Open JakubHromada opened 9 months ago
using Microsoft.Graph.Models.ODataErrors;
To solve the issue, you can update the Profile() function in HomeController.cs to:
public async Task
try
{
currentUser = await _graphServiceClient.Me.GetAsync();
}
// Catch CAE exception from Graph SDK
catch (ODataError svcex) when (svcex.Message.Contains("Continuous access evaluation resulted in challenge"))
//catch (ServiceException svcex) when (svcex.Message.Contains("Continuous access evaluation resulted in challenge"))
{
try
{
// Assuming svcex.ResponseHeaders is of type IDictionary<string, IEnumerable<string>>
HttpResponseHeaders httpResponseHeaders = new HttpResponseMessage().Headers;
foreach (var header in svcex.ResponseHeaders)
{
string headerName = header.Key;
foreach (var headerValue in header.Value)
{
httpResponseHeaders.TryAddWithoutValidation(headerName, headerValue);
}
}
Console.WriteLine($"{svcex}");
string claimChallenge = WwwAuthenticateParameters.GetClaimChallengeFromResponseHeaders(httpResponseHeaders);
_consentHandler.ChallengeUser(_graphScopes, claimChallenge);
return new EmptyResult();
}
catch (Exception ex2)
{
_consentHandler.HandleException(ex2);
}
}
try
{
// Get user photo
using (var photoStream = await _graphServiceClient.Me.Photo.Content.GetAsync())
{
byte[] photoByte = ((MemoryStream)photoStream).ToArray();
ViewData["Photo"] = Convert.ToBase64String(photoByte);
}
}
catch (Exception pex)
{
Console.WriteLine($"{pex.Message}");
ViewData["Photo"] = null;
}
ViewData["Me"] = currentUser;
return View();
}
Microsoft.Identity.Web version
2.16.1
Web app sign-in
Not applicable
Web API (call Graph or downstream APIs)
2-WebApp-graph-user/2-1-Call-MSGraph
Deploy to Azure
Not applicable
Auth Z
Not applicable
Description
The process to handle CAE challenges from MS Graph by catching a ServiceException doesn't work. Upon revoking user session the GraphServiceClient now returns ODataError exception with the requested claims. The code example is not handling this type of exception.
Please update the code example to handle the OData exception to process the CAE challenge from Microsoft Graph.
Reproduction steps
Error message
ODataError: Continuous access evaluation resulted in challenge with result: InteractionRequired and code: TokenIssuedBeforeRevocationTimestamp
Id Web logs
No response
Relevant code snippets
Regression
No response
Expected behavior
Process the CAE challenge from Microsoft Graph.