fix for 1738 #1743
Merged
fix for 1738 #1743
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
bgavrilMS
approved these changes
Jun 1, 2022
bgavrilMS
reviewed
Jun 1, 2022
| @@ -852,11 +852,25 @@ private IConfidentialClientApplication BuildConfidentialClientApplication(Merged | |||
| if (builder != null) | |||
| { | |||
| builder.WithSendX5C(mergedOptions.SendX5C); | |||
|
|
|||
| ClaimsPrincipal? user = GetUserFromHttpContext(); | |||
There was a problem hiding this comment.
I was thinking that IdWeb should use validatedToken's TID claim, as that is guaranteed to be there in web api scenario. Is there a ClaimsPrincipal available in web api? Where does ASP.NET Core get that from - I was under the impression that in Web API scenario there is no Id Token.
There was a problem hiding this comment.
That is what is happening. The ClaimsPrincipal contains the result of the validated token.
There was a problem hiding this comment.
We have tests for GetTenantId(), for example: GetTenantId_WithTidOrTenantIdClaims_ReturnsTenantId
Testing the entire flow will be a bit more challenging and I would need a multi-tenant web API.
bgavrilMS
reviewed
Jun 1, 2022
jennyf19
added a commit
that referenced
this pull request
Jun 8, 2022
* update xml (#1719) * update lab cert thumbprint (#1718) * changelog 1.24.1 (#1720) * Create TokenAcquisitionAppTokenCredential.cs (#1722) Extends Azure ADK support to include requesting tokens as the app. This is a copy of TokenAcquisitionTokenCredential.cs with changes to class name and changes to use _tokenAcquisition.GetAuthenticationResultForAppAsync() instead of GetAuthenticationResultForUserAsync(). * fix build, add using (#1729) * fix build, add using * add header in test * Adding support for .net 6 simplified templates apps (#1736) * Jennyf/scopes roles (#1742) * initial commit for app permissions * add test coverage * remove IEnumerable and use string[] * PR comments * IJwtBearerMiddlewareDiagnostics from singleton to transient (#1741) * fix tests after merge from fork (#1744) * fix for 1738 (#1743) * changelog for 1.25 (#1747) * update testing files to 1.25 (#1748) * update to wilson 6.19 (#1749) * fix: include StatusCode in HttpRequestException for .NET 5 (#1750) * update XML (#1751) * try 5.0.0 for config.binder in OWIN to resolve issue * don't build owin sample * add condition * remove release mode Co-authored-by: Chris Brooks <cbrooks@microsoft.com> Co-authored-by: Jean-Marc Prieur <jmprieur@microsoft.com> Co-authored-by: sciocoder <sciocoder@hotmail.it> Co-authored-by: Herman Jensen <hjanimations@hotmail.com>
jennyf19
added a commit
that referenced
this pull request
Jul 24, 2022
* Initial version. Needs a few updates to unit tests * Updating the tests. * - Adding a plain dotnet token acquisition host. - AddTokenAcquisition now callable from net462 - AddGraph calllable from net462 - Adding a daemon sample using Id.Web. * - Adding a plain dotnet token acquisition host. - AddTokenAcquisition now callable from net462 - AddGraph calllable from net462 - Adding a daemon sample using Id.Web. * Add a daemon-net6 sample / test * Moving ITokenAcquirer and TokenAcquisitionOptions to Microsoft.Identity.Web.TokenAcquisition.Abstractions * Update * Update * - Simplifying the experience for the .NET 46x case (remove the need for specifying "OpendIdConnect" as an auth scheme, which didn't make sense. - Fixing MergeOptions.Instance (was not set) - Addressing PR feedback - Adding missing XML comments - Updaring tests now that there is a new interface (ITokenAcquirer) * Updarting the OWIN sample * Merging the OWIN implementation (only for web APIs for the moment) * Solving build issues * Supporting several authentication schemes in the same controller action / request #1560 * Supporting several authentication schemes in the same controller action / request #1560 * Adding a new assembly Microsoft.Identity.Web.TokenAcquisition Moving types from Id.Web to the new assembly CONS: - a lot of friend relationships. - some constants should be split between id.web.tokenacquisition and Id.Web * Fixing warnings * Update dotnetcore.yml * Update dotnetcore.yml * Update dotnetcore.yml * Update Microsoft.Identity.Web.sln * Avoid building the OWIN web API in any CPU config * Adding a TokenAcquirerFactory and a specialization for OWIN. * Adding a factory from the configuration and services * Updating the interfaces based on the discussions * Adding the IDowstreamRestApi * Update POC with master (#1752) * update xml (#1719) * update lab cert thumbprint (#1718) * changelog 1.24.1 (#1720) * Create TokenAcquisitionAppTokenCredential.cs (#1722) Extends Azure ADK support to include requesting tokens as the app. This is a copy of TokenAcquisitionTokenCredential.cs with changes to class name and changes to use _tokenAcquisition.GetAuthenticationResultForAppAsync() instead of GetAuthenticationResultForUserAsync(). * fix build, add using (#1729) * fix build, add using * add header in test * Adding support for .net 6 simplified templates apps (#1736) * Jennyf/scopes roles (#1742) * initial commit for app permissions * add test coverage * remove IEnumerable and use string[] * PR comments * IJwtBearerMiddlewareDiagnostics from singleton to transient (#1741) * fix tests after merge from fork (#1744) * fix for 1738 (#1743) * changelog for 1.25 (#1747) * update testing files to 1.25 (#1748) * update to wilson 6.19 (#1749) * fix: include StatusCode in HttpRequestException for .NET 5 (#1750) * update XML (#1751) * try 5.0.0 for config.binder in OWIN to resolve issue * don't build owin sample * add condition * remove release mode Co-authored-by: Chris Brooks <cbrooks@microsoft.com> Co-authored-by: Jean-Marc Prieur <jmprieur@microsoft.com> Co-authored-by: sciocoder <sciocoder@hotmail.it> Co-authored-by: Herman Jensen <hjanimations@hotmail.com> * Update names and provide a class diagram * Addressing Brent's feedback * Taking into account the discussions Brent/Jm from 6/13 * Attempt to reconcile ClaimsPrincipal and S2SAuthenticationTicket * Improving the CredentialDescription. Splitting ApplicationIdentityOptions and AadIdentityOptions * Renaming TokenAcquirerOptions to AcquireTokenOptions * Renaming agreed with Brent * Adressing more feedback * Update based on decisions made with Brent 6/17 * Fixing XML comments and adding folders in TokenAcquisition.Abstractions * Renamings + clean-up abstractions * Moving the MicrosotAuthenticationTicket and MicrosoftClaimsIdentity classes to Ms.Id.Web.TokenAcquisition (out of the abstraction) and enabling the real SecurityToken type * Adding Graph extensibility * Update Microsoft.Identity.Web.Certificate to be backwards compatible in 2.0 with 1.x * add Owin web app (#1753) * add Owin web app * fix build error due to package ref * update package reference * update web.Config * fix pckg ref * update web.config * remove from release * update new dlls with directory.build.props (#1807) * update new dlls with directory.build.props * Updating the Web.Config assembly bindings in the ASP.NET OWIN Web app * Updating the folder name for the daemon app * PR feedback Co-authored-by: Jean-Marc Prieur <jmprieur@microsoft.com> * ID.Web.MicrosoftGraph now eferences Id.Web.TokenAcqusition (and not Id.Web) (#1810) * - In AuthenticationOptions and MicrosoftAuthenticationOptions, move properties were they should have been in the first place (when AAD specific) - Move LoggingOptions to Ms.Id.Web.TokenAcquisition - MicrosoftIdentityBaseAuthenticationBuilder and MicrosoftIdentityAppCallingWebApiAuthenticationBuilder move to Ms.Id.Web.TokenAcquisition - Session methods of MicrosoftIdentityAppCallingWebApiAuthenticationBuilder move to an extension method - TokenAcquisitionAspNetCore inherits from TokenAcquisition instead of being a partial class implementation (Could move to another assembly if we choose to) - AddTokenAcquisition now register ITokenAcquirer (And only this one in the case of framework others than .NET Core) * - OwinWebApi now is 472 - OwinWebApp updates to Web.Config and project - Ms.Id.Web.MicrosoftGraph now references Ms.Id.Web.TokenAcquisition (no longer Ms.Id.Web) * PR review * Adressing PR comment * address PR comments * small edits * PR feedback and renaming * fix build issues * address governance issues GHSA-5crp-9r3c-p9vr Co-authored-by: jennyf19 <jeferrie@microsoft.com> Co-authored-by: Chris Brooks <cbrooks@microsoft.com> Co-authored-by: sciocoder <sciocoder@hotmail.it> Co-authored-by: Herman Jensen <hjanimations@hotmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
#1738