static async Task Main(string[] args) { string tenantId = "00000000-0000-0000-0000-000000000000"; string subscriptionId = "00000000-0000-0000-0000-000000000000"; DefaultAzureCredential credential = new DefaultAzureCredential(); // If utilizing a user assigned managed identity, then uncomment the second line and comment out the line above // DefaultAzureCredential credential = new DefaultAzureCredential(new DefaultAzureCredentialOptions { ManagedIdentityClientId = UserAssignedManagedIdentityId }); // Create token request context with scope set to .default for the ARM and MS Graph endpoints // Get token which will sequentially call the included credentials in the order // EnvironmentCredential, ManagedIdentityCredential, SharedTokenCacheCredential, // and InteractiveBrowserCredential returning the first successfully obtained AccessToken // for more information: https://docs.microsoft.com/en-us/dotnet/api/azure.identity.defaultazurecredential.gettokenasync?view=azure-dotnet TokenRequestContext tokenRequestContextARM = new TokenRequestContext(new[] { "https://management.core.windows.net//.default" }); AccessToken tokenRequestResultARM = await credential.GetTokenAsync(tokenRequestContextARM); TokenRequestContext tokenRequestContextGraph = new TokenRequestContext(new[] { "https://graph.microsoft.com//.default" }); AccessToken tokenRequestResultGraph = await credential.GetTokenAsync(tokenRequestContextGraph); // Credentials used for authenticating a fluent management client to Azure. AzureCredentials credentials = new AzureCredentials( new TokenCredentials(tokenRequestResultARM.Token), new TokenCredentials(tokenRequestResultGraph.Token), tenantId, AzureEnvironment.AzureGlobalCloud); // Top level abstraction of Azure. https://docs.microsoft.com/en-us/dotnet/api/microsoft.azure.management.fluent.iazure?view=azure-dotnet // .WithSubscription is optional if you wish to return resource beyond the scope of a single subscription. IAzure azure = Microsoft.Azure.Management.Fluent.Azure .Configure() .WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic) .Authenticate(credentials) .WithSubscription(subscriptionId); // Iterate through Microsoft.Sql top level resources (servers) and a list of databases (sub resources) // for data collection define IList<T> outside of these nested loops and add resources and sub resources // of interest to collections. IPagedCollection <ISqlServer> servers = await azure.SqlServers.ListAsync(); do { foreach (ISqlServer server in servers) { Console.WriteLine($"Server: {server.Name} Azure AD Admin: {server.GetActiveDirectoryAdministrator().SignInName}"); Console.WriteLine($"\tResource Group: {server.ResourceGroupName}"); IReadOnlyList <ISqlDatabase> databases = await server.Databases.ListAsync(); foreach (ISqlDatabase database in databases) { Console.WriteLine($"\t\tDatabase name: {database.Name} created: {database.CreationDate}"); } } servers = await servers.GetNextPageAsync(); } while (servers != null); }
public async static Task <GraphServiceClient> GetGraphClientAsync() { // Create the Microsoft Graph service client // with a DefaultAzureCredential class, which gets an access token // by using the available Managed Identity. // In order to use user assigned managed identity use the following two lines. // string userAssignedClientId = "<your managed identity client Id>"; // var credential = new DefaultAzureCredential(new DefaultAzureCredentialOptions { ManagedIdentityClientId = userAssignedClientId }); var credential = new DefaultAzureCredential(); var token = await credential.GetTokenAsync( new Azure.Core.TokenRequestContext( new[] { "https://graph.microsoft.com/.default" })); var graphServiceClient = new GraphServiceClient( new DelegateAuthenticationProvider((requestMessage) => { requestMessage .Headers .Authorization = new AuthenticationHeaderValue("bearer", token.Token); return(Task.CompletedTask); })); return(graphServiceClient); }
public async Task <IActionResult> CallFunction() { string apiUrl = _configuration.GetValue <string>("APIUrl"); string resource = _configuration.GetValue <string>("APIScope"); DefaultAzureCredential credential = new DefaultAzureCredential(); TokenRequestContext tokenRequestContext = new TokenRequestContext(new string[] { resource }); AccessToken accessToken = await credential.GetTokenAsync(tokenRequestContext); ViewBag.AccessToken = accessToken.Token; _httpClient.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", accessToken.Token); HttpResponseMessage httpResponseMessage = await _httpClient.GetAsync(apiUrl); if (httpResponseMessage.IsSuccessStatusCode) { string response = await httpResponseMessage.Content.ReadAsStringAsync(); dynamic json = JsonConvert.DeserializeObject <dynamic>(response); ViewBag.DateTime = json.datetime; } return(View()); }
private async Task <DbConnection> GetDbConnectionAsync(Request request, Result result) { if (request.DatabaseType == SqlConnectionDatabaseType.SqlServer) { var connection = new SqlConnection(request.SqlConnectionStringValue); if (request.UseAzureManagedIdentity) { // Request an access token for Azure SQL Database using the current Azure Managed Identity. this.Logger.LogInformation("Acquiring access token using Azure Managed Identity using Client ID \"{ClientId}\"", request.AzureManagedIdentityClientId); // If AzureManagedIdentityClientId is requested, that indicates the User-Assigned Managed Identity to use; if omitted the System-Assigned Managed Identity will be used. var credential = new DefaultAzureCredential(new DefaultAzureCredentialOptions { ManagedIdentityClientId = request.AzureManagedIdentityClientId }); var authenticationResult = await credential.GetTokenAsync(new TokenRequestContext(new[] { "https://database.windows.net/.default" })); var accessToken = authenticationResult.Token; connection.AccessToken = accessToken; result.AccessToken = accessToken; } return(connection); } else if (request.DatabaseType == SqlConnectionDatabaseType.PostgreSql) { return(new NpgsqlConnection(request.SqlConnectionStringValue)); } else if (request.DatabaseType == SqlConnectionDatabaseType.MySql) { return(new MySqlConnection(request.SqlConnectionStringValue)); } else { throw new NotSupportedException($"\"{request.DatabaseType.ToString()}\" is not a supported ADO.NET database type"); } }
public static async Task <IActionResult> RunAsync([HttpTrigger(AuthorizationLevel.Anonymous, "get", Route = null)] HttpRequest req) { string referer = req.Headers["Referer"]; if (string.IsNullOrEmpty(referer)) { return(new UnauthorizedResult()); } string result = Array.Find(allowd, site => referer.StartsWith(site, StringComparison.OrdinalIgnoreCase)); if (string.IsNullOrEmpty(result)) { return(new UnauthorizedResult()); } // Managed identities for Azure resources and Azure Maps // For the Web SDK to authorize correctly, you still must assign Azure role based access control for the managed identity // https://docs.microsoft.com/en-us/azure/azure-maps/how-to-manage-authentication var tokenCredential = new DefaultAzureCredential(); var accessToken = await tokenCredential.GetTokenAsync( new TokenRequestContext(new[] { "https://atlas.microsoft.com/.default" }) ); return(new OkObjectResult(accessToken.Token)); }
public async Task CredentialTypeLogged(Type availableCredential) { List <string> messages = new(); using AzureEventSourceListener listener = new AzureEventSourceListener( (_, message) => messages.Add(message), EventLevel.Informational); var expToken = new AccessToken(Guid.NewGuid().ToString(), DateTimeOffset.MaxValue); List <Type> calledCredentials = new(); var credFactory = GetMockDefaultAzureCredentialFactory(availableCredential, expToken, calledCredentials); var options = new DefaultAzureCredentialOptions { ExcludeEnvironmentCredential = false, ExcludeManagedIdentityCredential = false, ExcludeSharedTokenCacheCredential = false, ExcludeAzureCliCredential = false, ExcludeInteractiveBrowserCredential = false, }; var cred = new DefaultAzureCredential(credFactory, options); await cred.GetTokenAsync(new TokenRequestContext(MockScopes.Default)); Assert.That(messages, Has.Some.Match(availableCredential.Name).And.Some.Match("DefaultAzureCredential credential selected")); }
public static async Task <IActionResult> Run( [HttpTrigger(AuthorizationLevel.Anonymous, "get", Route = null)] HttpRequest req, ILogger log) { log.LogInformation("e request"); // Manually get access token for storage (demo purposes only) // NEVER LOG TOKENS LIKE THAT IN PRODUCTION! var cred = new DefaultAzureCredential(); var token = await cred.GetTokenAsync(new TokenRequestContext(new[] { "https://storage.azure.com/.default" })); log.LogInformation(token.Token); // Download a blob with the Azure-provided token const string containerEndpoint = "https://stvwazureday.blob.core.windows.net/vwazureday/"; var containerClient = new BlobContainerClient(new Uri(containerEndpoint), new DefaultAzureCredential()); var blockBlobClient = containerClient.GetBlockBlobClient("hello-world.txt"); using var memorystream = new MemoryStream(); await blockBlobClient.DownloadToAsync(memorystream); var message = Encoding.UTF8.GetString(memorystream.ToArray()); log.LogInformation("Done processing the request"); return(new OkObjectResult(message)); }
public static async Task GetSubscriptions(DefaultAzureCredential credential) { // Create token request context with scope set to .default TokenRequestContext tokenRequestContext = new TokenRequestContext(new[] { "https://management.core.windows.net//.default" }); AccessToken tokenRequestResult = await credential.GetTokenAsync(tokenRequestContext); // Initialize ServiceClientCredential utilizing acquired token ServiceClientCredentials serviceClientCreds = new TokenCredentials(tokenRequestResult.Token); // ServiceClientCredentials is the abstraction for credentials used by ServiceClients accessing REST services. Microsoft.Azure.Management.Subscription.SubscriptionClient subClient = new Microsoft.Azure.Management.Subscription.SubscriptionClient(serviceClientCreds); // Get list of subscriptions in tenant var listSubscriptions = subClient.Subscriptions.List(); int i = 0; // Print out results to the console foreach (var sub in listSubscriptions) { Debug.WriteLine(sub); list[i] = sub.DisplayName; Debug.WriteLine("array output " + list[i]); Debug.WriteLine("Subscription: " + sub.DisplayName); i++; SubscriptionID = Convert.ToString(sub.SubscriptionId); } }
public async Task <IActionResult> GetTokenAsync() { // tokenProvider will cache the token in memory, if you would like to reduce the dependency on Azure AD we recommend // implementing a distributed cache combined with using the other methods available on tokenProvider. var accessToken = await tokenProvider.GetTokenAsync(new TokenRequestContext(new string[] { "https://atlas.microsoft.com/.default" }), HttpContext.RequestAborted); return(Ok(accessToken.Token)); }
private ValueTask <AccessToken> GetTokenFromDefaultAzureCredential(Action <DefaultAzureCredentialOptions> optBuilder) { var opts = new DefaultAzureCredentialOptions(); optBuilder?.Invoke(opts); var defaultCredentials = new DefaultAzureCredential(opts); return(defaultCredentials.GetTokenAsync(_requestContext, System.Threading.CancellationToken.None)); }
private async Task <SqlConnection> CreateSqlConnection() { var resource = "https://database.windows.net/.default"; var cred = new DefaultAzureCredential(); var token = await cred.GetTokenAsync(new TokenRequestContext(new[] { resource })); var con = new SqlConnection(_connectionString); con.AccessToken = token.Token; return(con); }
/// <summary> /// Prototype of certificate-less authentication using a signed assertion /// acquired with managed identity (certificateless). /// </summary> /// <returns>The signed assertion.</returns> private async Task <ClientAssertion> GetSignedAssertionFromFederatedTokenProvider(CancellationToken cancellationToken) { var credential = new DefaultAzureCredential(new DefaultAzureCredentialOptions { ManagedIdentityClientId = _managedIdentityClientId }); var result = await credential.GetTokenAsync( new TokenRequestContext(new[] { "api://AzureADTokenExchange/.default" }, null), cancellationToken).ConfigureAwait(false); return(new ClientAssertion(result.Token, result.ExpiresOn)); }
public async Task <string> GetConnectionString() { if (UseCredentialChain) { var credential = new DefaultAzureCredential(); var accessToken = await credential.GetTokenAsync(new TokenRequestContext(new[] { "https://ossrdbms-aad.database.windows.net" })); stringBuilder.Add("password", accessToken.Token); } return(stringBuilder.ConnectionString); }
/// <summary> /// Authenticates to Azure and gets a bearer token. /// </summary> private async Task <string> GetIdentityTokenAsync() { Console.WriteLine($"Attempting to authenticate."); var cred = new DefaultAzureCredential(); string[] scopes = new string[] { ManagementUri + "/.default" }; var accessToken = await cred.GetTokenAsync(new TokenRequestContext(scopes)); var token = accessToken.Token; return(token); }
private static string GetAccessTokenFromAzureIdentity() { var tokenCredential = new DefaultAzureCredential(); var context = new TokenRequestContext(new string[] { azureSqlResourceId }); var token = tokenCredential.GetTokenAsync(context).GetAwaiter().GetResult(); Console.WriteLine(DateTime.UtcNow + $" ******** Azure Identity Library ********"); PrintAccessTokenExpiry(token.Token); Console.WriteLine(DateTime.UtcNow + $" Azure Identity Expires On: " + token.ExpiresOn); Console.WriteLine(DateTime.UtcNow + $" ********************"); return(token.Token); }
public async Task <DbConnection> GetConnectionAsync( CancellationToken cancellationToken = default(CancellationToken)) { var sqlConnection = new SqlConnection(_connectionString); var credential = new DefaultAzureCredential(); var accessToken = (await credential.GetTokenAsync( new TokenRequestContext(_authenticationTokenScopes), cancellationToken)).Token; sqlConnection.AccessToken = accessToken; return(sqlConnection); }
public ApplicationService( DefaultAzureCredential defaultAzureCredential, ILogger <ApplicationService> logger ) { client = new GraphServiceClient(new DelegateAuthenticationProvider(async message => { var at = await defaultAzureCredential.GetTokenAsync(new TokenRequestContext(new[] { "https://graph.microsoft.com/.default" })); message.Headers.Authorization = new AuthenticationHeaderValue("Bearer", at.Token); await Task.CompletedTask; })); this.logger = logger; }
private async Task <AccessTokenItem> GetNewAuthToken(string resource) { var tokenCredential = new DefaultAzureCredential(new DefaultAzureCredentialOptions { ManagedIdentityClientId = essManagedIdentityConfiguration.Value.ClientId }); var accessToken = await tokenCredential.GetTokenAsync( new TokenRequestContext(scopes : new string[] { resource + "/.default" }) { } ); return(new AccessTokenItem { ExpiresIn = accessToken.ExpiresOn.UtcDateTime, AccessToken = accessToken.Token }); }
public async Task ValidateSelectedCredentialCaching(Type availableCredential) { var expToken = new AccessToken(Guid.NewGuid().ToString(), DateTimeOffset.MaxValue); List <Type> calledCredentials = new(); var credFactory = GetMockDefaultAzureCredentialFactory(availableCredential, expToken, calledCredentials); var options = new DefaultAzureCredentialOptions { ExcludeEnvironmentCredential = false, ExcludeManagedIdentityCredential = false, ExcludeSharedTokenCacheCredential = false, ExcludeAzureCliCredential = false, ExcludeAzurePowerShellCredential = false, ExcludeInteractiveBrowserCredential = false }; var cred = new DefaultAzureCredential(credFactory, options); AccessToken actToken = await cred.GetTokenAsync(new TokenRequestContext(MockScopes.Default)); Assert.AreEqual(expToken.Token, actToken.Token); // assert that the available credential was the last credential called Assert.AreEqual(calledCredentials[calledCredentials.Count - 1], availableCredential); calledCredentials.Clear(); actToken = await cred.GetTokenAsync(new TokenRequestContext(MockScopes.Default)); Assert.AreEqual(expToken.Token, actToken.Token); // assert that the available credential was the only credential called Assert.AreEqual(calledCredentials.Count, 1); Assert.AreEqual(calledCredentials[0], availableCredential); }
/// <summary> /// Gets a valid token using a Service Principal or a Managed Identity /// </summary> public static async Task <TokenCredentials> GetTokenCredentialsAsync(string resource, string tenantId, AzureAuthenticationInfo authenticationInfo, System.Uri azureAuthorityHost) { Guard.NotNullOrWhitespace(resource, nameof(resource)); Guard.NotNullOrWhitespace(tenantId, nameof(tenantId)); Guard.NotNull(authenticationInfo, nameof(authenticationInfo)); TokenCredential tokenCredential; var tokenCredentialOptions = new TokenCredentialOptions { AuthorityHost = azureAuthorityHost }; switch (authenticationInfo.Mode) { case AuthenticationMode.ServicePrincipal: tokenCredential = new ClientSecretCredential(tenantId, authenticationInfo.IdentityId, authenticationInfo.Secret, tokenCredentialOptions); break; case AuthenticationMode.UserAssignedManagedIdentity: tokenCredential = new ManagedIdentityCredential(authenticationInfo.IdentityId, tokenCredentialOptions); break; case AuthenticationMode.SystemAssignedManagedIdentity: tokenCredential = new ManagedIdentityCredential(options: tokenCredentialOptions); break; default: tokenCredential = new DefaultAzureCredential(); break; } // When you reaching an endpoint, using an impersonate identity, the only endpoint available is always '/.default' // MSAL add the './default' string to your resource request behind the scene. // We have to do it here, since we are at a lower level(and we are not using MSAL; by the way) if (!resource.ToLowerInvariant().EndsWith("/.default")) { if (!resource.EndsWith("/")) { resource += "/"; } resource += ".default"; } var accessToken = await tokenCredential.GetTokenAsync(new TokenRequestContext(new[] { resource }), default); return(new TokenCredentials(accessToken.Token)); }
protected override async Task <Result> ExecuteCoreAsync(Request request) { this.Logger.LogInformation("Acquiring token using Azure Managed Identity for Scopes \"{Scopes}\" using Client ID \"{ClientId}\"", request.Scopes, request.AzureManagedIdentityClientId); var scopes = request.Scopes == null?Array.Empty <string>() : request.Scopes.Split(' ', StringSplitOptions.RemoveEmptyEntries); // If AzureManagedIdentityClientId is requested, that indicates the User-Assigned Managed Identity to use; if omitted the System-Assigned Managed Identity will be used. var credential = new DefaultAzureCredential(new DefaultAzureCredentialOptions { ManagedIdentityClientId = request.AzureManagedIdentityClientId }); var authenticationResult = await credential.GetTokenAsync(new TokenRequestContext(scopes)); return(new Result { AccessToken = authenticationResult.Token, ExpiresOn = authenticationResult.ExpiresOn }); }
public static async Task <IActionResult> Run( [HttpTrigger(AuthorizationLevel.Anonymous, "get", Route = null)] HttpRequest req, ILogger log) { log.LogInformation("Starting to process request"); var resultBuilder = new StringBuilder(); try { resultBuilder.Append("Claims:\n"); foreach (var claim in req.HttpContext.User.Claims) { resultBuilder.Append($" {claim.Type}: {claim.Value}\n"); } resultBuilder.Append("\n"); // Manually get access token for storage (demo purposes only) // NEVER LOG TOKENS LIKE THAT IN PRODUCTION! var cred = new DefaultAzureCredential(); var token = await cred.GetTokenAsync(new TokenRequestContext(new[] { "https://storage.azure.com/.default" })); resultBuilder.Append($"Token: {token.Token}\n\n"); var addresses = Dns.GetHostAddresses("stvwazuredayprivate.blob.core.windows.net"); foreach (var hostAddress in addresses) { resultBuilder.Append($"Address: {hostAddress}\n\n"); } using var client = new HttpClient(); client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token.Token); client.DefaultRequestHeaders.Add("x-ms-version", "2017-11-09"); var message = await client.GetStringAsync("https://stvwazuredayprivate.blob.core.windows.net/vwazureday/hello-world.txt"); log.LogInformation("Done processing the request"); resultBuilder.Append($"Message: {message}\n\n"); } catch (Exception ex) { resultBuilder.Append($"Exception: {ex.Message}\n\n"); } return(new OkObjectResult(resultBuilder.ToString())); }
public async Task <IActionResult> About() { // Get token var tokenRequestContext = new TokenRequestContext(new[] { "api://a3cad856-d73c-40bc-b082-64982a3e55ac/KeyVault" }); var tokenCredential = new DefaultAzureCredential(new DefaultAzureCredentialOptions() { InteractiveBrowserTenantId = "72f988bf-86f1-41af-91ab-2d7cd011db47", SharedTokenCacheTenantId = "common", SharedTokenCacheUsername = User.Identity.Name, ExcludeEnvironmentCredential = true, ExcludeManagedIdentityCredential = true, ExcludeAzureCliCredential = true, ExcludeVisualStudioCodeCredential = true, }); //var credOption = new SharedTokenCacheCredentialOptions(); //credOption.TenantId = User.Claims.FirstOrDefault(t => t.Type == "http://schemas.microsoft.com/identity/claims/tenantid").Value; //credOption.Username = User.Identity.Name; //var sharedCredential = new SharedTokenCacheCredential(credOption); var token = await tokenCredential.GetTokenAsync(tokenRequestContext, CancellationToken.None); //var token = await new SharedTokenCacheCredential(credOption).GetTokenAsync(tokenRequestContext, CancellationToken.None); // Get Key Vault secret var secretName = "DbPassword"; var httpClient = clientFactory.CreateClient(); httpClient.BaseAddress = new Uri(config["ServicePrinciple:KeyVaultEndpoint"]); httpClient.DefaultRequestHeaders.Add("Authorization", $"Bearer {token}"); var requestKeyVault = new HttpRequestMessage(HttpMethod.Get, $"secrets/{secretName}?api-version=7.0"); var keyVaultResponse = await httpClient.SendAsync(requestKeyVault); if (keyVaultResponse.IsSuccessStatusCode) { var message = await keyVaultResponse.Content.ReadAsStringAsync(); ViewBag.DbPassword = JsonSerializer.Deserialize <KeyVaultResponse>(message).value; } else { ViewBag.DbPassword = keyVaultResponse.ReasonPhrase; } return(View()); }
private static async Task <GraphServiceClient> GetGraphApiClient() { var credential = new DefaultAzureCredential(); var token = await credential.GetTokenAsync( new Azure.Core.TokenRequestContext( new[] { "https://graph.microsoft.com/.default" })); var accessToken = token.Token; var graphServiceClient = new GraphServiceClient( new DelegateAuthenticationProvider((requestMessage) => { requestMessage .Headers .Authorization = new AuthenticationHeaderValue("bearer", accessToken); return(Task.CompletedTask); })); return(graphServiceClient); }
internal static async Task <GraphServiceClient> InitializeGraphClientWithMsiAsync() { var credential = new DefaultAzureCredential(); var tokenResult = await credential.GetTokenAsync(new Azure.Core.TokenRequestContext(new string[] { "https://graph.microsoft.com" })); string token = tokenResult.Token; Console.WriteLine("MSI token that is used in the GraphServiceClient:"); Console.WriteLine(token); Console.WriteLine("\n\n"); var client = new GraphServiceClient( new DelegateAuthenticationProvider((requestMessage) => { requestMessage .Headers .Authorization = new AuthenticationHeaderValue("Bearer", token); return(Task.CompletedTask); })); return(client); }
static async Task GetSubscriptions(DefaultAzureCredential credential) { // Create token request context with scope set to .default TokenRequestContext tokenRequestContext = new TokenRequestContext(new[] { "https://management.core.windows.net//.default" }); // Get token which will sequentially call the included credentials in the order // EnvironmentCredential, ManagedIdentityCredential, SharedTokenCacheCredential, // and InteractiveBrowserCredential returning the first successfully obtained AccessToken // for more information: https://docs.microsoft.com/en-us/dotnet/api/azure.identity.defaultazurecredential.gettokenasync?view=azure-dotnet AccessToken tokenRequestResult = await credential.GetTokenAsync(tokenRequestContext); // Initialize ServiceClientCredential utilizing acquired token ServiceClientCredentials serviceClientCreds = new TokenCredentials(tokenRequestResult.Token); // Initialize SubscriptionClient with the service client credentials SubscriptionClient subClient = new SubscriptionClient(serviceClientCreds); // Get list of subscriptions in tenant var listSubscriptions = subClient.Subscriptions.List(); // Print out results to the console foreach (var sub in listSubscriptions) { Console.WriteLine("Subscription: " + sub.DisplayName); // Get all resource groups in the subscription await GetResourceGroups(credential, sub.SubscriptionId); Console.WriteLine("\n"); } }
public async Task ValidateSelectedCredentialCaching([Values(typeof(EnvironmentCredential), typeof(ManagedIdentityCredential), typeof(SharedTokenCacheCredential), typeof(AzureCliCredential), typeof(InteractiveBrowserCredential))] Type availableCredential) { var expToken = new AccessToken(Guid.NewGuid().ToString(), DateTimeOffset.MaxValue); var credFactory = new MockDefaultAzureCredentialFactory(CredentialPipeline.GetInstance(null)); List <Type> calledCredentials = new List <Type>(); credFactory.OnCreateEnvironmentCredential = (c) => { ((MockTokenCredential)c).TokenFactory = (context, cancel) => { calledCredentials.Add(typeof(EnvironmentCredential)); return((availableCredential == typeof(EnvironmentCredential)) ? expToken : throw new CredentialUnavailableException("Unavailable")); }; }; credFactory.OnCreateManagedIdentityCredential = (clientId, c) => { ((MockTokenCredential)c).TokenFactory = (context, cancel) => { calledCredentials.Add(typeof(ManagedIdentityCredential)); return((availableCredential == typeof(ManagedIdentityCredential)) ? expToken : throw new CredentialUnavailableException("Unavailable")); }; }; credFactory.OnCreateSharedTokenCacheCredential = (tenantId, username, c) => { ((MockTokenCredential)c).TokenFactory = (context, cancel) => { calledCredentials.Add(typeof(SharedTokenCacheCredential)); return((availableCredential == typeof(SharedTokenCacheCredential)) ? expToken : throw new CredentialUnavailableException("Unavailable")); }; }; credFactory.OnCreateAzureCliCredential = (c) => { ((MockTokenCredential)c).TokenFactory = (context, cancel) => { calledCredentials.Add(typeof(AzureCliCredential)); return((availableCredential == typeof(AzureCliCredential)) ? expToken : throw new CredentialUnavailableException("Unavailable")); }; }; credFactory.OnCreateInteractiveBrowserCredential = (_, c) => { ((MockTokenCredential)c).TokenFactory = (context, cancel) => { calledCredentials.Add(typeof(InteractiveBrowserCredential)); return((availableCredential == typeof(InteractiveBrowserCredential)) ? expToken : throw new CredentialUnavailableException("Unavailable")); }; }; var options = new DefaultAzureCredentialOptions { ExcludeEnvironmentCredential = false, ExcludeManagedIdentityCredential = false, ExcludeSharedTokenCacheCredential = false, ExcludeAzureCliCredential = false, ExcludeInteractiveBrowserCredential = false }; var cred = new DefaultAzureCredential(credFactory, options); AccessToken actToken = await cred.GetTokenAsync(new TokenRequestContext(MockScopes.Default)); Assert.AreEqual(expToken.Token, actToken.Token); // assert that the available credential was the last credential called Assert.AreEqual(calledCredentials[calledCredentials.Count - 1], availableCredential); calledCredentials.Clear(); actToken = await cred.GetTokenAsync(new TokenRequestContext(MockScopes.Default)); Assert.AreEqual(expToken.Token, actToken.Token); // assert that the available credential was the only credential called Assert.AreEqual(calledCredentials.Count, 1); Assert.AreEqual(calledCredentials[0], availableCredential); }
public void ValidateUnhandledException([Values(0, 1, 2, 3, 4)] int exPossition) { var credFactory = new MockDefaultAzureCredentialFactory(CredentialPipeline.GetInstance(null)); credFactory.OnCreateEnvironmentCredential = (c) => { ((MockTokenCredential)c).TokenFactory = (context, cancel) => { if (exPossition > 0) { throw new CredentialUnavailableException("EnvironmentCredential Unavailable"); } else { throw new MockClientException("EnvironmentCredential unhandled exception"); } }; }; credFactory.OnCreateManagedIdentityCredential = (clientId, c) => { ((MockTokenCredential)c).TokenFactory = (context, cancel) => { if (exPossition > 1) { throw new CredentialUnavailableException("ManagedIdentityCredential Unavailable"); } else { throw new MockClientException("ManagedIdentityCredential unhandled exception"); } }; }; credFactory.OnCreateSharedTokenCacheCredential = (tenantId, username, c) => { ((MockTokenCredential)c).TokenFactory = (context, cancel) => { if (exPossition > 2) { throw new CredentialUnavailableException("SharedTokenCacheCredential Unavailable"); } else { throw new MockClientException("SharedTokenCacheCredential unhandled exception"); } }; }; credFactory.OnCreateAzureCliCredential = (c) => { ((MockTokenCredential)c).TokenFactory = (context, cancel) => { if (exPossition > 3) { throw new CredentialUnavailableException("CliCredential Unavailable"); } else { throw new MockClientException("CliCredential unhandled exception"); } }; }; credFactory.OnCreateInteractiveBrowserCredential = (_, c) => { ((MockTokenCredential)c).TokenFactory = (context, cancel) => { throw new MockClientException("InteractiveBrowserCredential unhandled exception"); }; }; var options = new DefaultAzureCredentialOptions { ExcludeEnvironmentCredential = false, ExcludeManagedIdentityCredential = false, ExcludeSharedTokenCacheCredential = false, ExcludeAzureCliCredential = false, ExcludeInteractiveBrowserCredential = false }; var cred = new DefaultAzureCredential(credFactory, options); var ex = Assert.ThrowsAsync <AuthenticationFailedException>(async() => await cred.GetTokenAsync(new TokenRequestContext(MockScopes.Default))); switch (exPossition) { case 0: Assert.AreEqual(ex.InnerException.Message, "EnvironmentCredential unhandled exception"); break; case 1: Assert.AreEqual(ex.InnerException.Message, "ManagedIdentityCredential unhandled exception"); break; case 2: Assert.AreEqual(ex.InnerException.Message, "SharedTokenCacheCredential unhandled exception"); break; case 3: Assert.AreEqual(ex.InnerException.Message, "CliCredential unhandled exception"); break; case 4: Assert.AreEqual(ex.InnerException.Message, "InteractiveBrowserCredential unhandled exception"); break; default: Assert.Fail(); break; } }
public void ValidateAllUnavailable([Values(true, false)] bool excludeEnvironmentCredential, [Values(true, false)] bool excludeManagedIdentityCredential, [Values(true, false)] bool excludeSharedTokenCacheCredential, [Values(true, false)] bool excludeCliCredential, [Values(true, false)] bool excludeInteractiveBrowserCredential) { if (excludeEnvironmentCredential && excludeManagedIdentityCredential && excludeSharedTokenCacheCredential && excludeCliCredential && excludeInteractiveBrowserCredential) { Assert.Pass(); } var credFactory = new MockDefaultAzureCredentialFactory(CredentialPipeline.GetInstance(null)); credFactory.OnCreateEnvironmentCredential = (c) => { ((MockTokenCredential)c).TokenFactory = (context, cancel) => { throw new CredentialUnavailableException("EnvironmentCredential Unavailable"); }; }; credFactory.OnCreateInteractiveBrowserCredential = (_, c) => { ((MockTokenCredential)c).TokenFactory = (context, cancel) => { throw new CredentialUnavailableException("InteractiveBrowserCredential Unavailable"); }; }; credFactory.OnCreateManagedIdentityCredential = (clientId, c) => { ((MockTokenCredential)c).TokenFactory = (context, cancel) => { throw new CredentialUnavailableException("ManagedIdentityCredential Unavailable"); }; }; credFactory.OnCreateSharedTokenCacheCredential = (tenantId, username, c) => { ((MockTokenCredential)c).TokenFactory = (context, cancel) => { throw new CredentialUnavailableException("SharedTokenCacheCredential Unavailable"); }; }; credFactory.OnCreateAzureCliCredential = (c) => { ((MockTokenCredential)c).TokenFactory = (context, cancel) => { throw new CredentialUnavailableException("CliCredential Unavailable"); }; }; var options = new DefaultAzureCredentialOptions { ExcludeEnvironmentCredential = excludeEnvironmentCredential, ExcludeManagedIdentityCredential = excludeManagedIdentityCredential, ExcludeSharedTokenCacheCredential = excludeSharedTokenCacheCredential, ExcludeAzureCliCredential = excludeCliCredential, ExcludeInteractiveBrowserCredential = excludeInteractiveBrowserCredential }; var cred = new DefaultAzureCredential(credFactory, options); var ex = Assert.ThrowsAsync <CredentialUnavailableException>(async() => await cred.GetTokenAsync(new TokenRequestContext(MockScopes.Default))); if (!excludeEnvironmentCredential) { Assert.True(ex.Message.Contains("EnvironmentCredential Unavailable")); } if (!excludeManagedIdentityCredential) { Assert.True(ex.Message.Contains("ManagedIdentityCredential Unavailable")); } if (!excludeSharedTokenCacheCredential) { Assert.True(ex.Message.Contains("SharedTokenCacheCredential Unavailable")); } if (!excludeCliCredential) { Assert.True(ex.Message.Contains("CliCredential Unavailable")); } if (!excludeInteractiveBrowserCredential) { Assert.True(ex.Message.Contains("InteractiveBrowserCredential Unavailable")); } }
public async Task <AuthenticationHeaderValue> GetAuthenticationHeaderAsync(CancellationToken cancellationToken) { var token = await cred.GetTokenAsync(new Azure.Core.TokenRequestContext(new[] { this.scope })); return(new AuthenticationHeaderValue("Bearer", token.Token)); }