private async Task <SubscriptionInfo[]> GetSubscriptions(TokenCacheInfo cacheInfo) { using (var client = new HttpClient()) { client.DefaultRequestHeaders.Add("Authorization", cacheInfo.CreateAuthorizationHeader()); client.DefaultRequestHeaders.Add("User-Agent", Constants.UserAgent.Value); var azureEnvironment = this.AzureEnvironments; var url = string.Format("{0}/subscriptions?api-version={1}", Constants.CSMUrls[(int)azureEnvironment], Constants.CSMApiVersion); using (var response = await client.GetAsync(url)) { if (response.IsSuccessStatusCode) { var result = await response.Content.ReadAsAsync <ResultOf <SubscriptionInfo> >(); return(result.value); } var content = await response.Content.ReadAsStringAsync(); if (content.StartsWith("{")) { var error = (JObject)JObject.Parse(content)["error"]; if (error != null) { throw new InvalidOperationException(String.Format("GetSubscriptions {0}, {1}", response.StatusCode, error.Value <string>("message"))); } } throw new InvalidOperationException(String.Format("GetSubscriptions {0}, {1}", response.StatusCode, await response.Content.ReadAsStringAsync())); } } }
public void SaveRecentToken(TokenCacheInfo cacheInfo, string resource) { var file = ProtectedFile.GetCacheFile(resource == Constants.CSMResource ? _recentARMFileName : _recentAADFileName); var json = JObject.FromObject(cacheInfo); ProtectedFile.WriteAllText(ProtectedFile.GetCacheFile(file), json.ToString()); }
static async Task <JObject> GetAppObject(PersistentAuthHelper persistentAuthHelper, string tenant, string app) { Guid unused; var isGuid = Guid.TryParse(app, out unused); var path = isGuid ? String.Format("/{0}/applications?$filter=appId eq '{1}'&api-version=1.6", tenant, app) : String.Format("/{0}/applications?$filter=displayName eq '{1}'&api-version=1.6", tenant, app); var uri = EnsureAbsoluteUri(path, persistentAuthHelper); var subscriptionId = GetTenantOrSubscription(uri); var resource = GetResource(uri); TokenCacheInfo cacheInfo = persistentAuthHelper.GetToken(subscriptionId, resource).Result; var json = await Utils.HttpGet(uri, cacheInfo); var apps = json.Value <JArray>("value"); if (apps.Count != 1) { throw new Exception("Invalid application!"); } return((JObject)apps[0]); }
public void SaveRecentToken(TokenCacheInfo cacheInfo, string resource) { var file = ProtectedFile.GetCacheFile(GetRecentTokenFileName(resource)); var json = JObject.FromObject(cacheInfo); ProtectedFile.WriteAllText(ProtectedFile.GetCacheFile(file), json.ToString()); }
protected Task <TokenCacheInfo> GetAuthorizationResult(CustomTokenCache tokenCache, string tenantId, string user = null, string resource = null) { var tcs = new TaskCompletionSource <TokenCacheInfo>(); resource = resource ?? Constants.CSMResources[(int)AzureEnvironments]; TokenCacheInfo found; if (tokenCache.TryGetValue(tenantId, resource, out found)) { tcs.SetResult(found); return(tcs.Task); } var thread = new Thread(() => { try { var azureEnvironment = this.AzureEnvironments; var authority = String.Format("{0}/{1}", Constants.AADLoginUrls[(int)azureEnvironment], tenantId); var context = new AuthenticationContext( authority: authority, validateAuthority: true, tokenCache: tokenCache); AuthenticationResult result = null; if (!string.IsNullOrEmpty(user)) { result = context.AcquireToken( resource: resource, clientId: Constants.AADClientId, redirectUri: new Uri(Constants.AADRedirectUri), promptBehavior: PromptBehavior.Never, userId: new UserIdentifier(user, UserIdentifierType.OptionalDisplayableId)); } else { result = context.AcquireToken( resource: resource, clientId: Constants.AADClientId, redirectUri: new Uri(Constants.AADRedirectUri), promptBehavior: PromptBehavior.Always); } var cacheInfo = new TokenCacheInfo(resource, result); tokenCache.Add(cacheInfo); tcs.TrySetResult(cacheInfo); } catch (Exception ex) { tcs.TrySetException(ex); } }); thread.SetApartmentState(ApartmentState.STA); thread.Name = "AcquireTokenThread"; thread.Start(); return(tcs.Task); }
private async Task <string> GetAuthorizationHeader() { var match = Regex.Match(_url, ".*\\/subscriptions\\/(.*?)\\/", RegexOptions.IgnoreCase); var subscriptionId = match.Success ? match.Groups[1].ToString() : null; if (this._tokenCacheInfo == null || this._tokenCacheInfo.ExpiresOn <= DateTimeOffset.UtcNow) { switch (this._loginType) { case LoginType.Interactive: await this._authHelper.AcquireTokens().ConfigureAwait(false); break; case LoginType.Spn: await this._authHelper.GetTokenBySpn(this._tenantId, this._appId, this._appKey).ConfigureAwait(false); break; case LoginType.Upn: await this._authHelper.GetTokenByUpn(this._userName, this._password).ConfigureAwait(false); break; } this._tokenCacheInfo = await this._authHelper.GetToken(subscriptionId).ConfigureAwait(false); } return(this._tokenCacheInfo.CreateAuthorizationHeader()); }
static async Task <int> HttpInvoke(Uri uri, TokenCacheInfo cacheInfo, string verb, bool verbose, HttpContent content, Dictionary <string, List <string> > headers, bool http2) { var winhttp = http2 ? new WinHttpHandler() : null; if (Utils.GetSkipSslVerify() && winhttp != null) { winhttp.ServerCertificateValidationCallback = delegate { return(true); }; } var handler = new HttpLoggingHandler((HttpMessageHandler)winhttp ?? new HttpClientHandler(), verbose); return(await Utils.HttpInvoke(uri, cacheInfo, verb, handler, content, headers)); }
private async Task <TenantDetails> GetTenantDetail(TokenCacheInfo cacheInfo, string tenantId) { if (Constants.InfrastructureTenantIds.Contains(tenantId)) { return(new TenantDetails { objectId = tenantId, displayName = "Infrastructure", verifiedDomains = new[] { new VerifiedDomain { name = "live.com", @default = true } } }); } using (var client = new HttpClient()) { client.DefaultRequestHeaders.Add("Authorization", cacheInfo.CreateAuthorizationHeader()); client.DefaultRequestHeaders.Add("User-Agent", Constants.UserAgent.Value); var azureEnvironment = this.AzureEnvironments; var url = string.Format("{0}/{1}/tenantDetails?api-version={2}", Constants.AADGraphUrls[(int)azureEnvironment], tenantId, Constants.AADGraphApiVersion); using (var response = await client.GetAsync(url)) { if (response.IsSuccessStatusCode) { var result = await response.Content.ReadAsAsync <ResultOf <TenantDetails> >(); return(result.value[0]); } var content = await response.Content.ReadAsStringAsync(); if (content.StartsWith("{")) { var error = (JObject)JObject.Parse(content)["odata.error"]; if (error != null) { throw new InvalidOperationException(String.Format("GetTenantDetail {0}, {1}", response.StatusCode, error["message"].Value <string>("value"))); } } throw new InvalidOperationException(String.Format("GetTenantDetail {0}, {1}", response.StatusCode, await response.Content.ReadAsStringAsync())); } } }
protected async Task <TokenCacheInfo> GetRecentToken(string resource) { TokenCacheInfo cacheInfo = this.TokenStorage.GetRecentToken(resource); if (cacheInfo != null && cacheInfo.ExpiresOn <= DateTimeOffset.UtcNow) { var tokenCache = this.TokenStorage.GetCache(); cacheInfo = await RefreshToken(tokenCache, cacheInfo); this.TokenStorage.SaveCache(tokenCache); this.TokenStorage.SaveRecentToken(cacheInfo, resource); } return(cacheInfo); }
public static async Task <JObject> HttpGet(Uri uri, TokenCacheInfo cacheInfo) { using (var client = new HttpClient()) { client.DefaultRequestHeaders.Add("Authorization", cacheInfo.CreateAuthorizationHeader()); client.DefaultRequestHeaders.Add("User-Agent", Constants.UserAgent.Value); client.DefaultRequestHeaders.Add("Accept", Constants.JsonContentType); if (Utils.IsRdfe(uri)) { client.DefaultRequestHeaders.Add("x-ms-version", "2013-10-01"); } if (Utils.IsCSM(uri)) { var stamp = GetDefaultStamp(); if (!String.IsNullOrEmpty(stamp)) { client.DefaultRequestHeaders.Add("x-geoproxy-stamp", stamp); } var stampCert = GetDefaultStampCert(); if (!String.IsNullOrEmpty(stampCert)) { client.DefaultRequestHeaders.Add("x-geoproxy-stampcert", stampCert); } } var requestId = Guid.NewGuid().ToString(); client.DefaultRequestHeaders.Add("x-ms-request-id", requestId); client.DefaultRequestHeaders.Add("x-ms-client-request-id", requestId); client.DefaultRequestHeaders.Add("x-ms-correlation-request-id", requestId); using (var response = await client.GetAsync(uri)) { var content = await response.Content.ReadAsStringAsync(); if (!response.IsSuccessStatusCode) { Trace.WriteLine("Status: " + response.StatusCode); Trace.WriteLine("Content: " + content); } response.EnsureSuccessStatusCode(); return(JObject.Parse(content)); } } }
static async Task <int> HttpInvoke(Uri uri, TokenCacheInfo cacheInfo, string verb, bool verbose, HttpContent content) { using (var client = new HttpClient(new HttpLoggingHandler(new HttpClientHandler(), verbose))) { client.DefaultRequestHeaders.Add("Authorization", cacheInfo.CreateAuthorizationHeader()); client.DefaultRequestHeaders.Add("User-Agent", Constants.UserAgent.Value); client.DefaultRequestHeaders.Add("Accept", Constants.JsonContentType); if (IsRdfe(uri)) { client.DefaultRequestHeaders.Add("x-ms-version", "2013-10-01"); } client.DefaultRequestHeaders.Add("x-ms-request-id", Guid.NewGuid().ToString()); HttpResponseMessage response = null; if (String.Equals(verb, "get", StringComparison.OrdinalIgnoreCase)) { response = await client.GetAsync(uri); } else if (String.Equals(verb, "delete", StringComparison.OrdinalIgnoreCase)) { response = await client.DeleteAsync(uri); } else if (String.Equals(verb, "post", StringComparison.OrdinalIgnoreCase)) { response = await client.PostAsync(uri, content); } else if (String.Equals(verb, "put", StringComparison.OrdinalIgnoreCase)) { response = await client.PutAsync(uri, content); } else { throw new InvalidOperationException(String.Format("Invalid http verb {0}!", verb)); } using (response) { if (response.IsSuccessStatusCode) { return(0); } return((-1) * (int)response.StatusCode); } } }
private ARMLib(ARMLib oldClient, string url, string query) { this._loginType = oldClient._loginType; this._apiVersion = oldClient._apiVersion; this._appId = oldClient._appId; this._appKey = oldClient._appKey; this._authHelper = oldClient._authHelper; this._tokenCacheInfo = oldClient._tokenCacheInfo; this._azureEnvironment = oldClient._azureEnvironment; this._loginType = oldClient._loginType; this._password = oldClient._password; this._tenantId = oldClient._tenantId; this._userName = oldClient._userName; this._query = query; this._url = url; }
static async Task<int> HttpInvoke(Uri uri, TokenCacheInfo cacheInfo, string verb, bool verbose, HttpContent content, Dictionary<string, List<string>> headers) { var primaryHandler = new WebRequestHandler(); if (Utils.IsCustom(uri)) { var certSubjectName = Environment.GetEnvironmentVariable("ARMCLIENT_CERT"); if (string.IsNullOrWhiteSpace(certSubjectName)) { throw new Exception("ARMCLIENT_CERT environment variable is required when invoking a custom url."); } primaryHandler.ClientCertificates.Add(FindCertificate(certSubjectName)); } var logginerHandler = new HttpLoggingHandler(primaryHandler, verbose); return await Utils.HttpInvoke(uri, cacheInfo, verb, logginerHandler, content, headers); }
public async Task SelectTenantAsync(string id) { TokenCacheInfo token = null; try { token = await _authHelper.GetToken(id); } catch { } if (token == null || token.ExpiresOn < DateTimeOffset.Now) { await _authHelper.AcquireTokens(); } await _authHelper.GetToken(id); }
public async Task InitializeToken(string subscriptionId = null) { if (string.IsNullOrEmpty(subscriptionId)) { var match = Regex.Match(_url, ".*\\/subscriptions\\/(.*?)\\/", RegexOptions.IgnoreCase); subscriptionId = match.Success ? match.Groups[1].ToString() : string.Empty; } if (!this._authHelper.IsCacheValid()) { await this._authHelper.AcquireTokens().ConfigureAwait(false); } TokenCacheInfo cacheInfo = await this._authHelper.GetToken(subscriptionId, Constants.CSMResource).ConfigureAwait(false); this._authorizationHeader = cacheInfo.CreateAuthorizationHeader(); }
/// <summary> /// A method that queries ARM to obtain a user bearer token to use with the Consumption client. /// </summary> /// <returns>The token credentials for the user</returns> static TokenCredentials GetTokenCredentialsWithARMClient() { //Login with ARM using ARMClient.Authorization dll var persistentAuthHelper = new PersistentAuthHelper(); persistentAuthHelper.AzureEnvironments = AzureEnvironments.Prod; TokenCacheInfo cacheInfo = null; persistentAuthHelper.AzureEnvironments = Utils.GetDefaultEnv(); //Acquire tokens persistentAuthHelper.AcquireTokens().Wait(); cacheInfo = persistentAuthHelper.GetToken(ConfigurationManager.AppSettings["SubscriptionId"], null).Result; TokenCredentials creds = new TokenCredentials(cacheInfo.AccessToken, "Bearer"); return(creds); }
protected async Task <TokenCacheInfo> GetAuthorizationResultBySpn(CustomTokenCache tokenCache, string tenantId, string appId, X509Certificate2 certificate, string resource) { TokenCacheInfo found; if (tokenCache.TryGetValue(tenantId, resource, out found)) { return(found); } var helper = new JwtHelper(); var tokenEndpoint = string.Format("{0}/{1}/oauth2/token", Constants.AADLoginUrls[(int)this.AzureEnvironments], tenantId); var token = await helper.AcquireTokenByX509(tenantId, appId, certificate, resource, tokenEndpoint); var cacheInfo = new TokenCacheInfo(tenantId, appId, "_certificate_", resource, token); tokenCache.Add(cacheInfo); return(cacheInfo); }
protected async Task <TokenCacheInfo> GetAuthorizationResultByRefreshToken(CustomTokenCache tokenCache, TokenCacheInfo cacheInfo) { var authority = String.Format("{0}/{1}", ARMConfiguration.AADLoginUrl, cacheInfo.TenantId); var context = new AuthenticationContext( authority: authority, validateAuthority: true, tokenCache: tokenCache); AuthenticationResult result = await context.AcquireTokenByRefreshTokenAsync( refreshToken : cacheInfo.RefreshToken, clientId : !string.IsNullOrEmpty(cacheInfo.ClientId)?cacheInfo.ClientId : Constants.AADClientId, resource : cacheInfo.Resource); var ret = new TokenCacheInfo(cacheInfo.Resource, result); ret.TenantId = cacheInfo.TenantId; ret.DisplayableId = cacheInfo.DisplayableId; ret.ClientId = cacheInfo.ClientId; tokenCache.Add(ret); return(ret); }
private async Task <string[]> GetTenantIds(TokenCacheInfo cacheInfo) { using (var client = new HttpClient()) { client.DefaultRequestHeaders.Add("Authorization", cacheInfo.CreateAuthorizationHeader()); client.DefaultRequestHeaders.Add("User-Agent", Constants.UserAgent.Value); var url = string.Format("{0}/tenants?api-version={1}", ARMConfiguration.ARMUrl, Constants.CSMApiVersion); using (var response = await client.GetAsync(url)) { if (response.IsSuccessStatusCode) { var result = await response.Content.ReadAsAsync <ResultOf <TenantInfo> >(); return(result.value.Select(tenant => tenant.tenantId).ToArray()); } throw new InvalidOperationException(await response.Content.ReadAsStringAsync()); } } }
protected async Task <TokenCacheInfo> GetAuthorizationResultByRefreshToken(CustomTokenCache tokenCache, TokenCacheInfo cacheInfo) { var azureEnvironment = this.AzureEnvironments; var authority = String.Format("{0}/{1}", Constants.AADLoginUrls[(int)azureEnvironment], cacheInfo.TenantId); var context = new AuthenticationContext( authority: authority, validateAuthority: true, tokenCache: tokenCache); AuthenticationResult result = await context.AcquireTokenByRefreshTokenAsync( refreshToken : cacheInfo.RefreshToken, clientId : Constants.AADClientId, resource : cacheInfo.Resource); var ret = new TokenCacheInfo(cacheInfo.Resource, result); ret.TenantId = cacheInfo.TenantId; ret.DisplayableId = cacheInfo.DisplayableId; tokenCache.Add(ret); return(ret); }
protected TokenCacheInfo GetAuthorizationResultByUpn(CustomTokenCache tokenCache, string tenantId, string username, string password, string resource) { TokenCacheInfo found; if (tokenCache.TryGetValue(tenantId, resource, out found)) { return(found); } var authority = String.Format("{0}/{1}", ARMConfiguration.AADLoginUrl, tenantId); var context = new AuthenticationContext( authority: authority, validateAuthority: true, tokenCache: tokenCache); var credential = new UserCredential(username, password); var result = context.AcquireToken(resource, Constants.AADClientId, credential); var cacheInfo = new TokenCacheInfo(resource, result); tokenCache.Add(cacheInfo); return(cacheInfo); }
protected TokenCacheInfo GetAuthorizationResultBySpn(CustomTokenCache tokenCache, string tenantId, string appId, string appKey, string resource) { TokenCacheInfo found; if (tokenCache.TryGetValue(tenantId, resource, out found)) { return(found); } var azureEnvironment = this.AzureEnvironments; var authority = String.Format("{0}/{1}", Constants.AADLoginUrls[(int)azureEnvironment], tenantId); var context = new AuthenticationContext( authority: authority, validateAuthority: true, tokenCache: tokenCache); var credential = new ClientCredential(appId, appKey); var result = context.AcquireToken(resource, credential); var cacheInfo = new TokenCacheInfo(tenantId, appId, appKey, resource, result); tokenCache.Add(cacheInfo); return(cacheInfo); }
public static async Task <int> HttpInvoke(Uri uri, TokenCacheInfo cacheInfo, string verb, DelegatingHandler handler, HttpContent content, Dictionary <string, List <string> > headers = null) { using (var client = new HttpClient(handler)) { client.DefaultRequestHeaders.Add("User-Agent", Constants.UserAgent.Value, headers); client.DefaultRequestHeaders.Add("Accept", Constants.JsonContentType, headers); if (Utils.IsCustom(uri)) { if (Constants.CSMResources.Contains(cacheInfo.Resource)) { var jwt = JsonConvert.DeserializeObject <JsonWebToken>(DecodeAccessToken(cacheInfo.AccessToken)); if (string.IsNullOrWhiteSpace(cacheInfo.DisplayableId)) { client.DefaultRequestHeaders.Add("x-ms-principal-name", cacheInfo.DisplayableId); } client.DefaultRequestHeaders.Add("x-ms-client-tenant-id", cacheInfo.TenantId); client.DefaultRequestHeaders.Add("x-ms-client-object-id", cacheInfo.ObjectId); if (jwt.UniqueName != null) { client.DefaultRequestHeaders.Add("x-ms-client-principal-name", jwt.UniqueName); } var principalId = GetPrincipalId(jwt); if (principalId != null) { client.DefaultRequestHeaders.Add("x-ms-client-principal-id", principalId); } if (headers != null && headers.ContainsKey("usertoken")) { client.DefaultRequestHeaders.Add("x-ms-arm-signed-user-token", headers["usertoken"]); headers.Remove("usertoken"); } else { client.DefaultRequestHeaders.Add("x-ms-arm-signed-user-token", cacheInfo.AccessToken); } client.DefaultRequestHeaders.Add("Referer", uri.OriginalString); } else { client.DefaultRequestHeaders.Add("Authorization", "Bearer " + cacheInfo.AccessToken); } } else { client.DefaultRequestHeaders.Add("Authorization", cacheInfo.CreateAuthorizationHeader(), headers); } if (Utils.IsRdfe(uri)) { client.DefaultRequestHeaders.Add("x-ms-version", "2013-10-01", headers); } if (Utils.IsCSM(uri)) { var stamp = GetDefaultStamp(); if (!String.IsNullOrEmpty(stamp)) { client.DefaultRequestHeaders.Add("x-geoproxy-stamp", stamp, headers); } var stampCert = GetDefaultStampCert(); if (!String.IsNullOrEmpty(stampCert)) { client.DefaultRequestHeaders.Add("x-geoproxy-stampcert", stampCert, headers); } } var requestId = Guid.NewGuid().ToString(); client.DefaultRequestHeaders.Add("x-ms-request-id", requestId); client.DefaultRequestHeaders.Add("x-ms-client-request-id", requestId); client.DefaultRequestHeaders.Add("x-ms-correlation-request-id", requestId); client.DefaultRequestHeaders.AddRemainingHeaders(headers); HttpResponseMessage response = null; if (String.Equals(verb, "get", StringComparison.OrdinalIgnoreCase)) { response = await client.GetAsync(uri); } else if (String.Equals(verb, "delete", StringComparison.OrdinalIgnoreCase)) { response = await client.DeleteAsync(uri); } else if (String.Equals(verb, "post", StringComparison.OrdinalIgnoreCase)) { response = await client.PostAsync(uri, content); } else if (String.Equals(verb, "put", StringComparison.OrdinalIgnoreCase)) { response = await client.PutAsync(uri, content); } else if (String.Equals(verb, "patch", StringComparison.OrdinalIgnoreCase)) { using (var message = new HttpRequestMessage(new HttpMethod("PATCH"), uri)) { message.Content = content; response = await client.SendAsync(message).ConfigureAwait(false); } } else { throw new InvalidOperationException(String.Format("Invalid http verb {0}!", verb)); } using (response) { if (response.IsSuccessStatusCode) { return(0); } return((-1) * (int)response.StatusCode); } } }
static async Task <int> HttpInvoke(Uri uri, TokenCacheInfo cacheInfo, string verb, bool verbose, HttpContent content, Dictionary <string, List <string> > headers) { var logginerHandler = new HttpLoggingHandler(new HttpClientHandler(), verbose); return(await Utils.HttpInvoke(uri, cacheInfo, verb, logginerHandler, content, headers)); }
public static async Task <int> HttpInvoke(Uri uri, TokenCacheInfo cacheInfo, string verb, DelegatingHandler handler, HttpContent content, Dictionary <string, List <string> > headers = null) { using (var client = new HttpClient(handler)) { client.DefaultRequestHeaders.Add("Authorization", cacheInfo.CreateAuthorizationHeader(), headers); client.DefaultRequestHeaders.Add("User-Agent", Constants.UserAgent.Value, headers); client.DefaultRequestHeaders.Add("Accept", Constants.JsonContentType, headers); if (Utils.IsRdfe(uri)) { client.DefaultRequestHeaders.Add("x-ms-version", "2013-10-01", headers); } if (Utils.IsCSM(uri)) { var stamp = GetDefaultStamp(); if (!String.IsNullOrEmpty(stamp)) { client.DefaultRequestHeaders.Add("x-geoproxy-stamp", stamp, headers); } var stampCert = GetDefaultStampCert(); if (!String.IsNullOrEmpty(stampCert)) { client.DefaultRequestHeaders.Add("x-geoproxy-stampcert", stampCert, headers); } } var requestId = Guid.NewGuid().ToString(); client.DefaultRequestHeaders.Add("x-ms-request-id", requestId); client.DefaultRequestHeaders.Add("x-ms-client-request-id", requestId); client.DefaultRequestHeaders.Add("x-ms-correlation-request-id", requestId); client.DefaultRequestHeaders.AddRemainingHeaders(headers); HttpResponseMessage response = null; if (String.Equals(verb, "get", StringComparison.OrdinalIgnoreCase)) { response = await client.GetAsync(uri); } else if (String.Equals(verb, "delete", StringComparison.OrdinalIgnoreCase)) { response = await client.DeleteAsync(uri); } else if (String.Equals(verb, "post", StringComparison.OrdinalIgnoreCase)) { response = await client.PostAsync(uri, content); } else if (String.Equals(verb, "put", StringComparison.OrdinalIgnoreCase)) { response = await client.PutAsync(uri, content); } else if (String.Equals(verb, "patch", StringComparison.OrdinalIgnoreCase)) { using (var message = new HttpRequestMessage(new HttpMethod("PATCH"), uri)) { message.Content = content; response = await client.SendAsync(message).ConfigureAwait(false); } } else { throw new InvalidOperationException(String.Format("Invalid http verb {0}!", verb)); } using (response) { if (response.IsSuccessStatusCode) { return(0); } return((-1) * (int)response.StatusCode); } } }
protected async Task <TokenCacheInfo> RefreshToken(CustomTokenCache tokenCache, TokenCacheInfo cacheInfo) { if (!String.IsNullOrEmpty(cacheInfo.RefreshToken)) { return(await GetAuthorizationResultByRefreshToken(tokenCache, cacheInfo)); } else if (!String.IsNullOrEmpty(cacheInfo.AppId) && cacheInfo.AppKey == "_certificate_") { throw new InvalidOperationException("Unable to refresh expired token! Try login with certificate again."); } else if (!String.IsNullOrEmpty(cacheInfo.AppId) && !String.IsNullOrEmpty(cacheInfo.AppKey)) { return(GetAuthorizationResultBySpn(tokenCache, cacheInfo.TenantId, cacheInfo.AppId, cacheInfo.AppKey, cacheInfo.Resource)); } throw new NotImplementedException(); }
static int Main(string[] args) { //Utils.SetTraceListener(new ConsoleTraceListener()); try { var persistentAuthHelper = new PersistentAuthHelper(); persistentAuthHelper.AzureEnvironments = AzureEnvironments.Prod; if (args.Length > 0) { var _parameters = new CommandLineParameters(args); var verb = _parameters.Get(0, "verb"); if (String.Equals(verb, "login", StringComparison.OrdinalIgnoreCase)) { _parameters.ThrowIfUnknown(); persistentAuthHelper.AcquireTokens().Wait(); return(0); } else if (String.Equals(verb, "spn", StringComparison.OrdinalIgnoreCase)) { var tenantId = _parameters.Get(1, keyName: "tenant"); var appId = _parameters.Get(2, keyName: "appId"); EnsureGuidFormat(appId); X509Certificate2 certificate = null; var appKey = _parameters.Get(3, keyName: "appKey", requires: false); if (appKey == null) { appKey = PromptForPassword("appKey"); } else { if (File.Exists(appKey)) { var password = _parameters.Get(4, keyName: "password", requires: false); if (password == null) { password = PromptForPassword("password"); } certificate = new X509Certificate2(appKey, password); } } if (certificate == null) { appKey = Utils.EnsureBase64Key(appKey); } _parameters.ThrowIfUnknown(); persistentAuthHelper.AzureEnvironments = Utils.GetDefaultEnv(); var info = certificate != null? AADHelper.AcquireTokenByX509(tenantId, appId, certificate).Result: AADHelper.AcquireTokenBySPN(tenantId, appId, appKey).Result; //Clipboard.SetText(info.access_token); DumpClaims(info.access_token); Console.WriteLine(); Console.WriteLine("Token copied to clipboard successfully."); return(0); } else if (String.Equals(verb, "get-tenant", StringComparison.OrdinalIgnoreCase)) { var tenant = _parameters.Get(1, keyName: "tenant"); var headers = _parameters.GetValue <Dictionary <string, List <string> > >("-h", requires: false); _parameters.ThrowIfUnknown(); var path = String.Format("/{0}/tenantDetails?api-version=1.6", tenant); var uri = EnsureAbsoluteUri(path, persistentAuthHelper); var subscriptionId = GetTenantOrSubscription(uri); var resource = GetResource(uri); TokenCacheInfo cacheInfo = persistentAuthHelper.GetToken(subscriptionId, resource).Result; return(HttpInvoke(uri, cacheInfo, "get", Utils.GetDefaultVerbose(), null, headers).Result); } else if (String.Equals(verb, "get-tenant", StringComparison.OrdinalIgnoreCase)) { var tenant = _parameters.Get(1, keyName: "tenant"); var headers = _parameters.GetValue <Dictionary <string, List <string> > >("-h", requires: false); _parameters.ThrowIfUnknown(); var path = String.Format("/{0}/tenantDetails/{0}?api-version=1.6", tenant); var uri = EnsureAbsoluteUri(path, persistentAuthHelper); var subscriptionId = GetTenantOrSubscription(uri); var resource = GetResource(uri); TokenCacheInfo cacheInfo = persistentAuthHelper.GetToken(subscriptionId, resource).Result; return(HttpInvoke(uri, cacheInfo, "get", Utils.GetDefaultVerbose(), null, headers).Result); } else if (String.Equals(verb, "get-apps", StringComparison.OrdinalIgnoreCase)) { var tenant = _parameters.Get(1, keyName: "tenant"); var headers = _parameters.GetValue <Dictionary <string, List <string> > >("-h", requires: false); _parameters.ThrowIfUnknown(); var path = String.Format("/{0}/applications?api-version=1.6", tenant); var uri = EnsureAbsoluteUri(path, persistentAuthHelper); var subscriptionId = GetTenantOrSubscription(uri); var resource = GetResource(uri); TokenCacheInfo cacheInfo = persistentAuthHelper.GetToken(subscriptionId, resource).Result; return(HttpInvoke(uri, cacheInfo, "get", Utils.GetDefaultVerbose(), null, headers).Result); } // https://azure.microsoft.com/en-us/documentation/articles/resource-group-authenticate-service-principal/ // https://github.com/Azure-Samples/active-directory-dotnet-graphapi-console/blob/master/GraphConsoleAppV3/Program.cs else if (String.Equals(verb, "add-app", StringComparison.OrdinalIgnoreCase)) { var tenant = _parameters.Get(1, keyName: "tenant"); var app = _parameters.Get(2, keyName: "app"); var headers = _parameters.GetValue <Dictionary <string, List <string> > >("-h", requires: false); _parameters.ThrowIfUnknown(); Guid unused; var isGuid = Guid.TryParse(app, out unused); var path = isGuid ? String.Format("/{0}/applications?$filter=appId eq '{1}'&api-version=1.6", tenant, app) : String.Format("/{0}/applications?$filter=displayName eq '{1}'&api-version=1.6", tenant, app); var uri = EnsureAbsoluteUri(path, persistentAuthHelper); var subscriptionId = GetTenantOrSubscription(uri); var resource = GetResource(uri); TokenCacheInfo cacheInfo = persistentAuthHelper.GetToken(subscriptionId, resource).Result; return(HttpInvoke(uri, cacheInfo, "get", Utils.GetDefaultVerbose(), null, headers).Result); } else if (String.Equals(verb, "get-app", StringComparison.OrdinalIgnoreCase)) { var tenant = _parameters.Get(1, keyName: "tenant"); var app = _parameters.Get(2, keyName: "app"); var headers = _parameters.GetValue <Dictionary <string, List <string> > >("-h", requires: false); _parameters.ThrowIfUnknown(); Guid unused; var isGuid = Guid.TryParse(app, out unused); var path = isGuid ? String.Format("/{0}/applications?$filter=appId eq '{1}'&api-version=1.6", tenant, app) : String.Format("/{0}/applications?$filter=displayName eq '{1}'&api-version=1.6", tenant, app); var uri = EnsureAbsoluteUri(path, persistentAuthHelper); var resource = GetResource(uri); var subscriptionId = GetTenantOrSubscription(uri); TokenCacheInfo cacheInfo = persistentAuthHelper.GetToken(subscriptionId, resource).Result; return(HttpInvoke(uri, cacheInfo, "get", Utils.GetDefaultVerbose(), null, headers).Result); } // https://msdn.microsoft.com/library/azure/ad/graph/api/entity-and-complex-type-reference#serviceprincipalentity else if (String.Equals(verb, "get-spns", StringComparison.OrdinalIgnoreCase)) { var tenant = _parameters.Get(1, keyName: "tenant"); var app = _parameters.Get(2, keyName: "app"); var headers = _parameters.GetValue <Dictionary <string, List <string> > >("-h", requires: false); _parameters.ThrowIfUnknown(); Guid appGuid = new Guid(app); var path = String.Format("/{0}/applications/{1}/serviceprincipal?api-version=1.6", tenant, appGuid); var uri = EnsureAbsoluteUri(path, persistentAuthHelper); var subscriptionId = GetTenantOrSubscription(uri); var resource = GetResource(uri); TokenCacheInfo cacheInfo = persistentAuthHelper.GetToken(subscriptionId, resource).Result; return(HttpInvoke(uri, cacheInfo, "get", Utils.GetDefaultVerbose(), null, headers).Result); } else if (String.Equals(verb, "add-cred", StringComparison.OrdinalIgnoreCase)) { var tenant = _parameters.Get(1, keyName: "tenant"); var app = _parameters.Get(2, keyName: "app"); X509Certificate2 certificate = null; var appKey = _parameters.Get(3, keyName: "appKey", requires: false); if (appKey == null) { appKey = PromptForPassword("appKey"); } else { if (File.Exists(appKey)) { certificate = new X509Certificate2(appKey); if (certificate.HasPrivateKey) { throw new Exception("Certificate must not contain private key!"); } } } if (certificate == null) { appKey = Utils.EnsureBase64Key(appKey); } var headers = _parameters.GetValue <Dictionary <string, List <string> > >("-h", requires: false); _parameters.ThrowIfUnknown(); var appObject = GetAppObject(persistentAuthHelper, tenant, app).Result; var appObjectId = GetAppObjectId(appObject); HttpContent content; if (certificate != null) { content = GetPatchContent(appObject, certificate); } else { content = GetPatchContent(appObject, appKey); } var path = String.Format("/{0}/directoryObjects/{1}/Microsoft.DirectoryServices.Application?api-version=1.6", tenant, appObjectId); var uri = EnsureAbsoluteUri(path, persistentAuthHelper); var subscriptionId = GetTenantOrSubscription(uri); var resource = GetResource(uri); TokenCacheInfo cacheInfo = persistentAuthHelper.GetToken(subscriptionId, resource).Result; return(HttpInvoke(uri, cacheInfo, "patch", Utils.GetDefaultVerbose(), content, headers).Result); } else if (String.Equals(verb, "del-cred", StringComparison.OrdinalIgnoreCase)) { var tenant = _parameters.Get(1, keyName: "tenant"); var app = _parameters.Get(2, keyName: "app"); var keyId = _parameters.Get(3, keyName: "keyId"); EnsureGuidFormat(keyId); var headers = _parameters.GetValue <Dictionary <string, List <string> > >("-h", requires: false); _parameters.ThrowIfUnknown(); var appObject = GetAppObject(persistentAuthHelper, tenant, app).Result; var appObjectId = GetAppObjectId(appObject); var content = GetRemoveContent(appObject, keyId); var path = String.Format("/{0}/directoryObjects/{1}/Microsoft.DirectoryServices.Application?api-version=1.6", tenant, appObjectId); var uri = EnsureAbsoluteUri(path, persistentAuthHelper); var subscriptionId = GetTenantOrSubscription(uri); var resource = GetResource(uri); TokenCacheInfo cacheInfo = persistentAuthHelper.GetToken(subscriptionId, resource).Result; return(HttpInvoke(uri, cacheInfo, "patch", Utils.GetDefaultVerbose(), content, headers).Result); } else if (String.Equals(verb, "get-users", StringComparison.OrdinalIgnoreCase)) { var tenant = _parameters.Get(1, keyName: "tenant"); var headers = _parameters.GetValue <Dictionary <string, List <string> > >("-h", requires: false); _parameters.ThrowIfUnknown(); var path = String.Format("/{0}/users?api-version=1.6", tenant); var uri = EnsureAbsoluteUri(path, persistentAuthHelper); var subscriptionId = GetTenantOrSubscription(uri); var resource = GetResource(uri); TokenCacheInfo cacheInfo = persistentAuthHelper.GetToken(subscriptionId, resource).Result; return(HttpInvoke(uri, cacheInfo, "get", Utils.GetDefaultVerbose(), null, headers).Result); } else if (String.Equals(verb, "get-user", StringComparison.OrdinalIgnoreCase)) { var tenant = _parameters.Get(1, keyName: "tenant"); var user = _parameters.Get(2, keyName: "user"); var headers = _parameters.GetValue <Dictionary <string, List <string> > >("-h", requires: false); _parameters.ThrowIfUnknown(); var path = String.Format("/{0}/users/{1}?api-version=1.6", tenant, user); if ((user.StartsWith("1") || user.StartsWith("0")) && user.Length == 16) { path = String.Format("/{0}/users?api-version=1.2-internal&$filter=netId eq '{1}' or alternativeSecurityIds/any(x:x/type eq 1 and x/identityProvider eq null and x/key eq X'{1}')", tenant, user); } var uri = EnsureAbsoluteUri(path, persistentAuthHelper); var subscriptionId = GetTenantOrSubscription(uri); var resource = GetResource(uri); TokenCacheInfo cacheInfo = persistentAuthHelper.GetToken(subscriptionId, resource).Result; return(HttpInvoke(uri, cacheInfo, "get", Utils.GetDefaultVerbose(), null, headers).Result); } else if (String.Equals(verb, "get-groups", StringComparison.OrdinalIgnoreCase)) { var tenant = _parameters.Get(1, keyName: "tenant"); var user = _parameters.Get(2, keyName: "user"); var headers = _parameters.GetValue <Dictionary <string, List <string> > >("-h", requires: false); _parameters.ThrowIfUnknown(); var path = String.Format("/{0}/users/{1}/getMemberGroups?api-version=1.6", tenant, user); var uri = EnsureAbsoluteUri(path, persistentAuthHelper); var subscriptionId = GetTenantOrSubscription(uri); var resource = GetResource(uri); TokenCacheInfo cacheInfo = persistentAuthHelper.GetToken(subscriptionId, resource).Result; var content = new StringContent("{\"securityEnabledOnly\": false}", Encoding.UTF8, "application/json"); return(HttpInvoke(uri, cacheInfo, "post", Utils.GetDefaultVerbose(), content, headers).Result); } else { throw new CommandLineException(String.Format("Parameter '{0}' is invalid!", verb)); } } PrintUsage(); return(1); } catch (Exception ex) { DumpException(ex); return(-1); } }
public async Task AzLogin() { this.TokenStorage.ClearCache(); this.TenantStorage.ClearCache(); var tokens = GetAzLoginTokens(); var tokenCache = new CustomTokenCache(); var tenantCache = this.TenantStorage.GetCache(); TokenCacheInfo recentInfo = null; foreach (var token in tokens) { var result = token.ToTokenCacheInfo(); Guid unused; if (!Guid.TryParse(result.TenantId, out unused)) { continue; } tokenCache.Add(result); var tenantId = result.TenantId; var info = new TenantCacheInfo { tenantId = tenantId, displayName = "unknown", domain = tenantId }; Utils.Trace.WriteLine(string.Format("User: {0}, Tenant: {1}", result.DisplayableId, tenantId)); try { var subscriptions = await GetSubscriptions(result); Utils.Trace.WriteLine(string.Format("\tThere are {0} subscriptions", subscriptions.Length)); info.subscriptions = subscriptions.Select(subscription => new SubscriptionCacheInfo { subscriptionId = subscription.subscriptionId, displayName = subscription.displayName }).ToArray(); if (recentInfo == null || info.subscriptions.Length > 0) { recentInfo = result; } foreach (var subscription in subscriptions) { Utils.Trace.WriteLine(string.Format("\tSubscription {0} ({1})", subscription.subscriptionId, subscription.displayName)); } } catch (Exception ex) { Utils.Trace.WriteLine(string.Format("\t{0}!", ex.Message)); } tenantCache[tenantId] = info; if (!String.IsNullOrEmpty(info.domain) && info.domain != "unknown") { tenantCache[info.domain] = info; } Utils.Trace.WriteLine(string.Empty); } if (recentInfo != null) { this.TokenStorage.SaveRecentToken(recentInfo, Constants.CSMResources[(int)AzureEnvironments]); } this.TokenStorage.SaveCache(tokenCache); this.TenantStorage.SaveCache(tenantCache); }
static int Main(string[] args) { Utils.SetTraceListener(new ConsoleTraceListener()); try { var persistentAuthHelper = new PersistentAuthHelper(); if (args.Length > 0) { var _parameters = new CommandLineParameters(args); var verb = _parameters.Get(0, "verb"); if (String.Equals(verb, "login", StringComparison.OrdinalIgnoreCase)) { var env = _parameters.Get(1, requires: false); _parameters.ThrowIfUnknown(); persistentAuthHelper.AzureEnvironments = env == null ? AzureEnvironments.Prod : (AzureEnvironments)Enum.Parse(typeof(AzureEnvironments), args[1], ignoreCase: true); persistentAuthHelper.AcquireTokens().Wait(); return(0); } else if (String.Equals(verb, "listcache", StringComparison.OrdinalIgnoreCase)) { _parameters.ThrowIfUnknown(); EnsureTokenCache(persistentAuthHelper); foreach (var line in persistentAuthHelper.DumpTokenCache()) { Console.WriteLine(line); } return(0); } else if (String.Equals(verb, "clearcache", StringComparison.OrdinalIgnoreCase)) { _parameters.ThrowIfUnknown(); persistentAuthHelper.ClearTokenCache(); return(0); } else if (String.Equals(verb, "token", StringComparison.OrdinalIgnoreCase)) { var tenantId = _parameters.Get(1, requires: false); _parameters.ThrowIfUnknown(); EnsureTokenCache(persistentAuthHelper); if (tenantId != null) { if (tenantId.StartsWith("ey")) { DumpClaims(tenantId); return(0); } EnsureGuidFormat(tenantId); } TokenCacheInfo cacheInfo = persistentAuthHelper.GetToken(tenantId, Constants.CSMResource).Result; var bearer = cacheInfo.CreateAuthorizationHeader(); Clipboard.SetText(bearer); DumpClaims(cacheInfo.AccessToken); Console.WriteLine(); Console.WriteLine("Token copied to clipboard successfully."); return(0); } else if (String.Equals(verb, "spn", StringComparison.OrdinalIgnoreCase)) { var tenantId = _parameters.Get(1, keyName: "tenant"); EnsureGuidFormat(tenantId); var appId = _parameters.Get(2, keyName: "appId"); EnsureGuidFormat(appId); var appKey = _parameters.Get(3, keyName: "appKey", requires: false); if (appKey == null) { appKey = PromptForPassword("appKey"); } _parameters.ThrowIfUnknown(); persistentAuthHelper.AzureEnvironments = AzureEnvironments.Prod; var cacheInfo = persistentAuthHelper.GetTokenBySpn(tenantId, appId, appKey).Result; return(0); } else if (String.Equals(verb, "upn", StringComparison.OrdinalIgnoreCase)) { var username = _parameters.Get(1, keyName: "username"); var password = _parameters.Get(2, keyName: "password", requires: false); if (password == null) { password = PromptForPassword("password"); } _parameters.ThrowIfUnknown(); persistentAuthHelper.AzureEnvironments = AzureEnvironments.Prod; var cacheInfo = persistentAuthHelper.GetTokenByUpn(username, password).Result; return(0); } else if (String.Equals(verb, "get", StringComparison.OrdinalIgnoreCase) || String.Equals(verb, "delete", StringComparison.OrdinalIgnoreCase) || String.Equals(verb, "put", StringComparison.OrdinalIgnoreCase) || String.Equals(verb, "post", StringComparison.OrdinalIgnoreCase)) { var path = _parameters.Get(1, keyName: "url"); var verbose = _parameters.Get("-verbose", requires: false) != null; if (!verbose) { Trace.Listeners.Clear(); } var uri = EnsureAbsoluteUri(path, persistentAuthHelper); if (!persistentAuthHelper.IsCacheValid()) { persistentAuthHelper.AzureEnvironments = GetAzureEnvironments(uri); persistentAuthHelper.AcquireTokens().Wait(); } var content = ParseHttpContent(verb, _parameters); _parameters.ThrowIfUnknown(); var subscriptionId = GetTenantOrSubscription(uri); TokenCacheInfo cacheInfo = persistentAuthHelper.GetToken(subscriptionId, null).Result; return(HttpInvoke(uri, cacheInfo, verb, verbose, content).Result); } else { throw new CommandLineException(String.Format("Parameter '{0}' is invalid!", verb)); } } PrintUsage(); return(1); } catch (Exception ex) { DumpException(ex); return(-1); } }
protected async Task <Dictionary <string, TenantCacheInfo> > GetTokenForTenants(CustomTokenCache tokenCache, TokenCacheInfo cacheInfo, string appId = null, string appKey = null, string username = null, string password = null) { var recentInfo = cacheInfo; var tenantIds = await GetTenantIds(cacheInfo); if (!tenantIds.Contains(cacheInfo.TenantId)) { var list = tenantIds.ToList(); list.Insert(0, cacheInfo.TenantId); tenantIds = list.ToArray(); } var tenantCache = this.TenantStorage.GetCache(); foreach (var tenantId in tenantIds) { var info = new TenantCacheInfo { tenantId = tenantId, displayName = "unknown", domain = tenantId }; TokenCacheInfo result = null; try { if (!String.IsNullOrEmpty(appId) && !String.IsNullOrEmpty(appKey)) { result = GetAuthorizationResultBySpn(tokenCache, tenantId: tenantId, appId: appId, appKey: appKey, resource: Constants.CSMResources[(int)AzureEnvironments]); } else if (!String.IsNullOrEmpty(username) && !String.IsNullOrEmpty(password)) { result = GetAuthorizationResultByUpn(tokenCache, tenantId: tenantId, username: username, password: password, resource: Constants.CSMResources[(int)AzureEnvironments]); } else { result = await GetAuthorizationResult(tokenCache, tenantId : tenantId, user : cacheInfo.DisplayableId); } } catch (Exception ex) { Utils.Trace.WriteLine(string.Format("User: {0}, Tenant: {1} {2}", cacheInfo.DisplayableId, tenantId, ex.Message)); Utils.Trace.WriteLine(string.Empty); continue; } try { TokenCacheInfo aadToken = null; if (!String.IsNullOrEmpty(appId) && appKey == "_certificate_") { Utils.Trace.WriteLine(string.Format("AppId: {0}, Tenant: {1}", appId, tenantId)); } else if (!String.IsNullOrEmpty(appId) && !String.IsNullOrEmpty(appKey)) { aadToken = GetAuthorizationResultBySpn(tokenCache, tenantId: tenantId, appId: appId, appKey: appKey, resource: Constants.AADGraphUrls[(int)AzureEnvironments]); } else if (!String.IsNullOrEmpty(username) && !String.IsNullOrEmpty(password)) { aadToken = GetAuthorizationResultByUpn(tokenCache, tenantId: tenantId, username: username, password: password, resource: Constants.AADGraphUrls[(int)AzureEnvironments]); } else { aadToken = await GetAuthorizationResult(tokenCache, tenantId : tenantId, user : cacheInfo.DisplayableId, resource : Constants.AADGraphUrls[(int)AzureEnvironments]); } if (aadToken != null) { var details = await GetTenantDetail(aadToken, tenantId); info.displayName = details.displayName; info.domain = details.verifiedDomains.First(d => d.@default).name; if (!String.IsNullOrEmpty(appId) && !String.IsNullOrEmpty(appKey)) { Utils.Trace.WriteLine(string.Format("AppId: {0}, Tenant: {1} ({2})", appId, tenantId, info.domain)); } else { Utils.Trace.WriteLine(string.Format("User: {0}, Tenant: {1} ({2})", result.DisplayableId, tenantId, info.domain)); } } } catch (Exception) { if (!String.IsNullOrEmpty(appId) && !String.IsNullOrEmpty(appKey)) { Utils.Trace.WriteLine(string.Format("AppId: {0}, Tenant: {1}", appId, tenantId)); } else { Utils.Trace.WriteLine(string.Format("User: {0}, Tenant: {1}", result.DisplayableId, tenantId)); } } try { var subscriptions = await GetSubscriptions(result); Utils.Trace.WriteLine(string.Format("\tThere are {0} subscriptions", subscriptions.Length)); info.subscriptions = subscriptions.Select(subscription => new SubscriptionCacheInfo { subscriptionId = subscription.subscriptionId, displayName = subscription.displayName }).ToArray(); if (recentInfo != null && info.subscriptions.Length > 0) { recentInfo = result; } foreach (var subscription in subscriptions) { Utils.Trace.WriteLine(string.Format("\tSubscription {0} ({1})", subscription.subscriptionId, subscription.displayName)); } } catch (Exception ex) { Utils.Trace.WriteLine(string.Format("\t{0}!", ex.Message)); } tenantCache[tenantId] = info; if (!String.IsNullOrEmpty(info.domain) && info.domain != "unknown") { tenantCache[info.domain] = info; } Utils.Trace.WriteLine(string.Empty); } this.TokenStorage.SaveRecentToken(recentInfo, Constants.CSMResources[(int)AzureEnvironments]); return(tenantCache); }