private ExtendedAccessToken GetTokenImpl(TokenRequestContext requestContext, CancellationToken cancellationToken) { using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("Azure.Identity.EnvironmentCredential.GetToken", requestContext); if (_credential is null) { return(new ExtendedAccessToken(scope.Failed(new CredentialUnavailableException(_unavailbleErrorMessage)))); } try { AccessToken token = _credential.GetToken(requestContext, cancellationToken); return(new ExtendedAccessToken(scope.Succeeded(token))); } catch (OperationCanceledException e) { scope.Failed(e); throw; } catch (Exception e) { return(new ExtendedAccessToken(scope.Failed(e))); } }
private async ValueTask <AccessToken> GetTokenImplAsync(TokenRequestContext requestContext, CancellationToken cancellationToken) { using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("SharedTokenCacheCredential.GetToken", requestContext); try { IAccount account = await _account.Value.ConfigureAwait(false); AuthenticationResult result = await _client.AcquireTokenSilentAsync(requestContext.Scopes, account, cancellationToken).ConfigureAwait(false); return(scope.Succeeded(new AccessToken(result.AccessToken, result.ExpiresOn))); } catch (MsalUiRequiredException) { throw scope.Failed(new CredentialUnavailableException($"{nameof(SharedTokenCacheCredential)} authentication unavailable. Token acquisition failed for user {_username}. Ensure that you have authenticated with a developer tool that supports Azure single sign on.")); } catch (OperationCanceledException e) { scope.Failed(e); throw; } catch (Exception e) { throw scope.FailAndWrap(e); } }
/// <summary> /// Obtains a token for a user account, authenticating them through the device code authentication flow. /// </summary> /// <param name="requestContext">The details of the authentication request.</param> /// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param> /// <returns>An <see cref="AccessToken"/> which can be used to authenticate service client calls.</returns> public override AccessToken GetToken(TokenRequestContext requestContext, CancellationToken cancellationToken = default) { using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("Azure.Identity.DeviceCodeCredential.GetToken", requestContext); try { if (_account != null) { try { AuthenticationResult result = _client.AcquireTokenSilentAsync(requestContext.Scopes, _account, cancellationToken).GetAwaiter().GetResult(); return(scope.Succeeded(new AccessToken(result.AccessToken, result.ExpiresOn))); } catch (MsalUiRequiredException) { return(scope.Succeeded(GetTokenViaDeviceCodeAsync(requestContext.Scopes, cancellationToken).GetAwaiter().GetResult())); } } else { return(scope.Succeeded(GetTokenViaDeviceCodeAsync(requestContext.Scopes, cancellationToken).GetAwaiter().GetResult())); } } catch (OperationCanceledException e) { scope.Failed(e); throw; } catch (Exception e) { throw scope.Failed(e); } }
private async ValueTask <AccessToken> GetTokenImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken) { using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("EnvironmentCredential.GetToken", requestContext); if (_credential is null) { throw scope.Failed(new CredentialUnavailableException(UnavailbleErrorMessage)); } try { AccessToken token = async ? await _credential.GetTokenAsync(requestContext, cancellationToken).ConfigureAwait(false) : _credential.GetToken(requestContext, cancellationToken); return(scope.Succeeded(token)); } catch (OperationCanceledException e) { scope.Failed(e); throw; } catch (Exception e) { throw scope.FailAndWrap(e); } }
private async ValueTask <AccessToken> GetTokenImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken) { using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("SharedTokenCacheCredential.GetToken", requestContext); try { IAccount account = async ? await _account.Value.ConfigureAwait(false) #pragma warning disable AZC0102 // Do not use GetAwaiter().GetResult(). Use the TaskExtensions.EnsureCompleted() extension method instead. : _account.Value.GetAwaiter().GetResult(); #pragma warning restore AZC0102 // Do not use GetAwaiter().GetResult(). Use the TaskExtensions.EnsureCompleted() extension method instead. AuthenticationResult result = await _client.AcquireTokenSilentAsync(requestContext.Scopes, account, async, cancellationToken).ConfigureAwait(false); return(scope.Succeeded(new AccessToken(result.AccessToken, result.ExpiresOn))); } catch (MsalUiRequiredException) { throw scope.Failed(new CredentialUnavailableException($"{nameof(SharedTokenCacheCredential)} authentication unavailable. Token acquisition failed for user {_username}. Ensure that you have authenticated with a developer tool that supports Azure single sign on.")); } catch (OperationCanceledException e) { scope.Failed(e); throw; } catch (Exception e) { throw scope.FailAndWrap(e); } }
private async ValueTask <ExtendedAccessToken> GetTokenImplAsync(TokenRequestContext requestContext, CancellationToken cancellationToken) { using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("ManagedIdentityCredential.GetToken", requestContext); try { ExtendedAccessToken result = await _client.AuthenticateAsync(requestContext.Scopes, cancellationToken).ConfigureAwait(false); if (result.Exception != null) { scope.Failed(result.Exception); } else { scope.Succeeded(result.AccessToken); } return(result); } catch (OperationCanceledException e) { scope.Failed(e); throw; } catch (Exception e) { return(new ExtendedAccessToken(scope.Failed(e))); } }
private async Task <AccessToken> GetTokenAsync(bool isAsync, TokenRequestContext requestContext, CancellationToken cancellationToken) { using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("Azure.Identity.DefaultAcureCredential.GetToken", requestContext); List <Exception> exceptions = new List <Exception>(); int i; for (i = 0; i < _sources.Length && _sources[i] != null; i++) { ExtendedAccessToken exToken = isAsync ? await _sources[i].GetTokenAsync(requestContext, cancellationToken).ConfigureAwait(false) : _sources[i].GetToken(requestContext, cancellationToken); if (exToken.Exception is null) { return(scope.Succeeded(exToken.AccessToken)); } if (exToken.Exception is CredentialUnavailableException) { exceptions.Add(exToken.Exception); } else { exceptions.Add(exToken.Exception); throw scope.Failed(AuthenticationFailedException.CreateAggregateException($"{UnhandledExceptionMessage} {_sources[i].GetType().Name} failed with unhandled exception {exToken.Exception.Message}.", new ReadOnlyMemory <object>(_sources, 0, i + 1), exceptions)); } } throw scope.Failed(AuthenticationFailedException.CreateAggregateException(DefaultExceptionMessage, new ReadOnlyMemory <object>(_sources, 0, i), exceptions)); }
private async ValueTask <ExtendedAccessToken> GetTokenImplAsync(TokenRequestContext requestContext, CancellationToken cancellationToken) { using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("Azure.Identity.ManagedIdentityCredential.GetToken", requestContext); try { MsiType msiType = await _client.GetMsiTypeAsync(cancellationToken).ConfigureAwait(false); // if msi is unavailable or we were unable to determine the type return a default access token if (msiType == MsiType.Unavailable || msiType == MsiType.Unknown) { return(new ExtendedAccessToken(scope.Failed(new CredentialUnavailableException(MsiUnavailableError)))); } AccessToken token = await _client.AuthenticateAsync(msiType, requestContext.Scopes, _clientId, cancellationToken).ConfigureAwait(false); return(new ExtendedAccessToken(scope.Succeeded(token))); } catch (OperationCanceledException e) { scope.Failed(e); throw; } catch (Exception e) { return(new ExtendedAccessToken(scope.Failed(e))); } }
private async ValueTask <AccessToken> GetTokenImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken) { using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("DeviceCodeCredential.GetToken", requestContext); try { if (_account != null) { try { AuthenticationResult result = await _client.AcquireTokenSilentAsync(requestContext.Scopes, _account, async, cancellationToken).ConfigureAwait(false); return(scope.Succeeded(new AccessToken(result.AccessToken, result.ExpiresOn))); } catch (MsalUiRequiredException) { return(scope.Succeeded(await GetTokenViaDeviceCodeAsync(requestContext.Scopes, async, cancellationToken).ConfigureAwait(false))); } } else { return(scope.Succeeded(await GetTokenViaDeviceCodeAsync(requestContext.Scopes, async, cancellationToken).ConfigureAwait(false))); } } catch (OperationCanceledException e) { scope.Failed(e); throw; } catch (Exception e) { throw scope.FailAndWrap(e); } }
private async ValueTask <AccessToken> GetTokenImplAsync(TokenRequestContext requestContext, bool async, CancellationToken cancellationToken) { using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("VisualStudioCredential.GetToken", requestContext); try { var tokenProviderPath = GetTokenProviderPath(); var tokenProviders = GetTokenProviders(tokenProviderPath); var resource = ScopeUtilities.ScopesToResource(requestContext.Scopes); var processStartInfos = GetProcessStartInfos(tokenProviders, resource, cancellationToken); if (processStartInfos.Count == 0) { throw new CredentialUnavailableException("No installed instance of Visual Studio was found"); } return(await RunProcessesAsync(processStartInfos, async, cancellationToken).ConfigureAwait(false)); } catch (OperationCanceledException e) { scope.Failed(e); throw; } catch (Exception e) { throw scope.FailAndWrap(e); } }
private async ValueTask <AccessToken> GetTokenImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken) { using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("DefaultAzureCredential.GetToken", requestContext); try { AccessToken token; if (_credential != null) { token = async ? await _credential.GetTokenAsync(requestContext, cancellationToken).ConfigureAwait(false) : _credential.GetToken(requestContext, cancellationToken); } else { token = await GetTokenFromSourcesAsync(async, requestContext, cancellationToken).ConfigureAwait(false); } return(scope.Succeeded(token)); } catch (OperationCanceledException e) { scope.Failed(e); throw; } catch (Exception e) when(!(e is CredentialUnavailableException)) { throw scope.FailAndWrap(new AuthenticationFailedException(UnhandledExceptionMessage, e)); } }
private async ValueTask <AccessToken> GetTokenImplAsync(TokenRequestContext requestContext, bool async, CancellationToken cancellationToken) { using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("VisualStudioCodeCredential.GetToken", requestContext); try { GetUserSettings(out var tenant, out var environmentName); var cloudInstance = GetAzureCloudInstance(environmentName); var storedCredentials = _vscAdapter.GetCredentials(CredentialsSection, environmentName); if (!IsBase64UrlString(storedCredentials)) { throw new CredentialUnavailableException("Need to re-authenticate user in VSCode Azure Account."); } var result = await _client.AcquireTokenByRefreshToken(requestContext.Scopes, storedCredentials, cloudInstance, tenant, async, cancellationToken).ConfigureAwait(false); return(scope.Succeeded(new AccessToken(result.AccessToken, result.ExpiresOn))); } catch (OperationCanceledException e) { scope.Failed(e); throw; } catch (Exception e) { throw scope.FailAndWrap(e); } }
/// <summary> /// Obtains a token from the Azure Active Directory service, using the specified X509 certificate to authenticate. /// </summary> /// <param name="requestContext">The details of the authentication request.</param> /// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param> /// <returns>An <see cref="AccessToken"/> which can be used to authenticate service client calls.</returns> public override AccessToken GetToken(TokenRequestContext requestContext, CancellationToken cancellationToken = default) { using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("Azure.Identity.ClientCertificateCredential.GetToken", requestContext); try { return(scope.Succeeded(_client.Authenticate(TenantId, ClientId, ClientCertificate, requestContext.Scopes, cancellationToken))); } catch (OperationCanceledException e) { scope.Failed(e); throw; } catch (Exception e) { throw scope.Failed(e); } }
/// <summary> /// Obtains a token from the Azure Active Directory service, using the specified client secret to authenticate. This method is called by Azure SDK clients. It isn't intended for use in application code. /// </summary> /// <param name="requestContext">The details of the authentication request.</param> /// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param> /// <returns>An <see cref="AccessToken"/> which can be used to authenticate service client calls.</returns> public override async ValueTask <AccessToken> GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken = default) { using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("Azure.Identity.ClientSecretCredential.GetToken", requestContext); try { return(scope.Succeeded(await _client.AuthenticateAsync(TenantId, ClientId, ClientSecret, requestContext.Scopes, cancellationToken).ConfigureAwait(false))); } catch (OperationCanceledException e) { scope.Failed(e); throw; } catch (Exception e) { throw scope.Failed(e); } }
private async ValueTask <AccessToken> GetTokenImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken) { using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("AzureCliCredential.GetToken", requestContext); try { AccessToken token = async ? await _client.RequestCliAccessTokenAsync(requestContext.Scopes, cancellationToken).ConfigureAwait(false) : _client.RequestCliAccessToken(requestContext.Scopes, cancellationToken); return(scope.Succeeded(token)); } catch (OperationCanceledException e) { scope.Failed(e); throw; } catch (Exception e) { throw scope.Failed(e); } }
private async ValueTask <ExtendedAccessToken> GetTokenImplAsync(TokenRequestContext requestContext, CancellationToken cancellationToken) { using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("Azure.Identity.InteractiveBrowserCredential.GetToken", requestContext); try { if (_account != null) { try { AuthenticationResult result = await _client.AcquireTokenSilentAsync(requestContext.Scopes, _account, cancellationToken).ConfigureAwait(false); return(new ExtendedAccessToken(scope.Succeeded(new AccessToken(result.AccessToken, result.ExpiresOn)))); } catch (MsalUiRequiredException) { AccessToken token = await GetTokenViaBrowserLoginAsync(requestContext.Scopes, cancellationToken).ConfigureAwait(false); return(new ExtendedAccessToken(scope.Succeeded(token))); } } else { AccessToken token = await GetTokenViaBrowserLoginAsync(requestContext.Scopes, cancellationToken).ConfigureAwait(false); return(new ExtendedAccessToken(scope.Succeeded(token))); } } catch (OperationCanceledException e) { scope.Failed(e); throw; } catch (Exception e) { return(new ExtendedAccessToken(scope.Failed(e))); } }
private async Task <AccessToken> GetTokenAsync(bool isAsync, TokenRequestContext requestContext, CancellationToken cancellationToken) { using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("DefaultAzureCredential.GetToken", requestContext); List <Exception> exceptions = new List <Exception>(); int i; for (i = 0; i < _sources.Length && _sources[i] != null; i++) { ExtendedAccessToken exToken = isAsync ? await _sources[i].GetTokenAsync(requestContext, cancellationToken).ConfigureAwait(false) : _sources[i].GetToken(requestContext, cancellationToken); if (exToken.Exception is null) { return(scope.Succeeded(exToken.AccessToken)); } if (exToken.Exception is CredentialUnavailableException) { exceptions.Add(exToken.Exception); } else { throw scope.Failed(new AuthenticationFailedException(UnhandledExceptionMessage, exToken.Exception)); } } StringBuilder errorMsg = new StringBuilder(DefaultExceptionMessage); foreach (Exception ex in exceptions) { errorMsg.Append(Environment.NewLine).Append(ex.Message); } throw scope.Failed(new CredentialUnavailableException(errorMsg.ToString())); }
/// <summary> /// Obtains a token for a user account, authenticating them using the given username and password. Note: This will fail with /// an <see cref="AuthenticationFailedException"/> if the specified user acound has MFA enabled. /// </summary> /// <param name="requestContext">The details of the authentication request.</param> /// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param> /// <returns>An <see cref="AccessToken"/> which can be used to authenticate service client calls.</returns> public override async ValueTask <AccessToken> GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken = default) { using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("Azure.Identity.UsernamePasswordCredential.GetToken", requestContext); try { AuthenticationResult result = await _client.AcquireTokenByUsernamePasswordAsync(requestContext.Scopes, _username, _password, cancellationToken).ConfigureAwait(false); return(scope.Succeeded(new AccessToken(result.AccessToken, result.ExpiresOn))); } catch (Exception e) { throw scope.Failed(e); } }
private async Task <AuthenticationRecord> AuthenticateImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken) { using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope($"{nameof(InteractiveBrowserCredential)}.{nameof(Authenticate)}", requestContext); try { scope.Succeeded(await GetTokenViaBrowserLoginAsync(requestContext.Scopes, async, cancellationToken).ConfigureAwait(false)); return(_record); } catch (OperationCanceledException e) { scope.Failed(e); throw; } catch (Exception e) { throw scope.FailAndWrap(e); } }
private async ValueTask <AccessToken> GetTokenImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken) { using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("ManagedIdentityCredential.GetToken", requestContext); try { AccessToken result = async ? await _client.AuthenticateAsync(requestContext.Scopes, cancellationToken).ConfigureAwait(false) : _client.Authenticate(requestContext.Scopes, cancellationToken); return(scope.Succeeded(result)); } catch (OperationCanceledException e) { scope.Failed(e); throw; } catch (Exception e) { throw scope.FailAndWrap(e); } }
private async ValueTask <AccessToken> GetTokenImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken) { using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope($"{nameof(InteractiveBrowserCredential)}.{nameof(GetToken)}", requestContext); try { Exception inner = null; if (_record != null) { try { AuthenticationResult result = await _client.AcquireTokenSilentAsync(requestContext.Scopes, (AuthenticationAccount)_record, async, cancellationToken).ConfigureAwait(false); return(scope.Succeeded(new AccessToken(result.AccessToken, result.ExpiresOn))); } catch (MsalUiRequiredException e) { inner = e; } } if (_disableAutomaticAuthentication) { throw new AuthenticationRequiredException(AuthenticationRequiredMessage, requestContext, inner); } return(scope.Succeeded(await GetTokenViaBrowserLoginAsync(requestContext.Scopes, async, cancellationToken).ConfigureAwait(false))); } catch (OperationCanceledException e) { scope.Failed(e); throw; } catch (Exception e) { throw scope.FailAndWrap(e); } }
private async ValueTask <AccessToken> GetTokenImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken = default) { using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope($"{nameof(AuthorizationCodeCredential)}.{nameof(GetToken)}", requestContext); try { AccessToken token = default; if (_record is null) { AuthenticationResult result = await _confidentialClient.AcquireTokenByAuthorizationCode(requestContext.Scopes, _authCode).ExecuteAsync(async, cancellationToken).ConfigureAwait(false); _record = new AuthenticationRecord(result); token = new AccessToken(result.AccessToken, result.ExpiresOn); } else { AuthenticationResult result = await _confidentialClient.AcquireTokenSilent(requestContext.Scopes, (AuthenticationAccount)_record).ExecuteAsync(async, cancellationToken).ConfigureAwait(false); token = new AccessToken(result.AccessToken, result.ExpiresOn); } return(scope.Succeeded(token)); } catch (OperationCanceledException e) { scope.Failed(e); throw; } catch (Exception e) { throw scope.FailAndWrap(e); } }