X509FindType.FindBySubjectDistinguishedName, certificateName, false); | |
// Return the first certificate in the collection, has the right name and is current. | |
cert = signingCert.OfType<X509Certificate2>().OrderByDescending(c => c.NotBefore).FirstOrDefault(); | |
} | |
return cert; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment