C# Class SampleWebApp.TokenHelper

Datei anzeigen Open project: upeo/inbloom-dotnet

Public Properties

Property Type Description
HighTrustAccessTokenLifetime System.TimeSpan

Public Methods

Method Description
CreateAppEventClientContext ( SPRemoteEventProperties properties, bool useAppWeb ) : ClientContext

Creates a client context based on the properties of an app event

CreateRemoteEventReceiverClientContext ( SPRemoteEventProperties properties ) : ClientContext

Creates a client context based on the properties of a remote event receiver

EnsureTrailingSlash ( string url ) : string

Ensures that the specified URL ends with '/' if it is not null or empty.

GetAccessToken ( SharePointContextToken contextToken, string targetHost ) : OAuth2AccessTokenResponse

Retrieves an access token from ACS to call the source of the specified context token at the specified targetHost. The targetHost must be registered for the principal that sent the context token.

GetAccessToken ( string refreshToken, string targetPrincipalName, string targetHost, string targetRealm ) : OAuth2AccessTokenResponse

Uses the specified refresh token to retrieve an access token from ACS to call the specified principal at the specified targetHost. The targetHost must be registered for target principal. If specified realm is null, the "Realm" setting in web.config will be used instead.

GetAccessToken ( string authorizationCode, string targetPrincipalName, string targetHost, string targetRealm, Uri redirectUri ) : OAuth2AccessTokenResponse

Uses the specified authorization code to retrieve an access token from ACS to call the specified principal at the specified targetHost. The targetHost must be registered for target principal. If specified realm is null, the "Realm" setting in web.config will be used instead.

GetAppContextTokenRequestUrl ( string contextUrl, string redirectUri ) : string

Returns the SharePoint url to which the app should redirect the browser to request a new context token.

GetAppOnlyAccessToken ( string targetPrincipalName, string targetHost, string targetRealm ) : OAuth2AccessTokenResponse

Retrieves an app-only access token from ACS to call the specified principal at the specified targetHost. The targetHost must be registered for target principal. If specified realm is null, the "Realm" setting in web.config will be used instead.

GetAuthorizationUrl ( string contextUrl, string scope ) : string

Returns the SharePoint url to which the app should redirect the browser to request consent and get back an authorization code.

GetAuthorizationUrl ( string contextUrl, string scope, string redirectUri ) : string

Returns the SharePoint url to which the app should redirect the browser to request consent and get back an authorization code.

GetClientContextWithAccessToken ( string targetUrl, string accessToken ) : ClientContext

Uses the specified access token to create a client context

GetClientContextWithAuthorizationCode ( string targetUrl, string authorizationCode, Uri redirectUri ) : ClientContext

Retrieves an access token from ACS using the specified authorization code, and uses that access token to create a client context

GetClientContextWithAuthorizationCode ( string targetUrl, string targetPrincipalName, string authorizationCode, string targetRealm, Uri redirectUri ) : ClientContext

Retrieves an access token from ACS using the specified authorization code, and uses that access token to create a client context

GetClientContextWithContextToken ( string targetUrl, string contextTokenString, string appHostUrl ) : ClientContext

Retrieves an access token from ACS using the specified context token, and uses that access token to create a client context

GetContextTokenFromRequest ( HttpRequest request ) : string

Retrieves the context token string from the specified request by looking for well-known parameter names in the POSTed form parameters and the querystring. Returns null if no context token is found.

GetContextTokenFromRequest ( System.Web.HttpRequestBase request ) : string

Retrieves the context token string from the specified request by looking for well-known parameter names in the POSTed form parameters and the querystring. Returns null if no context token is found.

GetRealmFromTargetUrl ( Uri targetApplicationUri ) : string

Get authentication realm from SharePoint

GetS2SAccessTokenWithWindowsIdentity ( Uri targetApplicationUri, System.Security.Principal.WindowsIdentity identity ) : string

Retrieves an S2S access token signed by the application's private certificate on behalf of the specified WindowsIdentity and intended for the SharePoint at the targetApplicationUri. If no Realm is specified in web.config, an auth challenge will be issued to the targetApplicationUri to discover it.

GetS2SClientContextWithWindowsIdentity ( Uri targetApplicationUri, System.Security.Principal.WindowsIdentity identity ) : ClientContext

Retrieves an S2S client context with an access token signed by the application's private certificate on behalf of the specified WindowsIdentity and intended for application at the targetApplicationUri using the targetRealm. If no Realm is specified in web.config, an auth challenge will be issued to the targetApplicationUri to discover it.

IsHighTrustApp ( ) : bool

Determines if this is a high trust app.

ReadAndValidateContextToken ( string contextTokenString, string appHostName = null ) : SharePointContextToken

Validate that a specified context token string is intended for this application based on the parameters specified in web.config. Parameters used from web.config used for validation include ClientId, HostedAppHostNameOverride, HostedAppHostName, ClientSecret, and Realm (if it is specified). If HostedAppHostNameOverride is present, it will be used for validation. Otherwise, if the appHostName is not null, it is used for validation instead of the web.config's HostedAppHostName. If the token is invalid, an exception is thrown. If the token is valid, TokenHelper's static STS metadata url is updated based on the token contents and a JsonWebSecurityToken based on the context token is returned.

Private Methods

Method Description
CreateAcsClientContextForUrl ( SPRemoteEventProperties properties, Uri sharepointUrl ) : ClientContext
CreateJsonWebSecurityTokenHandler ( ) : JsonWebSecurityTokenHandler
GetAcsGlobalEndpointUrl ( ) : string
GetAcsMetadataEndpointUrl ( ) : string
GetAcsPrincipalName ( string realm ) : string
GetClaimsWithWindowsIdentity ( System.Security.Principal.WindowsIdentity identity ) : JsonWebTokenClaim[]
GetFormattedPrincipal ( string principalName, string hostName, string realm ) : string
GetS2SAccessTokenWithClaims ( string targetApplicationHostName, string targetRealm, IEnumerable claims ) : string
IssueToken ( string sourceApplication, string issuerApplication, string sourceRealm, string targetApplication, string targetRealm, string targetApplicationHostName, bool trustedForDelegation, IEnumerable claims, bool appOnly = false ) : string

Method Details

CreateAppEventClientContext() public static method

Creates a client context based on the properties of an app event
public static CreateAppEventClientContext ( SPRemoteEventProperties properties, bool useAppWeb ) : ClientContext
properties SPRemoteEventProperties Properties of an app event
useAppWeb bool True to target the app web, false to target the host web
return ClientContext

CreateRemoteEventReceiverClientContext() public static method

Creates a client context based on the properties of a remote event receiver
public static CreateRemoteEventReceiverClientContext ( SPRemoteEventProperties properties ) : ClientContext
properties SPRemoteEventProperties Properties of a remote event receiver
return ClientContext

EnsureTrailingSlash() public static method

Ensures that the specified URL ends with '/' if it is not null or empty.
public static EnsureTrailingSlash ( string url ) : string
url string The url.
return string

GetAccessToken() public static method

Retrieves an access token from ACS to call the source of the specified context token at the specified targetHost. The targetHost must be registered for the principal that sent the context token.
public static GetAccessToken ( SharePointContextToken contextToken, string targetHost ) : OAuth2AccessTokenResponse
contextToken SharePointContextToken Context token issued by the intended access token audience
targetHost string Url authority of the target principal
return OAuth2AccessTokenResponse

GetAccessToken() public static method

Uses the specified refresh token to retrieve an access token from ACS to call the specified principal at the specified targetHost. The targetHost must be registered for target principal. If specified realm is null, the "Realm" setting in web.config will be used instead.
public static GetAccessToken ( string refreshToken, string targetPrincipalName, string targetHost, string targetRealm ) : OAuth2AccessTokenResponse
refreshToken string Refresh token to exchange for access token
targetPrincipalName string Name of the target principal to retrieve an access token for
targetHost string Url authority of the target principal
targetRealm string Realm to use for the access token's nameid and audience
return OAuth2AccessTokenResponse

GetAccessToken() public static method

Uses the specified authorization code to retrieve an access token from ACS to call the specified principal at the specified targetHost. The targetHost must be registered for target principal. If specified realm is null, the "Realm" setting in web.config will be used instead.
public static GetAccessToken ( string authorizationCode, string targetPrincipalName, string targetHost, string targetRealm, Uri redirectUri ) : OAuth2AccessTokenResponse
authorizationCode string Authorization code to exchange for access token
targetPrincipalName string Name of the target principal to retrieve an access token for
targetHost string Url authority of the target principal
targetRealm string Realm to use for the access token's nameid and audience
redirectUri System.Uri Redirect URI registerd for this app
return OAuth2AccessTokenResponse

GetAppContextTokenRequestUrl() public static method

Returns the SharePoint url to which the app should redirect the browser to request a new context token.
public static GetAppContextTokenRequestUrl ( string contextUrl, string redirectUri ) : string
contextUrl string Absolute Url of the SharePoint site
redirectUri string Uri to which SharePoint should redirect the browser to with a context token
return string

GetAppOnlyAccessToken() public static method

Retrieves an app-only access token from ACS to call the specified principal at the specified targetHost. The targetHost must be registered for target principal. If specified realm is null, the "Realm" setting in web.config will be used instead.
public static GetAppOnlyAccessToken ( string targetPrincipalName, string targetHost, string targetRealm ) : OAuth2AccessTokenResponse
targetPrincipalName string Name of the target principal to retrieve an access token for
targetHost string Url authority of the target principal
targetRealm string Realm to use for the access token's nameid and audience
return OAuth2AccessTokenResponse

GetAuthorizationUrl() public static method

Returns the SharePoint url to which the app should redirect the browser to request consent and get back an authorization code.
public static GetAuthorizationUrl ( string contextUrl, string scope ) : string
contextUrl string Absolute Url of the SharePoint site
scope string Space-delimited permissions to request from the SharePoint site in "shorthand" format /// (e.g. "Web.Read Site.Write")
return string

GetAuthorizationUrl() public static method

Returns the SharePoint url to which the app should redirect the browser to request consent and get back an authorization code.
public static GetAuthorizationUrl ( string contextUrl, string scope, string redirectUri ) : string
contextUrl string Absolute Url of the SharePoint site
scope string Space-delimited permissions to request from the SharePoint site in "shorthand" format /// (e.g. "Web.Read Site.Write")
redirectUri string Uri to which SharePoint should redirect the browser to after consent is /// granted
return string

GetClientContextWithAccessToken() public static method

Uses the specified access token to create a client context
public static GetClientContextWithAccessToken ( string targetUrl, string accessToken ) : ClientContext
targetUrl string Url of the target SharePoint site
accessToken string Access token to be used when calling the specified targetUrl
return ClientContext

GetClientContextWithAuthorizationCode() public static method

Retrieves an access token from ACS using the specified authorization code, and uses that access token to create a client context
public static GetClientContextWithAuthorizationCode ( string targetUrl, string authorizationCode, Uri redirectUri ) : ClientContext
targetUrl string Url of the target SharePoint site
authorizationCode string Authorization code to use when retrieving the access token from ACS
redirectUri System.Uri Redirect URI registerd for this app
return ClientContext

GetClientContextWithAuthorizationCode() public static method

Retrieves an access token from ACS using the specified authorization code, and uses that access token to create a client context
public static GetClientContextWithAuthorizationCode ( string targetUrl, string targetPrincipalName, string authorizationCode, string targetRealm, Uri redirectUri ) : ClientContext
targetUrl string Url of the target SharePoint site
targetPrincipalName string Name of the target SharePoint principal
authorizationCode string Authorization code to use when retrieving the access token from ACS
targetRealm string Realm to use for the access token's nameid and audience
redirectUri System.Uri Redirect URI registerd for this app
return ClientContext

GetClientContextWithContextToken() public static method

Retrieves an access token from ACS using the specified context token, and uses that access token to create a client context
public static GetClientContextWithContextToken ( string targetUrl, string contextTokenString, string appHostUrl ) : ClientContext
targetUrl string Url of the target SharePoint site
contextTokenString string Context token received from the target SharePoint site
appHostUrl string Url authority of the hosted app. If this is null, the value in the HostedAppHostName /// of web.config will be used instead
return ClientContext

GetContextTokenFromRequest() public static method

Retrieves the context token string from the specified request by looking for well-known parameter names in the POSTed form parameters and the querystring. Returns null if no context token is found.
public static GetContextTokenFromRequest ( HttpRequest request ) : string
request HttpRequest HttpRequest in which to look for a context token
return string

GetContextTokenFromRequest() public static method

Retrieves the context token string from the specified request by looking for well-known parameter names in the POSTed form parameters and the querystring. Returns null if no context token is found.
public static GetContextTokenFromRequest ( System.Web.HttpRequestBase request ) : string
request System.Web.HttpRequestBase HttpRequest in which to look for a context token
return string

GetRealmFromTargetUrl() public static method

Get authentication realm from SharePoint
public static GetRealmFromTargetUrl ( Uri targetApplicationUri ) : string
targetApplicationUri System.Uri Url of the target SharePoint site
return string

GetS2SAccessTokenWithWindowsIdentity() public static method

Retrieves an S2S access token signed by the application's private certificate on behalf of the specified WindowsIdentity and intended for the SharePoint at the targetApplicationUri. If no Realm is specified in web.config, an auth challenge will be issued to the targetApplicationUri to discover it.
public static GetS2SAccessTokenWithWindowsIdentity ( Uri targetApplicationUri, System.Security.Principal.WindowsIdentity identity ) : string
targetApplicationUri System.Uri Url of the target SharePoint site
identity System.Security.Principal.WindowsIdentity Windows identity of the user on whose behalf to create the access token
return string

GetS2SClientContextWithWindowsIdentity() public static method

Retrieves an S2S client context with an access token signed by the application's private certificate on behalf of the specified WindowsIdentity and intended for application at the targetApplicationUri using the targetRealm. If no Realm is specified in web.config, an auth challenge will be issued to the targetApplicationUri to discover it.
public static GetS2SClientContextWithWindowsIdentity ( Uri targetApplicationUri, System.Security.Principal.WindowsIdentity identity ) : ClientContext
targetApplicationUri System.Uri Url of the target SharePoint site
identity System.Security.Principal.WindowsIdentity Windows identity of the user on whose behalf to create the access token
return ClientContext

IsHighTrustApp() public static method

Determines if this is a high trust app.
public static IsHighTrustApp ( ) : bool
return bool

ReadAndValidateContextToken() public static method

Validate that a specified context token string is intended for this application based on the parameters specified in web.config. Parameters used from web.config used for validation include ClientId, HostedAppHostNameOverride, HostedAppHostName, ClientSecret, and Realm (if it is specified). If HostedAppHostNameOverride is present, it will be used for validation. Otherwise, if the appHostName is not null, it is used for validation instead of the web.config's HostedAppHostName. If the token is invalid, an exception is thrown. If the token is valid, TokenHelper's static STS metadata url is updated based on the token contents and a JsonWebSecurityToken based on the context token is returned.
public static ReadAndValidateContextToken ( string contextTokenString, string appHostName = null ) : SharePointContextToken
contextTokenString string The context token to validate
appHostName string The URL authority, consisting of Domain Name System (DNS) host name or IP address and the port number, to use for token audience validation. /// If null, HostedAppHostName web.config setting is used instead. HostedAppHostNameOverride web.config setting, if present, will be used /// for validation instead of .
return SharePointContextToken

Property Details

HighTrustAccessTokenLifetime public_oe static_oe property

Lifetime of HighTrust access token, 12 hours.
public static TimeSpan,System HighTrustAccessTokenLifetime
return System.TimeSpan