public IAccessToken Authenticate( AzureAccount account, AzureEnvironment environment, string tenant, SecureString password, ShowDialog promptBehavior, TokenCache tokenCache, AzureEnvironment.Endpoint resourceId = AzureEnvironment.Endpoint.ActiveDirectoryServiceEndpointResourceId) { var configuration = GetAdalConfiguration(environment, tenant, resourceId, tokenCache); TracingAdapter.Information(Resources.AdalAuthConfigurationTrace, configuration.AdDomain, configuration.AdEndpoint, configuration.ClientId, configuration.ClientRedirectUri, configuration.ResourceClientUri, configuration.ValidateAuthority); IAccessToken token; if (account.IsPropertySet(AzureAccount.Property.CertificateThumbprint)) { var thumbprint = account.GetProperty(AzureAccount.Property.CertificateThumbprint); token = TokenProvider.GetAccessTokenWithCertificate(configuration, account.Id, thumbprint, account.Type); } else { token = TokenProvider.GetAccessToken(configuration, promptBehavior, account.Id, password, account.Type); } account.Id = token.UserId; return token; }
/// <summary> /// Create a new access token from the given account and tenant id /// </summary> /// <param name="account">The account, containing user id, access token information</param> /// <param name="tenantId">The tenant id for the given access token</param> /// <param name="tokenType">The token type for the given token.</param> public SimpleAccessToken(AzureAccount account, string tenantId, string tokenType = _defaultTokenType) { if (account == null) { throw new ArgumentNullException("account"); } if (string.IsNullOrWhiteSpace(account.Id)) { throw new ArgumentOutOfRangeException("account", Resources.AccessTokenRequiresAccount); } if (account.Type != AzureAccount.AccountType.AccessToken || !account.IsPropertySet(AzureAccount.Property.AccessToken)) { throw new ArgumentException(Resources.TypeNotAccessToken); } this.UserId = account.Id; this._tokenType = tokenType; this.AccessToken = account.GetProperty(AzureAccount.Property.AccessToken); this.TenantId = tenantId; }
private IEnumerable<AzureSubscription> ListSubscriptionsFromServer(AzureAccount account, AzureEnvironment environment, SecureString password, ShowDialog promptBehavior) { string[] tenants = null; try { if (!account.IsPropertySet(AzureAccount.Property.Tenants)) { tenants = LoadAccountTenants(account, environment, password, promptBehavior); } else { var storedTenants = account.GetPropertyAsArray(AzureAccount.Property.Tenants); if (account.Type == AzureAccount.AccountType.User && storedTenants.Count() == 1) { TracingAdapter.Information(Resources.AuthenticatingForSingleTenant, account.Id, storedTenants[0]); AzureSession.AuthenticationFactory.Authenticate(account, environment, storedTenants[0], password, promptBehavior); } } } catch (AadAuthenticationException aadEx) { WriteOrThrowAadExceptionMessage(aadEx); return new AzureSubscription[0]; } try { tenants = tenants ?? account.GetPropertyAsArray(AzureAccount.Property.Tenants); List<AzureSubscription> rdfeSubscriptions = ListServiceManagementSubscriptions(account, environment, password, ShowDialog.Never, tenants).ToList(); // Set user ID foreach (var subscription in rdfeSubscriptions) { account.SetOrAppendProperty(AzureAccount.Property.Subscriptions, subscription.Id.ToString()); } if (rdfeSubscriptions.Any()) { return rdfeSubscriptions; } else { return new AzureSubscription[0]; } } catch (AadAuthenticationException aadEx) { WriteOrThrowAadExceptionMessage(aadEx); return new AzureSubscription[0]; } }
private List<AzureTenant> ListAccountTenants(AzureAccount account, AzureEnvironment environment, SecureString password, ShowDialog promptBehavior) { List<AzureTenant> result = new List<AzureTenant>(); try { var commonTenantToken = AcquireAccessToken(account, environment, AuthenticationFactory.CommonAdTenant, password, promptBehavior); using (var subscriptionClient = AzureSession.ClientFactory.CreateCustomClient<SubscriptionClient>( new TokenCloudCredentials(commonTenantToken.AccessToken), environment.GetEndpointAsUri(AzureEnvironment.Endpoint.ResourceManager))) { //TODO: Fix subscription client to not require subscriptionId result = account.MergeTenants(subscriptionClient.Tenants.List().TenantIds, commonTenantToken); } } catch { WriteWarningMessage(string.Format(Microsoft.Azure.Commands.Profile.Properties.Resources.UnableToAqcuireToken, AuthenticationFactory.CommonAdTenant)); if (account.IsPropertySet(AzureAccount.Property.Tenants)) { result = account.GetPropertyAsArray(AzureAccount.Property.Tenants) .Select(ti => { var tenant = new AzureTenant(); Guid guid; if (Guid.TryParse(ti, out guid)) { tenant.Id = guid; tenant.Domain = AccessTokenExtensions.GetDomain(account.Id); } else { tenant.Domain = ti; } return tenant; }).ToList(); } if (!result.Any()) { throw; } } return result; }
public AzureRMProfile Login( AzureAccount account, AzureEnvironment environment, string tenantId, string subscriptionId, string subscriptionName, SecureString password) { AzureSubscription newSubscription = null; AzureTenant newTenant = null; ShowDialog promptBehavior = (password == null && account.Type != AzureAccount.AccountType.AccessToken && !account.IsPropertySet(AzureAccount.Property.CertificateThumbprint)) ? ShowDialog.Always : ShowDialog.Never; // (tenant and subscription are present) OR // (tenant is present and subscription is not provided) if (!string.IsNullOrEmpty(tenantId)) { var token = AcquireAccessToken(account, environment, tenantId, password, promptBehavior); if (TryGetTenantSubscription(token, account, environment, tenantId, subscriptionId, subscriptionName, out newSubscription, out newTenant)) { account.SetOrAppendProperty(AzureAccount.Property.Tenants, new[] { newTenant.Id.ToString() }); } } // (tenant is not provided and subscription is present) OR // (tenant is not provided and subscription is not provided) else { var tenants = ListAccountTenants(account, environment, password, promptBehavior).Select(s => s.Id.ToString()).ToArray(); account.SetProperty(AzureAccount.Property.Tenants, null); string accountId = null; for (int i = 0; i < tenants.Count(); i++) { var tenant = tenants[i]; AzureTenant tempTenant; AzureSubscription tempSubscription; IAccessToken token = null; try { token = AcquireAccessToken(account, environment, tenant, password, ShowDialog.Auto); if (accountId == null) { accountId = account.Id; account.SetOrAppendProperty(AzureAccount.Property.Tenants, tenant); } else if (accountId.Equals(account.Id, StringComparison.OrdinalIgnoreCase)) { account.SetOrAppendProperty(AzureAccount.Property.Tenants, tenant); } else { // if account ID is different from the first tenant account id we need to ignore current tenant WriteWarningMessage(string.Format( Microsoft.Azure.Commands.Profile.Properties.Resources.AccountIdMismatch, account.Id, tenant, accountId)); account.Id = accountId; token = null; } } catch { WriteWarningMessage(string.Format(Microsoft.Azure.Commands.Profile.Properties.Resources.UnableToAqcuireToken, tenant)); } if (token != null && newTenant == null && TryGetTenantSubscription(token, account, environment, tenant, subscriptionId, subscriptionName, out tempSubscription, out tempTenant)) { // If no subscription found for the given token/tenant // discard tempTenant value unless current token/tenant is the last one. if (tempSubscription != null || i == (tenants.Count() - 1)) { newTenant = tempTenant; newSubscription = tempSubscription; } } } } if (newSubscription == null) { if (subscriptionId != null) { throw new PSInvalidOperationException(String.Format(Properties.Resources.SubscriptionIdNotFound, account.Id, subscriptionId)); } else if (subscriptionName != null) { throw new PSInvalidOperationException(String.Format(Properties.Resources.SubscriptionNameNotFound, account.Id, subscriptionName)); } _profile.Context = new AzureContext(account, environment, newTenant); } else { _profile.Context = new AzureContext(newSubscription, account, environment, newTenant); if (!newSubscription.State.Equals("Enabled", StringComparison.OrdinalIgnoreCase)) { WriteWarningMessage(string.Format( Microsoft.Azure.Commands.Profile.Properties.Resources.SelectedSubscriptionNotActive, newSubscription.State)); } } _profile.Context.TokenCache = TokenCache.DefaultShared.Serialize(); return _profile; }