private string GetEndpointToken(IAzureAccount account, string targetEndpoint)
        {
            string tokenKey = AzureAccount.Property.AccessToken;

            if (targetEndpoint == AzureEnvironment.Endpoint.Graph)
            {
                tokenKey = AzureAccount.Property.GraphAccessToken;
            }

            return(account.GetProperty(tokenKey));
        }
        private string GetEndpointToken(IAzureAccount account, string targetEndpoint)
        {
            string tokenKey = AzureAccount.Property.AccessToken;

            if (string.Equals(targetEndpoint, AzureEnvironment.Endpoint.Graph, StringComparison.OrdinalIgnoreCase))
            {
                tokenKey = AzureAccount.Property.GraphAccessToken;
            }
            if (string.Equals(targetEndpoint, AzureEnvironment.Endpoint.AzureKeyVaultServiceEndpointResourceId, StringComparison.OrdinalIgnoreCase))
            {
                tokenKey = AzureAccount.Property.KeyVaultAccessToken;
            }
            return(account.GetProperty(tokenKey));
        }
        public ManagedServiceAccessToken(IAzureAccount account, IAzureEnvironment environment, string resourceId, string tenant = "Common")
        {
            if (account == null || string.IsNullOrEmpty(account.Id) || !account.IsPropertySet(AzureAccount.Property.MSILoginUri))
            {
                throw new ArgumentNullException(nameof(account));
            }

            if (string.IsNullOrWhiteSpace(tenant))
            {
                throw new ArgumentNullException(nameof(tenant));
            }

            if (environment == null)
            {
                throw new ArgumentNullException(nameof(environment));
            }

            _account    = account;
            _resourceId = GetResource(resourceId, environment);
            var idType = GetIdentityType(account);

            foreach (var uri in BuildTokenUri(_account.GetProperty(AzureAccount.Property.MSILoginUri), account, idType, _resourceId))
            {
                RequestUris.Enqueue(uri);
            }

            if (account.IsPropertySet(AzureAccount.Property.MSILoginUriBackup))
            {
                foreach (var uri in BuildTokenUri(_account.GetProperty(AzureAccount.Property.MSILoginUriBackup), account, idType, _resourceId))
                {
                    RequestUris.Enqueue(uri);
                }
            }

            _tenant = tenant;
            IHttpOperationsFactory factory;

            if (!AzureSession.Instance.TryGetComponent(HttpClientOperationsFactory.Name, out factory))
            {
                factory = HttpClientOperationsFactory.Create();
            }

            _tokenGetter = factory.GetHttpOperations <ManagedServiceTokenInfo>(true).WithHeader("Metadata", new[] { "true" });
            if (account.IsPropertySet(AzureAccount.Property.MSILoginSecret))
            {
                _tokenGetter = _tokenGetter.WithHeader("Secret", new[] { account.GetProperty(AzureAccount.Property.MSILoginSecret) });
            }
        }
        public IAccessToken Authenticate(
            IAzureAccount account,
            IAzureEnvironment environment,
            string tenant,
            SecureString password,
            string promptBehavior,
            Action <string> promptAction,
            IAzureTokenCache tokenCache,
            string resourceId = AzureEnvironment.Endpoint.ActiveDirectoryServiceEndpointResourceId)
        {
            IAccessToken token;
            var          cache = tokenCache as TokenCache;

            if (cache == null)
            {
                cache = TokenCache.DefaultShared;
            }

            var configuration = GetAdalConfiguration(environment, tenant, resourceId, cache);

            TracingAdapter.Information(
                Resources.AdalAuthConfigurationTrace,
                configuration.AdDomain,
                configuration.AdEndpoint,
                configuration.ClientId,
                configuration.ClientRedirectUri,
                configuration.ResourceClientUri,
                configuration.ValidateAuthority);
            if (account.IsPropertySet(AzureAccount.Property.CertificateThumbprint))
            {
                var thumbprint = account.GetProperty(AzureAccount.Property.CertificateThumbprint);
#if !NETSTANDARD
                token = TokenProvider.GetAccessTokenWithCertificate(configuration, account.Id, thumbprint, account.Type);
#else
                throw new NotSupportedException("Certificate based authentication is not supported in netcore version.");
#endif
            }
            else
            {
                token = TokenProvider.GetAccessToken(configuration, promptBehavior, promptAction, account.Id, password, account.Type);
            }

            account.Id = token.UserId;
            return(token);
        }
Esempio n. 5
0
 public SimpleAccessToken(IAzureAccount account, string tenantId, string tokenType = _defaultTokenType)
 {
     if (account == null)
     {
         throw new ArgumentNullException("account");
     }
     if (string.IsNullOrWhiteSpace(account.Id))
     {
         throw new ArgumentOutOfRangeException("account", "AccountId must be provided to use an AccessToken credential.");
     }
     if (account.Type != AzureAccount.AccountType.AccessToken ||
         !account.IsPropertySet(AzureAccount.Property.AccessToken))
     {
         throw new ArgumentException("To create an access token credential, you must provide an access token account.");
     }
     this.UserId      = account.Id;
     this._tokenType  = tokenType;
     this.AccessToken = account.GetProperty(AzureAccount.Property.AccessToken);
     this.TenantId    = tenantId;
 }
Esempio n. 6
0
 /// <summary>
 /// Create a new access token from the given account and tenant id
 /// </summary>
 /// <param name="account">The account, containing user id, access token information</param>
 /// <param name="tenantId">The tenant id for the given access token</param>
 /// <param name="tokenType">The token type for the given token.</param>
 public SimpleAccessToken(IAzureAccount account, string tenantId, string tokenType = _defaultTokenType)
 {
     if (account == null)
     {
         throw new ArgumentNullException("account");
     }
     if (string.IsNullOrWhiteSpace(account.Id))
     {
         throw new ArgumentOutOfRangeException("account", Resources.AccessTokenRequiresAccount);
     }
     if (account.Type != AzureAccount.AccountType.AccessToken ||
         !account.IsPropertySet(AzureAccount.Property.AccessToken))
     {
         throw new ArgumentException(Resources.TypeNotAccessToken);
     }
     this.UserId      = account.Id;
     this._tokenType  = tokenType;
     this.AccessToken = account.GetProperty(AzureAccount.Property.AccessToken);
     this.TenantId    = tenantId;
 }
        private IAzureAccount MergeAccountProperties(IAzureAccount account1, IAzureAccount account2)
        {
            if (account1 == null || account2 == null)
            {
                throw new ArgumentNullException("account1");
            }
            if (!string.Equals(account1.Id, account2.Id, StringComparison.InvariantCultureIgnoreCase))
            {
                throw new ArgumentException("Account Ids do not match.");
            }
            if (account1.Type != account2.Type)
            {
                throw new ArgumentException("Account1 types do not match.");
            }
            AzureAccount mergeAccount = new AzureAccount
            {
                Id   = account1.Id,
                Type = account1.Type
            };

            foreach (var property in account1.ExtendedProperties.Keys.Union(account2.ExtendedProperties.Keys))
            {
                mergeAccount.SetProperty(property, account1.IsPropertySet(property) ?
                                         account1.GetProperty(property) : account2.GetProperty(property));
            }


            // Merge Tenants
            var tenants = account1.GetPropertyAsArray(AzureAccount.Property.Tenants)
                          .Union(account2.GetPropertyAsArray(AzureAccount.Property.Tenants), StringComparer.CurrentCultureIgnoreCase);

            mergeAccount.SetProperty(AzureAccount.Property.Tenants, tenants.ToArray());

            // Merge Subscriptions
            var subscriptions = account1.GetPropertyAsArray(AzureAccount.Property.Subscriptions)
                                .Union(account2.GetPropertyAsArray(AzureAccount.Property.Subscriptions), StringComparer.CurrentCultureIgnoreCase);

            mergeAccount.SetProperty(AzureAccount.Property.Subscriptions, subscriptions.ToArray());

            return(mergeAccount);
        }
        public IAccessToken Authenticate(
            IAzureAccount account,
            IAzureEnvironment environment,
            string tenant,
            SecureString password,
            string promptBehavior,
            Action <string> promptAction,
            IAzureTokenCache tokenCache,
            string resourceId = AzureEnvironment.Endpoint.ActiveDirectoryServiceEndpointResourceId)
        {
            IAccessToken token;
            var          cache = tokenCache as TokenCache;

            if (cache == null)
            {
                cache = TokenCache.DefaultShared;
            }

            var configuration = GetAdalConfiguration(environment, tenant, resourceId, cache);

            TracingAdapter.Information(
                Resources.AdalAuthConfigurationTrace,
                configuration.AdDomain,
                configuration.AdEndpoint,
                configuration.ClientId,
                configuration.ClientRedirectUri,
                configuration.ResourceClientUri,
                configuration.ValidateAuthority);
            if (account != null && account.Type == AzureAccount.AccountType.ManagedService)
            {
                token = GetManagedServiceToken(account, environment, tenant, resourceId);
            }
            else if (account != null && environment != null &&
                     account.Type == AzureAccount.AccountType.AccessToken)
            {
                var rawToken = new RawAccessToken
                {
                    TenantId  = tenant,
                    UserId    = account.Id,
                    LoginType = AzureAccount.AccountType.AccessToken
                };

                if ((string.Equals(resourceId, environment.AzureKeyVaultServiceEndpointResourceId, StringComparison.OrdinalIgnoreCase) ||
                     string.Equals(AzureEnvironment.Endpoint.AzureKeyVaultServiceEndpointResourceId, resourceId, StringComparison.OrdinalIgnoreCase)) &&
                    account.IsPropertySet(AzureAccount.Property.KeyVaultAccessToken))
                {
                    rawToken.AccessToken = account.GetProperty(AzureAccount.Property.KeyVaultAccessToken);
                }
                else if ((string.Equals(resourceId, environment.GraphEndpointResourceId, StringComparison.OrdinalIgnoreCase) ||
                          string.Equals(AzureEnvironment.Endpoint.GraphEndpointResourceId, resourceId, StringComparison.OrdinalIgnoreCase)) &&
                         account.IsPropertySet(AzureAccount.Property.GraphAccessToken))
                {
                    rawToken.AccessToken = account.GetProperty(AzureAccount.Property.GraphAccessToken);
                }
                else if ((string.Equals(resourceId, environment.ActiveDirectoryServiceEndpointResourceId, StringComparison.OrdinalIgnoreCase) ||
                          string.Equals(AzureEnvironment.Endpoint.ActiveDirectoryServiceEndpointResourceId, resourceId, StringComparison.OrdinalIgnoreCase)) &&
                         account.IsPropertySet(AzureAccount.Property.AccessToken))
                {
                    rawToken.AccessToken = account.GetAccessToken();
                }
                else
                {
                    throw new InvalidOperationException(string.Format(Resources.AccessTokenResourceNotFound, resourceId));
                }

                token = rawToken;
            }
            else if (account.IsPropertySet(AzureAccount.Property.CertificateThumbprint))
            {
                var thumbprint = account.GetProperty(AzureAccount.Property.CertificateThumbprint);
#if !NETSTANDARD
                token = TokenProvider.GetAccessTokenWithCertificate(configuration, account.Id, thumbprint, account.Type);
#else
                throw new NotSupportedException("Certificate based authentication is not supported in netcore version.");
#endif
            }
            else
            {
                token = TokenProvider.GetAccessToken(configuration, promptBehavior, promptAction, account.Id, password, account.Type);
            }

            account.Id = token.UserId;
            return(token);
        }
 /// <summary>
 /// Get the certificate thumbprint for the account
 /// </summary>
 /// <param name="account">The account to check</param>
 /// <returns>The certificate thumbprint, or null if no certificate is set</returns>
 public static string GetThumbprint(this IAzureAccount account)
 {
     return(account.GetProperty(AzureAccount.Property.CertificateThumbprint));
 }
 /// <summary>
 /// Get the Access Token property for the account, if it exists
 /// </summary>
 /// <param name="account">The account</param>
 /// <returns>The access token for the account, or null if there is none</returns>
 public static string GetAccessToken(this IAzureAccount account)
 {
     return(account.GetProperty(AzureAccount.Property.AccessToken));
 }
Esempio n. 11
0
        private AuthenticationParameters GetAuthenticationParameters(
            PowerShellTokenCacheProvider tokenCacheProvider,
            IAzureAccount account,
            IAzureEnvironment environment,
            string tenant,
            SecureString password,
            string promptBehavior,
            Action <string> promptAction,
            IAzureTokenCache tokenCache,
            string resourceId = AzureEnvironment.Endpoint.ActiveDirectoryServiceEndpointResourceId)
        {
            switch (account.Type)
            {
            case AzureAccount.AccountType.User:
                if (password == null)
                {
                    var homeAccountId = account.GetProperty(AzureAccount.Property.HomeAccountId) ?? "";

                    if (!string.IsNullOrEmpty(account.Id))
                    {
                        return(new SilentParameters(tokenCacheProvider, environment, tokenCache, tenant, resourceId, account.Id, homeAccountId));
                    }

                    if (account.IsPropertySet("UseDeviceAuth"))
                    {
                        return(new DeviceCodeParameters(tokenCacheProvider, environment, tokenCache, tenant, resourceId, account.Id, homeAccountId));
                    }
                    else if (account.IsPropertySet(AzureAccount.Property.UsePasswordAuth))
                    {
                        return(new UsernamePasswordParameters(tokenCacheProvider, environment, tokenCache, tenant, resourceId, account.Id, password, homeAccountId));
                    }
                    return(new InteractiveParameters(tokenCacheProvider, environment, tokenCache, tenant, resourceId, account.GetProperty("LoginHint"), homeAccountId, promptAction));
                }

                return(new UsernamePasswordParameters(tokenCacheProvider, environment, tokenCache, tenant, resourceId, account.Id, password, null));

            case AzureAccount.AccountType.Certificate:
            case AzureAccount.AccountType.ServicePrincipal:
                bool?sendCertificateChain    = null;
                var  sendCertificateChainStr = account.GetProperty(AzureAccount.Property.SendCertificateChain);
                if (!string.IsNullOrWhiteSpace(sendCertificateChainStr))
                {
                    sendCertificateChain = Boolean.Parse(sendCertificateChainStr);
                }
                password = password ?? ConvertToSecureString(account.GetProperty(AzureAccount.Property.ServicePrincipalSecret));
                var certificatePassword = ConvertToSecureString(account.GetProperty(AzureAccount.Property.CertificatePassword));
                return(new ServicePrincipalParameters(tokenCacheProvider, environment, tokenCache, tenant, resourceId, account.Id, account.GetProperty(AzureAccount.Property.CertificateThumbprint), account.GetProperty(AzureAccount.Property.CertificatePath),
                                                      certificatePassword, password, sendCertificateChain));

            case AzureAccount.AccountType.ManagedService:
                return(new ManagedServiceIdentityParameters(tokenCacheProvider, environment, tokenCache, tenant, resourceId, account));

            case AzureAccount.AccountType.AccessToken:
                return(new AccessTokenParameters(tokenCacheProvider, environment, tokenCache, tenant, resourceId, account));

            case "ClientAssertion":
                password = password ?? ConvertToSecureString(account.GetProperty("ClientAssertion"));
                return(new ClientAssertionParameters(tokenCacheProvider, environment, tokenCache, tenant, resourceId, account.Id, password));

            default:
                return(null);
            }
        }