/// <summary>
/// Attempts to enumerate and delete any and all Azure Directory Authentication
/// Refresh tokens caches by GCM asynchronously.
/// </summary>
/// <returns>A <see cref="Task"/> for the async action.</returns>
private static Task SecurityPurgeAdaTokens(SecretStore adaStore)
{
// this can and should be done asynchronously to minimize user impact
return(Task.Run(() =>
{
adaStore.PurgeCredentials();
}));
}
private static BaseAuthentication CreateAuthentication(OperationArguments operationArguments)
{
Debug.Assert(operationArguments != null, "The operationArguments is null");
Trace.WriteLine("Program::CreateAuthentication");
var secrets = new SecretStore(SecretsNamespace);
BaseAuthentication authority = null;
switch (operationArguments.Authority)
{
case AuthorityType.Auto:
Trace.WriteLine(" detecting authority type");
// detect the authority
if (BaseVsoAuthentication.GetAuthentication(operationArguments.TargetUri,
VsoCredentialScope,
secrets,
null,
out authority)
|| GithubAuthentication.GetAuthentication(operationArguments.TargetUri,
GithubCredentialScope,
secrets,
GithubCredentialPrompt,
GithubAuthCodePrompt,
null,
out authority))
{
// set the authority type based on the returned value
if (authority is VsoMsaAuthentication)
{
operationArguments.Authority = AuthorityType.MicrosoftAccount;
goto case AuthorityType.MicrosoftAccount;
}
else if (authority is VsoAadAuthentication)
{
operationArguments.Authority = AuthorityType.AzureDirectory;
goto case AuthorityType.AzureDirectory;
}
else if (authority is GithubAuthentication)
{
operationArguments.Authority = AuthorityType.GitHub;
goto case AuthorityType.GitHub;
}
}
operationArguments.Authority = AuthorityType.Basic;
goto case AuthorityType.Basic;
case AuthorityType.AzureDirectory:
Trace.WriteLine(" authority is Azure Directory");
Guid tenantId = Guid.Empty;
// return the allocated authority or a generic AAD backed VSO authentication object
return authority ?? new VsoAadAuthentication(Guid.Empty, VsoCredentialScope, secrets);
case AuthorityType.Basic:
default:
Trace.WriteLine(" authority is basic");
// return a generic username + password authentication object
return authority ?? new BasicAuthentication(secrets);
case AuthorityType.GitHub:
Trace.WriteLine(" authority it GitHub");
// return a GitHub authenitcation object
return authority ?? new GithubAuthentication(GithubCredentialScope,
secrets,
GithubCredentialPrompt,
GithubAuthCodePrompt,
null);
case AuthorityType.MicrosoftAccount:
Trace.WriteLine(" authority is Microsoft Live");
// return the allocated authority or a generic MSA backed VSO authentication object
return authority ?? new VsoMsaAuthentication(VsoCredentialScope, secrets);
}
}
private static BaseAuthentication CreateAuthentication(OperationArguments operationArguments)
{
Debug.Assert(operationArguments != null, "The operationArguments is null");
Debug.Assert(operationArguments.TargetUri != null, "The operationArgument.TargetUri is null");
var secretsNamespace = operationArguments.CustomNamespace ?? SecretsNamespace;
var secrets = new SecretStore(secretsNamespace, null, null, Secret.UriToName);
BaseAuthentication authority = null;
var basicCredentialCallback = (operationArguments.UseModalUi)
? new AcquireCredentialsDelegate(Program.ModalPromptForCredentials)
: new AcquireCredentialsDelegate(Program.BasicCredentialPrompt);
var githubCredentialCallback = (operationArguments.UseModalUi)
? new GitHubAuthentication.AcquireCredentialsDelegate(GitHub.Authentication.AuthenticationPrompts.CredentialModalPrompt)
: new GitHubAuthentication.AcquireCredentialsDelegate(Program.GitHubCredentialPrompt);
var githubAuthcodeCallback = (operationArguments.UseModalUi)
? new GitHubAuthentication.AcquireAuthenticationCodeDelegate(GitHub.Authentication.AuthenticationPrompts.AuthenticationCodeModalPrompt)
: new GitHubAuthentication.AcquireAuthenticationCodeDelegate(Program.GitHubAuthCodePrompt);
NtlmSupport basicNtlmSupport = NtlmSupport.Auto;
switch (operationArguments.Authority)
{
case AuthorityType.Auto:
Git.Trace.WriteLine($"detecting authority type for '{operationArguments.TargetUri}'.");
// detect the authority
authority = BaseVstsAuthentication.GetAuthentication(operationArguments.TargetUri,
VstsCredentialScope,
secrets)
?? GitHubAuthentication.GetAuthentication(operationArguments.TargetUri,
GitHubCredentialScope,
secrets,
githubCredentialCallback,
githubAuthcodeCallback,
null);
if (authority != null)
{
// set the authority type based on the returned value
if (authority is VstsMsaAuthentication)
{
operationArguments.Authority = AuthorityType.MicrosoftAccount;
goto case AuthorityType.MicrosoftAccount;
}
else if (authority is VstsAadAuthentication)
{
operationArguments.Authority = AuthorityType.AzureDirectory;
goto case AuthorityType.AzureDirectory;
}
else if (authority is GitHubAuthentication)
{
operationArguments.Authority = AuthorityType.GitHub;
goto case AuthorityType.GitHub;
}
}
operationArguments.Authority = AuthorityType.Basic;
goto case AuthorityType.Basic;
case AuthorityType.AzureDirectory:
Git.Trace.WriteLine($"authority for '{operationArguments.TargetUri}' is Azure Directory.");
Guid tenantId = Guid.Empty;
// return the allocated authority or a generic AAD backed VSTS authentication object
return authority ?? new VstsAadAuthentication(Guid.Empty, VstsCredentialScope, secrets);
case AuthorityType.Basic:
// enforce basic authentication only
basicNtlmSupport = NtlmSupport.Never;
goto default;
case AuthorityType.GitHub:
Git.Trace.WriteLine($"authority for '{operationArguments.TargetUri}' is GitHub.");
// return a GitHub authentication object
return authority ?? new GitHubAuthentication(GitHubCredentialScope,
secrets,
githubCredentialCallback,
githubAuthcodeCallback,
null);
case AuthorityType.MicrosoftAccount:
Git.Trace.WriteLine($"authority for '{operationArguments.TargetUri}' is Microsoft Live.");
// return the allocated authority or a generic MSA backed VSTS authentication object
return authority ?? new VstsMsaAuthentication(VstsCredentialScope, secrets);
case AuthorityType.Ntlm:
// enforce NTLM authentication only
basicNtlmSupport = NtlmSupport.Always;
goto default;
default:
Git.Trace.WriteLine($"authority for '{operationArguments.TargetUri}' is basic with NTLM={basicNtlmSupport}.");
// return a generic username + password authentication object
return authority ?? new BasicAuthentication(secrets, basicNtlmSupport, basicCredentialCallback, null);
}
}
/// <summary>
/// Attempts to enumerate and delete any and all Azure Directory Authentication
/// Refresh tokens caches by GCM asynchronously.
/// </summary>
/// <returns>A <see cref="Task"/> for the async action.</returns>
private static Task SecurityPurgeAdaTokens(SecretStore adaStore)
{
// this can and should be done asynchronously to minimize user impact
return Task.Run(() =>
{
adaStore.PurgeCredentials();
});
}
private static BaseAuthentication CreateAuthentication(OperationArguments operationArguments)
{
Debug.Assert(operationArguments != null, "The operationArguments is null");
Debug.Assert(operationArguments.TargetUri != null, "The operationArgument.TargetUri is null");
Trace.WriteLine("Program::CreateAuthentication");
Secret.UriNameConversion getTargetName = Secret.UriToSimpleName;
if (operationArguments.UseHttpPath)
{
getTargetName = Secret.UriToPathedName;
}
var secrets = new SecretStore(SecretsNamespace, null, null, getTargetName);
BaseAuthentication authority = null;
switch (operationArguments.Authority)
{
case AuthorityType.Auto:
Trace.WriteLine(" detecting authority type");
// detect the authority
if (BaseVstsAuthentication.GetAuthentication(operationArguments.TargetUri,
VstsCredentialScope,
secrets,
null,
out authority)
|| GithubAuthentication.GetAuthentication(operationArguments.TargetUri,
GithubCredentialScope,
secrets,
operationArguments.UseModalUi
? new GithubAuthentication.AcquireCredentialsDelegate(GitHub.Authentication.AuthenticationPrompts.CredentialModalPrompt)
: new GithubAuthentication.AcquireCredentialsDelegate(GithubCredentialPrompt),
operationArguments.UseModalUi
? new GithubAuthentication.AcquireAuthenticationCodeDelegate(GitHub.Authentication.AuthenticationPrompts.AuthenticationCodeModalPrompt)
: new GithubAuthentication.AcquireAuthenticationCodeDelegate(GithubAuthCodePrompt),
null,
out authority))
{
// set the authority type based on the returned value
if (authority is VstsMsaAuthentication)
{
operationArguments.Authority = AuthorityType.MicrosoftAccount;
goto case AuthorityType.MicrosoftAccount;
}
else if (authority is VstsAadAuthentication)
{
operationArguments.Authority = AuthorityType.AzureDirectory;
goto case AuthorityType.AzureDirectory;
}
else if (authority is GithubAuthentication)
{
operationArguments.Authority = AuthorityType.GitHub;
goto case AuthorityType.GitHub;
}
}
operationArguments.Authority = AuthorityType.Basic;
goto case AuthorityType.Basic;
case AuthorityType.AzureDirectory:
Trace.WriteLine(" authority is Azure Directory");
Guid tenantId = Guid.Empty;
// return the allocated authority or a generic AAD backed VSTS authentication object
return authority ?? new VstsAadAuthentication(Guid.Empty, VstsCredentialScope, secrets);
case AuthorityType.Basic:
default:
Trace.WriteLine(" authority is basic");
// return a generic username + password authentication object
return authority ?? new BasicAuthentication(secrets);
case AuthorityType.GitHub:
Trace.WriteLine(" authority it GitHub");
// return a GitHub authenitcation object
return authority ?? new GithubAuthentication(GithubCredentialScope,
secrets,
operationArguments.UseModalUi
? new GithubAuthentication.AcquireCredentialsDelegate(GitHub.Authentication.AuthenticationPrompts.CredentialModalPrompt)
: new GithubAuthentication.AcquireCredentialsDelegate(GithubCredentialPrompt),
operationArguments.UseModalUi
? new GithubAuthentication.AcquireAuthenticationCodeDelegate(GitHub.Authentication.AuthenticationPrompts.AuthenticationCodeModalPrompt)
: new GithubAuthentication.AcquireAuthenticationCodeDelegate(GithubAuthCodePrompt),
null);
case AuthorityType.MicrosoftAccount:
Trace.WriteLine(" authority is Microsoft Live");
// return the allocated authority or a generic MSA backed VSTS authentication object
return authority ?? new VstsMsaAuthentication(VstsCredentialScope, secrets);
}
}
