public void CredentialsConstructorThrowsForInvalidValues()
        {
            TokenCache cache    = new TestTokenCache();
            var        settings = ActiveDirectoryServiceSettings.Azure;

            Assert.ThrowsAsync <ArgumentOutOfRangeException>(() => UserTokenProvider.LoginSilentAsync(null,
                                                                                                      "microsoft.onmicrosoft.com", this._username, this._password, cache));
            Assert.ThrowsAsync <ArgumentOutOfRangeException>(() => UserTokenProvider.LoginWithPromptAsync(
                                                                 "microsoft.onmicrosoft.com", ActiveDirectoryClientSettings.UsePromptOnly(string.Empty, new Uri("urn:ietf:wg:oauth:2.0:oob")),
                                                                 settings, cache));
            Assert.ThrowsAsync <ArgumentOutOfRangeException>(() => UserTokenProvider.LoginWithPromptAsync(null,
                                                                                                          ActiveDirectoryClientSettings.UsePromptOnly("1950a258-227b-4e31-a9cf-717495945fc2", new Uri("urn:ietf:wg:oauth:2.0:oob")),
                                                                                                          settings, cache));
            Assert.ThrowsAsync <ArgumentOutOfRangeException>(() => UserTokenProvider.LoginWithPromptAsync(string.Empty,
                                                                                                          ActiveDirectoryClientSettings.UsePromptOnly("1950a258-227b-4e31-a9cf-717495945fc2", new Uri("urn:ietf:wg:oauth:2.0:oob")),
                                                                                                          settings, cache));
            Assert.ThrowsAsync <AuthenticationException>(() => UserTokenProvider.LoginSilentAsync("1950a258-227b-4e31-a9cf-717495945fc2",
                                                                                                  "microsoft.onmicrosoft.com", null, this._password, cache));
            Assert.Throws <AuthenticationException>(() => UserTokenProvider.LoginSilentAsync("1950a258-227b-4e31-a9cf-717495945fc2",
                                                                                             "microsoft.onmicrosoft.com", string.Empty, this._password, cache).ConfigureAwait(false).GetAwaiter().GetResult());
            Assert.ThrowsAsync <AuthenticationException>(() => UserTokenProvider.LoginSilentAsync("1950a258-227b-4e31-a9cf-717495945fc2",
                                                                                                  "microsoft.onmicrosoft.com", this._username, null, cache));
            Assert.ThrowsAsync <AuthenticationException>(() => UserTokenProvider.LoginSilentAsync("1950a258-227b-4e31-a9cf-717495945fc2",
                                                                                                  "microsoft.onmicrosoft.com", this._username, string.Empty, cache));
        }
Beispiel #2
0
        /// <summary>
        /// Acquire Graph token
        /// </summary>
        /// <param name="graphAADServiceSettings"></param>
        /// <param name="spnClientId"></param>
        /// <param name="spnSecret"></param>
        /// <param name="userName"></param>
        /// <param name="password"></param>
        /// <param name="psClientId"></param>
        private void UpdateTokenInfoWithGraphToken(ActiveDirectoryServiceSettings graphAADServiceSettings, string spnClientId = "", string spnSecret = "",
                                                   string userName = "", string password = "", string psClientId = "")
        {
            Task <TokenCredentials> graphAuthResult = null;

            try
            {
                if (!string.IsNullOrWhiteSpace(userName) && !string.IsNullOrWhiteSpace(password))
                {
                    //#if FullNetFx
#if net452
                    graphAuthResult = Task.Run(async() => (TokenCredentials)await UserTokenProvider
                                               .LoginSilentAsync(psClientId, this.Tenant, userName, password, graphAADServiceSettings).ConfigureAwait(continueOnCapturedContext: false));
#endif
                }
                else if (!string.IsNullOrWhiteSpace(spnClientId) && !string.IsNullOrWhiteSpace(spnSecret))
                {
                    graphAuthResult = Task.Run(async() => (TokenCredentials)await ApplicationTokenProvider
                                               .LoginSilentAsync(this.Tenant, spnClientId, spnSecret, graphAADServiceSettings).ConfigureAwait(continueOnCapturedContext: false));
                }

                this.TokenInfo[TokenAudience.Graph] = graphAuthResult?.Result;
            }
            catch (Exception ex)
            {
                Debug.WriteLine(string.Format("Error while acquiring Graph Token: '{0}'", ex.ToString()));
                // Not all accounts are registered to have access to Graph endpoints.
            }
        }
        public async override Task ProcessHttpRequestAsync(HttpRequestMessage request, CancellationToken cancellationToken)
        {
            var adSettings = new ActiveDirectoryServiceSettings
            {
                AuthenticationEndpoint = new Uri(Environment.AuthenticationEndpoint),
                TokenAudience          = new Uri(Environment.ManagementEndpoint),
                ValidateAuthority      = true
            };
            string url = request.RequestUri.ToString();

            if (url.StartsWith(Environment.GraphEndpoint, StringComparison.OrdinalIgnoreCase))
            {
                adSettings.TokenAudience = new Uri(Environment.GraphEndpoint);
            }

            if (!credentialsCache.ContainsKey(adSettings.TokenAudience))
            {
                if (servicePrincipalLoginInformation != null)
                {
                    if (servicePrincipalLoginInformation.ClientSecret != null)
                    {
                        credentialsCache[adSettings.TokenAudience] = await ApplicationTokenProvider.LoginSilentAsync(
                            TenantId, servicePrincipalLoginInformation.ClientId, servicePrincipalLoginInformation.ClientSecret, adSettings, TokenCache.DefaultShared);
                    }
#if NET45
                    else if (servicePrincipalLoginInformation.X509Certificate != null)
                    {
                        credentialsCache[adSettings.TokenAudience] = await ApplicationTokenProvider.LoginSilentAsync(
                            TenantId, new ClientAssertionCertificate(servicePrincipalLoginInformation.ClientId, servicePrincipalLoginInformation.X509Certificate), adSettings, TokenCache.DefaultShared);
                    }
#endif
                    else
                    {
                        credentialsCache[adSettings.TokenAudience] = await ApplicationTokenProvider.LoginSilentAsync(
                            TenantId, servicePrincipalLoginInformation.ClientId, servicePrincipalLoginInformation.Certificate, servicePrincipalLoginInformation.CertificatePassword, adSettings, TokenCache.DefaultShared);
                    }
                }
#if !PORTABLE
                else if (userLoginInformation != null)
                {
                    credentialsCache[adSettings.TokenAudience] = await UserTokenProvider.LoginSilentAsync(
                        userLoginInformation.ClientId, TenantId, userLoginInformation.UserName,
                        userLoginInformation.Password, adSettings, TokenCache.DefaultShared);
                }
#endif
#if PORTABLE
                else if (deviceCredentialInformation != null)
                {
                    credentialsCache[adSettings.TokenAudience] = await UserTokenProvider.LoginByDeviceCodeAsync(
                        deviceCredentialInformation.ClientId, TenantId, adSettings, TokenCache.DefaultShared, deviceCredentialInformation.DeviceCodeFlowHandler);
                }
#endif
                else if (msiTokenProviderFactory != null)
                {
                    credentialsCache[adSettings.TokenAudience] = new TokenCredentials(this.msiTokenProviderFactory.Create(adSettings.TokenAudience.OriginalString));
                }
            }
            await credentialsCache[adSettings.TokenAudience].ProcessHttpRequestAsync(request, cancellationToken);
        }
        public void SilentUserLogin(string cnnStr)
        {
            LiteralCnnString = cnnStr;
            ServiceClientCredentials svcClientCred = null;

            svcClientCred = UserTokenProvider.LoginSilentAsync(this.ClientId, this.TenantId, this.UserName, this.Password, ActiveDirectoryServiceSettings.AzureGermany).GetAwaiter().GetResult();
            Assert.NotNull(svcClientCred);
        }
        public void OrgIdCredentialWorksWithoutDialog()
        {
            var credentials =
                UserTokenProvider.LoginSilentAsync("1950a258-227b-4e31-a9cf-717495945fc2",
                                                   this._domain, this._username, this._password).GetAwaiter().GetResult();
            var client  = new HttpClient();
            var request = new HttpRequestMessage(HttpMethod.Get,
                                                 new Uri("https://management.azure.com/subscriptions?api-version=2014-04-01-preview"));

            credentials.ProcessHttpRequestAsync(request, CancellationToken.None).Wait();
            Assert.NotNull(request.Headers.Authorization);
            var response = client.SendAsync(request).ConfigureAwait(false).GetAwaiter().GetResult();

            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
        }
        public void OrgIdCredentialsThrowsForInvalidCredentials()
        {
            var exception = Assert.Throws <AuthenticationException>(() => UserTokenProvider.LoginSilentAsync("1950a258-227b-4e31-a9cf-717495945fc2",
                                                                                                             this._domain, "*****@*****.**", "This is not a valid password").GetAwaiter().GetResult());

            Assert.NotNull(exception.InnerException);
            Assert.Equal(typeof(AdalException), exception.InnerException.GetType());
            exception = Assert.Throws <AuthenticationException>(() => UserTokenProvider.LoginSilentAsync("1950a258-227b-4e31-a9cf-717495945fc2",
                                                                                                         this._domain, "bad_user@bad_domain.com", this._password).ConfigureAwait(false).GetAwaiter().GetResult());
            Assert.NotNull(exception.InnerException);
            Assert.Equal(typeof(AdalException), exception.InnerException.GetType());
            exception = Assert.Throws <AuthenticationException>(() => UserTokenProvider.LoginSilentAsync("1950a258-227b-4e31-a9cf-717495945fc2", "not-a-valid-domain", this._username, this._password).ConfigureAwait(false).GetAwaiter().GetResult());
            Assert.NotNull(exception.InnerException);
            Assert.Equal(typeof(AdalServiceException), exception.InnerException.GetType());
            exception = Assert.Throws <AuthenticationException>(() => UserTokenProvider.LoginSilentAsync("not-a-valid-client-id", this._domain, this._username, this._password)
                                                                .ConfigureAwait(false).GetAwaiter().GetResult());
            Assert.NotNull(exception.InnerException);
            Assert.Equal(typeof(AdalServiceException), exception.InnerException.GetType());
        }
Beispiel #7
0
        public static ServiceClientCredentials LoginAzureRM(this ICakeContext ctx, string tenantId, string loginName, string password)
        {
            if (string.IsNullOrWhiteSpace(tenantId))
            {
                throw new ArgumentNullException(nameof(tenantId));
            }

            if (string.IsNullOrWhiteSpace(loginName))
            {
                throw new ArgumentNullException(nameof(loginName));
            }

            if (string.IsNullOrWhiteSpace(password))
            {
                throw new ArgumentNullException(nameof(password));
            }

            return(UserTokenProvider.LoginSilentAsync(WELLKNOWN_CLIENTID, tenantId, loginName, password).GetAwaiter().GetResult());
        }
        private static async Task LoginUserAsync(
            Dictionary <TokenAudience, TokenCredentials> tokens,
            string domain,
            string username,
            string password,
            TestEndpoints endpoints)
        {
            var mgmSettings = new ActiveDirectoryServiceSettings()
            {
                AuthenticationEndpoint = new Uri(endpoints.AADAuthUri.ToString() + domain),
                TokenAudience          = endpoints.AADTokenAudienceUri
            };
            var grpSettings = new ActiveDirectoryServiceSettings()
            {
                AuthenticationEndpoint = new Uri(endpoints.AADAuthUri.ToString() + domain),
                TokenAudience          = endpoints.GraphTokenAudienceUri
            };

            var mgmAuthResult = (TokenCredentials)await UserTokenProvider
                                .LoginSilentAsync(TestEnvironment.ClientIdDefault, domain, username, password, mgmSettings)
                                .ConfigureAwait(false);

            try
            {
                var graphAuthResult = (TokenCredentials)await UserTokenProvider
                                      .LoginSilentAsync(TestEnvironment.ClientIdDefault, domain, username, password, grpSettings)
                                      .ConfigureAwait(false);

                tokens[TokenAudience.Graph] = graphAuthResult;
            }
            catch
            {
                // Not all accounts are registered to have access to Graph endpoints.
            }

            tokens[TokenAudience.Management] = mgmAuthResult;
        }
        private static string localFilePropertyDumpPath = @"C:\Data";     // Used for Acl/DiskUsage Dump
        public static void Main(string[] args)
        {
            try
            {
                // Acquire token and create client using user id and password - Shown for illustration purposes, Comment following two lines if you are not authenticating with userid and password
                ServiceClientCredentials clientCreds1 = UserTokenProvider.LoginSilentAsync(clientId, domain, UserId, Psswd).GetAwaiter().GetResult();
                AdlsClient client1 = AdlsClient.CreateClient(clientAccountPath, clientCreds1);

                // Acquire token and create client using client secret and client id
                var creds = new ClientCredential(clientId, clientSecret);
                ServiceClientCredentials clientCreds2 = ApplicationTokenProvider.LoginSilentAsync(domain, creds).GetAwaiter().GetResult();
                AdlsClient client2 = AdlsClient.CreateClient(clientAccountPath, clientCreds2);

                // Perform write with flush and read with seek
                PerformWriteFlushReadSeek(client2);

                // Concatenate two files
                PerformConcat(client2);

                // Get Content summary using async operations
                GetContentSummaryAsync(client2).GetAwaiter().GetResult();

                // Bulk upload and download
                RunFileTransfer(client2);
                // Change Acl and get acl and disk usage properties
                SetAclAndGetFileProperties(client2);
                // Illustrate token refresh
                TestTokenRefresh(client2);
            }
            catch (AdlsException e)
            {
                PrintAdlsException(e);
            }
            Console.WriteLine("Done. Press ENTER to continue ...");
            Console.ReadLine();
        }
Beispiel #10
0
        /// <summary>
        /// Login
        /// </summary>
        private void Login()
        {
            string userPassword = this.ConnectionString.GetValue(ConnectionStringKeys.PasswordKey);
            string spnClientId  = this.ConnectionString.GetValue(ConnectionStringKeys.ServicePrincipalKey);
            string spnSecret    = this.ConnectionString.GetValue(ConnectionStringKeys.ServicePrincipalSecretKey);
            //We use this because when login silently using userTokenProvider, we need to provide a well known ClientId for an app that has delegating permissions.
            //All first party app have that permissions, so we use PowerShell app ClientId
            string PowerShellClientId = "1950a258-227b-4e31-a9cf-717495945fc2";

            /*
             * Currently we prioritize login as below:
             * 1) ServicePrincipal/ServicePrincipal Secret Key
             * 2) UserName / Password combination
             * 3) Interactive Login (where user will be presented with prompt to login)
             */
            #region Login
            #region aadSettings
            ActiveDirectoryServiceSettings aadServiceSettings = new ActiveDirectoryServiceSettings()
            {
                AuthenticationEndpoint = new Uri(this.Endpoints.AADAuthUri.ToString() + this.ConnectionString.GetValue(ConnectionStringKeys.AADTenantKey)),
                TokenAudience          = this.Endpoints.AADTokenAudienceUri
            };
            ActiveDirectoryServiceSettings graphAADServiceSettings = new ActiveDirectoryServiceSettings()
            {
                AuthenticationEndpoint = new Uri(this.Endpoints.AADAuthUri.ToString() + this.ConnectionString.GetValue(ConnectionStringKeys.AADTenantKey)),
                TokenAudience          = this.Endpoints.GraphTokenAudienceUri
            };
            #endregion

            if ((!string.IsNullOrEmpty(spnClientId)) && (!string.IsNullOrEmpty(spnSecret)))
            {
                Task <TokenCredentials> mgmAuthResult = Task.Run(async() => (TokenCredentials)await ApplicationTokenProvider
                                                                 .LoginSilentAsync(this.Tenant, spnClientId, spnSecret, aadServiceSettings).ConfigureAwait(continueOnCapturedContext: false));

                this.TokenInfo[TokenAudience.Management] = mgmAuthResult.Result;

                UpdateTokenInfoWithGraphToken(graphAADServiceSettings, spnClientId: spnClientId, spnSecret: spnSecret);
            }
            else if ((!string.IsNullOrEmpty(this.UserName)) && (!string.IsNullOrEmpty(userPassword)))
            {
//#if FullNetFx
#if net452
                Task <TokenCredentials> mgmAuthResult = Task.Run(async() => (TokenCredentials)await UserTokenProvider
                                                                 .LoginSilentAsync(PowerShellClientId, this.Tenant, this.UserName, userPassword, aadServiceSettings).ConfigureAwait(continueOnCapturedContext: false));

                this.TokenInfo[TokenAudience.Management] = mgmAuthResult.Result;

                UpdateTokenInfoWithGraphToken(graphAADServiceSettings, userName: this.UserName, password: userPassword, psClientId: PowerShellClientId);
#else
                throw new NotSupportedException("Username/Password login is supported only in NET452 and above projects");
#endif
            }
            else
            {
//#if FullNetFx
#if net452
                InteractiveLogin(this.Tenant, PowerShellClientId,
                                 aadServiceSettings, graphAADServiceSettings);
#else
                throw new NotSupportedException("Interactive Login is supported only in NET452 and above projects");
#endif
            }
            #endregion
        }
Beispiel #11
0
        public async override Task ProcessHttpRequestAsync(HttpRequestMessage request, CancellationToken cancellationToken)
        {
            var adSettings = new ActiveDirectoryServiceSettings
            {
                AuthenticationEndpoint = new Uri(Environment.AuthenticationEndpoint),
                TokenAudience          = new Uri(Environment.ManagementEndpoint),
                ValidateAuthority      = true
            };
            string url = request.RequestUri.ToString();

            if (url.StartsWith(Environment.GraphEndpoint, StringComparison.OrdinalIgnoreCase))
            {
                adSettings.TokenAudience = new Uri(Environment.GraphEndpoint);
            }

            string host = request.RequestUri.Host;

            if (host.EndsWith(Environment.KeyVaultSuffix, StringComparison.OrdinalIgnoreCase))
            {
                var resource = new Uri(Regex.Replace(Environment.KeyVaultSuffix, "^.", "https://"));
                if (credentialsCache.ContainsKey(new Uri(Regex.Replace(Environment.KeyVaultSuffix, "^.", "https://"))))
                {
                    adSettings.TokenAudience = resource;
                }
                else
                {
                    using (var r = new HttpRequestMessage(request.Method, url))
                    {
                        var response = await new HttpClient().SendAsync(r).ConfigureAwait(false);

                        if (response.StatusCode == System.Net.HttpStatusCode.Unauthorized && response.Headers.WwwAuthenticate != null)
                        {
                            var header = response.Headers.WwwAuthenticate.ElementAt(0).ToString();
                            var regex  = new Regex("authorization=\"([^\"]+)\"");
                            var match  = regex.Match(header);
                            adSettings.AuthenticationEndpoint = new Uri(match.Groups[1].Value);
                            regex = new Regex("resource=\"([^\"]+)\"");
                            match = regex.Match(header);
                            adSettings.TokenAudience = new Uri(match.Groups[1].Value);
                        }
                    }
                }
            }

            if (!credentialsCache.ContainsKey(adSettings.TokenAudience))
            {
                if (servicePrincipalLoginInformation != null)
                {
                    if (servicePrincipalLoginInformation.ClientId == null)
                    {
                        throw new RestException($"Cannot communicate with server. ServicePrincipalLoginInformation should contain a valid ClientId information.");
                    }
                    if (servicePrincipalLoginInformation.ClientSecret != null)
                    {
                        credentialsCache[adSettings.TokenAudience] = await ApplicationTokenProvider.LoginSilentAsync(
                            TenantId, servicePrincipalLoginInformation.ClientId, servicePrincipalLoginInformation.ClientSecret, adSettings, TokenCache.DefaultShared);
                    }
#if NET45
                    else if (servicePrincipalLoginInformation.X509Certificate != null)
                    {
                        credentialsCache[adSettings.TokenAudience] = await ApplicationTokenProvider.LoginSilentAsync(
                            TenantId, new ClientAssertionCertificate(servicePrincipalLoginInformation.ClientId, servicePrincipalLoginInformation.X509Certificate), adSettings, TokenCache.DefaultShared);
                    }
#else
                    else if (servicePrincipalLoginInformation.X509Certificate != null)
                    {
                        credentialsCache[adSettings.TokenAudience] = await ApplicationTokenProvider.LoginSilentAsync(
                            TenantId, new Microsoft.Rest.Azure.Authentication.ClientAssertionCertificate(servicePrincipalLoginInformation.ClientId, servicePrincipalLoginInformation.X509Certificate), adSettings, TokenCache.DefaultShared);
                    }
#endif
                    else if (servicePrincipalLoginInformation.Certificate != null)
                    {
                        credentialsCache[adSettings.TokenAudience] = await ApplicationTokenProvider.LoginSilentAsync(
                            TenantId, servicePrincipalLoginInformation.ClientId, servicePrincipalLoginInformation.Certificate, servicePrincipalLoginInformation.CertificatePassword, adSettings, TokenCache.DefaultShared);
                    }
                    else
                    {
                        throw new RestException($"Cannot communicate with server. ServicePrincipalLoginInformation should contain either a valid ClientSecret or Certificate information.");
                    }
                }
#if NET45
                else if (userLoginInformation != null)
                {
                    credentialsCache[adSettings.TokenAudience] = await UserTokenProvider.LoginSilentAsync(
                        userLoginInformation.ClientId, TenantId, userLoginInformation.UserName,
                        userLoginInformation.Password, adSettings, TokenCache.DefaultShared);
                }
#else
                else if (deviceCredentialInformation != null)
                {
                    credentialsCache[adSettings.TokenAudience] = await UserTokenProvider.LoginByDeviceCodeAsync(
                        deviceCredentialInformation.ClientId, TenantId, adSettings, TokenCache.DefaultShared, deviceCredentialInformation.DeviceCodeFlowHandler);
                }
#endif
                else if (msiTokenProviderFactory != null)
                {
                    credentialsCache[adSettings.TokenAudience] = new TokenCredentials(this.msiTokenProviderFactory.Create(adSettings.TokenAudience.OriginalString));
                }
                // no token available for communication
                else
                {
                    throw new RestException($"Cannot communicate with server. No authentication token available for '{adSettings.TokenAudience}'.");
                }
            }
            await credentialsCache[adSettings.TokenAudience].ProcessHttpRequestAsync(request, cancellationToken);
        }