public void CanAuthenticateUsingMSIObjectId()
{
AzureSessionInitializer.InitializeAzureSession();
string expectedAccessToken = Guid.NewGuid().ToString();
_output.WriteLine("Expected access token for ARM URI: {0}", expectedAccessToken);
string expectedToken2 = Guid.NewGuid().ToString();
string tenant = Guid.NewGuid().ToString();
_output.WriteLine("Expected access token for graph URI: {0}", expectedToken2);
string userId = Guid.NewGuid().ToString();
var account = new AzureAccount
{
Id = userId,
Type = AzureAccount.AccountType.ManagedService
};
var environment = AzureEnvironment.PublicEnvironments["AzureCloud"];
var expectedResource = environment.ActiveDirectoryServiceEndpointResourceId;
var builder = new UriBuilder(AuthenticationFactory.DefaultMSILoginUri);
builder.Query = $"resource={Uri.EscapeDataString(environment.ActiveDirectoryServiceEndpointResourceId)}&object_id={userId}&api-version=2018-02-01";
var defaultUri = builder.Uri.ToString();
var customBuilder = new UriBuilder(AuthenticationFactory.DefaultMSILoginUri);
customBuilder.Query = $"resource={Uri.EscapeDataString(environment.GraphEndpointResourceId)}&object_id={userId}&api-version=2018-02-01";
var customUri = customBuilder.Uri.ToString();
var responses = new Dictionary <string, ManagedServiceTokenInfo>(StringComparer.OrdinalIgnoreCase)
{
{ defaultUri, new ManagedServiceTokenInfo {
AccessToken = expectedAccessToken, ExpiresIn = 3600, Resource = expectedResource
} },
{ customUri, new ManagedServiceTokenInfo {
AccessToken = expectedToken2, ExpiresIn = 3600, Resource = environment.GraphEndpointResourceId
} }
};
AzureSession.Instance.RegisterComponent(HttpClientOperationsFactory.Name, () => TestHttpOperationsFactory.Create(responses, _output), true);
var authFactory = new AuthenticationFactory();
IRenewableToken token = (IRenewableToken)authFactory.Authenticate(account, environment, tenant, null, null, null);
_output.WriteLine($"Received access token for default Uri ${token.AccessToken}");
Assert.Equal(expectedAccessToken, token.AccessToken);
var account2 = new AzureAccount
{
Id = userId,
Type = AzureAccount.AccountType.ManagedService
};
var token2 = authFactory.Authenticate(account2, environment, tenant, null, null, null, AzureEnvironment.Endpoint.GraphEndpointResourceId);
_output.WriteLine($"Received access token for custom Uri ${token2.AccessToken}");
Assert.Equal(expectedToken2, token2.AccessToken);
Assert.Equal(3600, Math.Round(token.ExpiresOn.DateTime.Subtract(DateTime.UtcNow).TotalSeconds));
var token3 = authFactory.Authenticate(account, environment, tenant, null, null, null, "bar");
Assert.Throws <InvalidOperationException>(() => token3.AccessToken);
}
public void CanAuthenticateUsingMSIDefault()
{
AzureSessionInitializer.InitializeAzureSession();
string expectedAccessToken = Guid.NewGuid().ToString();
_output.WriteLine("Expected access token for default URI: {0}", expectedAccessToken);
string expectedToken2 = Guid.NewGuid().ToString();
string tenant = Guid.NewGuid().ToString();
_output.WriteLine("Expected access token for custom URI: {0}", expectedToken2);
string userId = "*****@*****.**";
var account = new AzureAccount
{
Id = userId,
Type = AzureAccount.AccountType.ManagedService
};
var environment = AzureEnvironment.PublicEnvironments["AzureCloud"];
var expectedResource = environment.ActiveDirectoryServiceEndpointResourceId;
var builder = new UriBuilder(AuthenticationFactory.DefaultBackupMSILoginUri);
builder.Query = $"resource={Uri.EscapeDataString(environment.ActiveDirectoryServiceEndpointResourceId)}&api-version=2018-02-01";
var defaultUri = builder.Uri.ToString();
var responses = new Dictionary <string, ManagedServiceTokenInfo>(StringComparer.OrdinalIgnoreCase)
{
{ defaultUri, new ManagedServiceTokenInfo {
AccessToken = expectedAccessToken, ExpiresIn = 3600, Resource = expectedResource
} },
{ "http://myfunkyurl:10432/oauth2/token?resource=foo&api-version=2018-02-01", new ManagedServiceTokenInfo {
AccessToken = expectedToken2, ExpiresIn = 3600, Resource = "foo"
} }
};
AzureSession.Instance.RegisterComponent(HttpClientOperationsFactory.Name, () => TestHttpOperationsFactory.Create(responses, _output), true);
var authFactory = new AuthenticationFactory();
var token = authFactory.Authenticate(account, environment, tenant, null, null, null);
_output.WriteLine($"Received access token for default Uri ${token.AccessToken}");
Assert.Equal(expectedAccessToken, token.AccessToken);
var account2 = new AzureAccount
{
Id = userId,
Type = AzureAccount.AccountType.ManagedService
};
account2.SetProperty(AzureAccount.Property.MSILoginUri, "http://myfunkyurl:10432/oauth2/token");
var token2 = authFactory.Authenticate(account2, environment, tenant, null, null, null, "foo");
_output.WriteLine($"Received access token for custom Uri ${token2.AccessToken}");
Assert.Equal(expectedToken2, token2.AccessToken);
var token3 = authFactory.Authenticate(account, environment, tenant, null, null, null, "bar");
Assert.Throws <InvalidOperationException>(() => token3.AccessToken);
}
/// Get the access token for a service principal and provided key.
public static TokenCloudCredentials GetTokenCloudCredentials(string tenantId, string clientId, SecureString secretKey)
{
var authFactory = new AuthenticationFactory();
var account = new AzureAccount {
Type = AzureAccount.AccountType.ServicePrincipal, Id = clientId
};
var env = AzureEnvironment.PublicEnvironments[EnvironmentName.AzureCloud];
var accessToken =
authFactory.Authenticate(account, env, tenantId, secretKey, ShowDialog.Never).AccessToken;
return(new TokenCloudCredentials(accessToken));
}
public void VerifyValidateAuthorityFalseForOnPremise()
{
var authFactory = new AuthenticationFactory
{
TokenProvider = new MockAccessTokenProvider("testtoken", "testuser")
};
var subscriptionId = Guid.NewGuid();
var context = new AzureContext
(
new AzureSubscription
{
Id = subscriptionId,
Properties = new Dictionary <AzureSubscription.Property, string>
{
{ AzureSubscription.Property.Tenants, "123" }
}
},
new AzureAccount
{
Id = "testuser",
Type = AzureAccount.AccountType.User,
Properties = new Dictionary <AzureAccount.Property, string>
{
{ AzureAccount.Property.Tenants, "123" }
}
},
new AzureEnvironment
{
Name = "Katal",
OnPremise = true,
Endpoints = new Dictionary <AzureEnvironment.Endpoint, string>
{
{ AzureEnvironment.Endpoint.ActiveDirectory, "http://ad.com" },
{ AzureEnvironment.Endpoint.ActiveDirectoryServiceEndpointResourceId, "http://adresource.com" }
}
}
);
var credential = authFactory.Authenticate(context.Account, context.Environment, "common", null, ShowDialog.Always);
Assert.False(((MockAccessTokenProvider)authFactory.TokenProvider).AdalConfiguration.ValidateAuthority);
}
private static TokenCredentials Authenticate()
{
var authFactory = new AuthenticationFactory();
var account = new AzureAccount
{
Type = _isServicePrincipal
? AzureAccount.AccountType.ServicePrincipal
: AzureAccount.AccountType.User
};
if (_userName != null && (_password != null || _isServicePrincipal))
{
account.Id = _userName;
}
var env = AzureEnvironment.PublicEnvironments[EnvironmentName.AzureCloud];
var tenant = string.IsNullOrEmpty(_tenantId)
? AuthenticationFactory.CommonAdTenant
: _tenantId;
ShowDialog showDialog;
if (_isServicePrincipal)
{
showDialog = ShowDialog.Never;
}
else if (_userName != null && _password == null)
{
showDialog = ShowDialog.Always;
}
else
{
showDialog = ShowDialog.Auto;
}
var authResult = authFactory.Authenticate(
account, env, tenant, _password, showDialog);
return(new TokenCredentials(authResult.AccessToken));
}
public void VerifyValidateAuthorityFalseForOnPremise()
{
AzureSessionInitializer.InitializeAzureSession();
var authFactory = new AuthenticationFactory
{
TokenProvider = new MockAccessTokenProvider("testtoken", "testuser")
};
var subscriptionId = Guid.NewGuid();
var account = new AzureAccount
{
Id = "testuser",
Type = AzureAccount.AccountType.User,
};
account.SetTenants("123");
var sub = new AzureSubscription
{
Id = subscriptionId.ToString(),
};
sub.SetTenant("123");
var context = new AzureContext
(
sub,
account,
new AzureEnvironment
{
Name = "Katal",
OnPremise = true,
ActiveDirectoryAuthority = "http://ad.com",
ActiveDirectoryServiceEndpointResourceId = "http://adresource.com"
}
);
var credential = authFactory.Authenticate(context.Account, context.Environment, "common", null, ShowDialog.Always, null);
Assert.False(((MockAccessTokenProvider)authFactory.TokenProvider).AdalConfiguration.ValidateAuthority);
}
public static TokenCloudCredentials GetTokenCloudCredentials(string username = null, SecureString password = null)
{
var authFactory = new AuthenticationFactory();
var account = new AzureAccount {
Type = AzureAccount.AccountType.User
};
if (username != null && password != null)
{
account.Id = username;
}
var env = AzureEnvironment.PublicEnvironments[EnvironmentName.AzureCloud];
ShowDialog dialog = username != null & password != null ? ShowDialog.Never : ShowDialog.Always;
var accessToken =
authFactory.Authenticate(account, env, AuthenticationFactory.CommonAdTenant, password, dialog)
.AccessToken;
return(new TokenCloudCredentials(accessToken));
}
public void CanAuthenticateWithAccessToken()
{
AzureSessionInitializer.InitializeAzureSession();
IAuthenticatorBuilder authenticatorBuilder = new DefaultAuthenticatorBuilder();
AzureSession.Instance.RegisterComponent(AuthenticatorBuilder.AuthenticatorBuilderKey, () => authenticatorBuilder);
PowerShellTokenCacheProvider factory = new InMemoryTokenCacheProvider();
AzureSession.Instance.RegisterComponent(PowerShellTokenCacheProvider.PowerShellTokenCacheProviderKey, () => factory);
string tenant = Guid.NewGuid().ToString();
string userId = "*****@*****.**";
var armToken = Guid.NewGuid().ToString();
var graphToken = Guid.NewGuid().ToString();
var kvToken = Guid.NewGuid().ToString();
var account = new AzureAccount
{
Id = userId,
Type = AzureAccount.AccountType.AccessToken
};
account.SetTenants(tenant);
account.SetAccessToken(armToken);
account.SetProperty(AzureAccount.Property.GraphAccessToken, graphToken);
account.SetProperty(AzureAccount.Property.KeyVaultAccessToken, kvToken);
var authFactory = new AuthenticationFactory();
var environment = AzureEnvironment.PublicEnvironments.Values.First();
var checkArmToken = authFactory.Authenticate(account, environment, tenant, new System.Security.SecureString(), "Never", null);
VerifyToken(checkArmToken, armToken, userId, tenant);
checkArmToken = authFactory.Authenticate(account, environment, tenant, new System.Security.SecureString(), "Never", null, environment.ActiveDirectoryServiceEndpointResourceId);
VerifyToken(checkArmToken, armToken, userId, tenant);
var checkGraphToken = authFactory.Authenticate(account, environment, tenant, new System.Security.SecureString(), "Never", null, AzureEnvironment.Endpoint.GraphEndpointResourceId);
VerifyToken(checkGraphToken, graphToken, userId, tenant);
checkGraphToken = authFactory.Authenticate(account, environment, tenant, new System.Security.SecureString(), "Never", null, environment.GraphEndpointResourceId);
VerifyToken(checkGraphToken, graphToken, userId, tenant);
var checkKVToken = authFactory.Authenticate(account, environment, tenant, new System.Security.SecureString(), "Never", null, environment.AzureKeyVaultServiceEndpointResourceId);
VerifyToken(checkKVToken, kvToken, userId, tenant);
checkKVToken = authFactory.Authenticate(account, environment, tenant, new System.Security.SecureString(), "Never", null, AzureEnvironment.Endpoint.AzureKeyVaultServiceEndpointResourceId);
VerifyToken(checkKVToken, kvToken, userId, tenant);
}
public void CanAuthenticateUsingMSIDefault()
{
AzureSessionInitializer.InitializeAzureSession();
IAuthenticatorBuilder authenticatorBuilder = new DefaultAuthenticatorBuilder();
AzureSession.Instance.RegisterComponent(AuthenticatorBuilder.AuthenticatorBuilderKey, () => authenticatorBuilder);
PowerShellTokenCacheProvider factory = new InMemoryTokenCacheProvider();
AzureSession.Instance.RegisterComponent(PowerShellTokenCacheProvider.PowerShellTokenCacheProviderKey, () => factory);
var msalAccessTokenAcquirerFactory = new MsalAccessTokenAcquirerFactory();
AzureSession.Instance.RegisterComponent(nameof(MsalAccessTokenAcquirerFactory), () => msalAccessTokenAcquirerFactory, true);
string expectedAccessToken = Guid.NewGuid().ToString();
_output.WriteLine("Expected access token for default URI: {0}", expectedAccessToken);
var mockAzureCredentialFactory = new MockAzureCredentialFactory();
MockManagedIdentityCredential mockManagedIdentityCredential = null;
mockAzureCredentialFactory.CredentialFactory = (clientId) =>
{
return(mockManagedIdentityCredential = new MockManagedIdentityCredential(clientId)
{
TokenFactory = () => new AccessToken(expectedAccessToken, DateTimeOffset.Now)
});
};
AzureSession.Instance.RegisterComponent(nameof(AzureCredentialFactory), () => (AzureCredentialFactory)mockAzureCredentialFactory, true);
string expectedToken2 = Guid.NewGuid().ToString();
string tenant = Guid.NewGuid().ToString();
_output.WriteLine("Expected access token for custom URI: {0}", expectedToken2);
string userId = Constants.DefaultMsiAccountIdPrefix + "12345";
var account = new AzureAccount
{
Id = userId,
Type = AzureAccount.AccountType.ManagedService
};
var environment = AzureEnvironment.PublicEnvironments["AzureCloud"];
var expectedResource = environment.ActiveDirectoryServiceEndpointResourceId;
var builder = new UriBuilder(AuthenticationFactory.DefaultBackupMSILoginUri);
//builder.Query = $"resource={Uri.EscapeDataString(environment.ActiveDirectoryServiceEndpointResourceId)}&api-version=2018-02-01";
//var defaultUri = builder.Uri.ToString();
//var responses = new Dictionary<string, ManagedServiceTokenInfo>(StringComparer.OrdinalIgnoreCase)
//{
// {defaultUri, new ManagedServiceTokenInfo { AccessToken = expectedAccessToken, ExpiresIn = 3600, Resource=expectedResource}},
// {"http://*****:*****@foo.com";
var account2 = new AzureAccount
{
Id = userId2,
Type = AzureAccount.AccountType.ManagedService
};
//account2.SetProperty(AzureAccount.Property.MSILoginUri, "http://myfunkyurl:10432/oauth2/token");
expectedAccessToken = expectedToken2;
var token2 = authFactory.Authenticate(account2, environment, tenant, null, null, null, "foo");
_output.WriteLine($"Received access token for custom Uri ${token2.AccessToken}");
Assert.Equal(expectedToken2, token2.AccessToken);
Assert.Equal(userId2, mockManagedIdentityCredential.AccountId);
//var token3 = authFactory.Authenticate(account, environment, tenant, null, null, null, "bar");
//Assert.Throws<InvalidOperationException>(() => token3.AccessToken);
}
