private IEnumerable<AzureSubscription> ListSubscriptionsFromServer(AzureAccount account, AzureEnvironment environment, SecureString password, ShowDialog promptBehavior) { string[] tenants = null; try { if (!account.IsPropertySet(AzureAccount.Property.Tenants)) { tenants = LoadAccountTenants(account, environment, password, promptBehavior); } else { var storedTenants = account.GetPropertyAsArray(AzureAccount.Property.Tenants); if (account.Type == AzureAccount.AccountType.User && storedTenants.Count() == 1) { TracingAdapter.Information(Resources.AuthenticatingForSingleTenant, account.Id, storedTenants[0]); AzureSession.AuthenticationFactory.Authenticate(account, environment, storedTenants[0], password, promptBehavior); } } } catch (AadAuthenticationException aadEx) { WriteOrThrowAadExceptionMessage(aadEx); return new AzureSubscription[0]; } try { tenants = tenants ?? account.GetPropertyAsArray(AzureAccount.Property.Tenants); List<AzureSubscription> rdfeSubscriptions = ListServiceManagementSubscriptions(account, environment, password, ShowDialog.Never, tenants).ToList(); // Set user ID foreach (var subscription in rdfeSubscriptions) { account.SetOrAppendProperty(AzureAccount.Property.Subscriptions, subscription.Id.ToString()); } if (rdfeSubscriptions.Any()) { return rdfeSubscriptions; } else { return new AzureSubscription[0]; } } catch (AadAuthenticationException aadEx) { WriteOrThrowAadExceptionMessage(aadEx); return new AzureSubscription[0]; } }
/// <summary> /// Executes the set subscription cmdlet operation. /// </summary> public override void ExecuteCmdlet() { AzureSubscription subscription = null; if (!string.IsNullOrEmpty(SubscriptionId) && string.IsNullOrEmpty(SubscriptionName)) { subscription = ProfileClient.GetSubscription(new Guid(SubscriptionId)); Environment = subscription.Environment; } else if (string.IsNullOrEmpty(SubscriptionId) && !string.IsNullOrEmpty(SubscriptionName)) { subscription = ProfileClient.GetSubscription(SubscriptionName); Environment = subscription.Environment; } else { subscription = new AzureSubscription(); subscription.Id = new Guid(SubscriptionId); subscription.Name = SubscriptionName; } AzureEnvironment environment = ProfileClient.GetEnvironment(Environment, ServiceEndpoint, ResourceManagerEndpoint); if (environment == null) { var profileClient = new ProfileClient(Profile); environment = profileClient.GetEnvironment(Environment, ServiceEndpoint, ResourceManagerEndpoint); } if (environment == null) { throw new ArgumentException("ServiceEndpoint and ResourceManagerEndpoint values do not "+ "match existing environment. Please use Environment parameter."); } else { subscription.Environment = environment.Name; } if (ServiceEndpoint != null || ResourceManagerEndpoint != null) { WriteWarning("Please use Environment parameter to specify subscription environment. This "+ "warning will be converted into an error in the upcoming release."); } if (Certificate != null) { ProfileClient.ImportCertificate(Certificate); subscription.Account = Certificate.Thumbprint; AzureAccount account = new AzureAccount { Id = Certificate.Thumbprint, Type = AzureAccount.AccountType.Certificate }; account.SetOrAppendProperty(AzureAccount.Property.Subscriptions, subscription.Id.ToString()); ProfileClient.AddOrSetAccount(account); if (subscription.Account == null) { subscription.Account = account.Id; } } if (subscription.Account == null) { throw new ArgumentException("Certificate is required for creating a new subscription."); } if (!string.IsNullOrEmpty(CurrentStorageAccountName) || Context != null) { ProfileClient.GetAccount(subscription.Account); if (Profile.Context != null && Profile.Context.Subscription != null && Profile.Context.Subscription.Id == subscription.Id) { GeneralUtilities.ClearCurrentStorageAccount(); } var context = new AzureContext(subscription, ProfileClient.GetAccount(subscription.Account), ProfileClient.GetEnvironmentOrDefault(subscription.Environment)); if (Context != null) { context.SetCurrentStorageAccount(this); } else { var client = AzureSession.ClientFactory.CreateClient<StorageManagementClient>(context, AzureEnvironment.Endpoint.ServiceManagement); var account = StorageUtilities.GenerateCloudStorageAccount(client, CurrentStorageAccountName); context.SetCurrentStorageAccount(account.ToString(true)); } } subscription = ProfileClient.AddOrSetSubscription(subscription); if (PassThru) { WriteObject(subscription); } }
public AzureRMProfile Login( AzureAccount account, AzureEnvironment environment, string tenantId, string subscriptionId, string subscriptionName, SecureString password) { AzureSubscription newSubscription = null; AzureTenant newTenant = null; ShowDialog promptBehavior = (password == null && account.Type != AzureAccount.AccountType.AccessToken && !account.IsPropertySet(AzureAccount.Property.CertificateThumbprint)) ? ShowDialog.Always : ShowDialog.Never; // (tenant and subscription are present) OR // (tenant is present and subscription is not provided) if (!string.IsNullOrEmpty(tenantId)) { var token = AcquireAccessToken(account, environment, tenantId, password, promptBehavior); if (TryGetTenantSubscription(token, account, environment, tenantId, subscriptionId, subscriptionName, out newSubscription, out newTenant)) { account.SetOrAppendProperty(AzureAccount.Property.Tenants, new[] { newTenant.Id.ToString() }); } } // (tenant is not provided and subscription is present) OR // (tenant is not provided and subscription is not provided) else { var tenants = ListAccountTenants(account, environment, password, promptBehavior).Select(s => s.Id.ToString()).ToArray(); account.SetProperty(AzureAccount.Property.Tenants, null); string accountId = null; for (int i = 0; i < tenants.Count(); i++) { var tenant = tenants[i]; AzureTenant tempTenant; AzureSubscription tempSubscription; IAccessToken token = null; try { token = AcquireAccessToken(account, environment, tenant, password, ShowDialog.Auto); if (accountId == null) { accountId = account.Id; account.SetOrAppendProperty(AzureAccount.Property.Tenants, tenant); } else if (accountId.Equals(account.Id, StringComparison.OrdinalIgnoreCase)) { account.SetOrAppendProperty(AzureAccount.Property.Tenants, tenant); } else { // if account ID is different from the first tenant account id we need to ignore current tenant WriteWarningMessage(string.Format( Microsoft.Azure.Commands.Profile.Properties.Resources.AccountIdMismatch, account.Id, tenant, accountId)); account.Id = accountId; token = null; } } catch { WriteWarningMessage(string.Format(Microsoft.Azure.Commands.Profile.Properties.Resources.UnableToAqcuireToken, tenant)); } if (token != null && newTenant == null && TryGetTenantSubscription(token, account, environment, tenant, subscriptionId, subscriptionName, out tempSubscription, out tempTenant)) { // If no subscription found for the given token/tenant // discard tempTenant value unless current token/tenant is the last one. if (tempSubscription != null || i == (tenants.Count() - 1)) { newTenant = tempTenant; newSubscription = tempSubscription; } } } } if (newSubscription == null) { if (subscriptionId != null) { throw new PSInvalidOperationException(String.Format(Properties.Resources.SubscriptionIdNotFound, account.Id, subscriptionId)); } else if (subscriptionName != null) { throw new PSInvalidOperationException(String.Format(Properties.Resources.SubscriptionNameNotFound, account.Id, subscriptionName)); } _profile.Context = new AzureContext(account, environment, newTenant); } else { _profile.Context = new AzureContext(newSubscription, account, environment, newTenant); if (!newSubscription.State.Equals("Enabled", StringComparison.OrdinalIgnoreCase)) { WriteWarningMessage(string.Format( Microsoft.Azure.Commands.Profile.Properties.Resources.SelectedSubscriptionNotActive, newSubscription.State)); } } _profile.Context.TokenCache = TokenCache.DefaultShared.Serialize(); return _profile; }
public void RefreshContextsFromCache() { // Authentication factory is already registered in `OnImport()` AzureSession.Instance.TryGetComponent( PowerShellTokenCacheProvider.PowerShellTokenCacheProviderKey, out PowerShellTokenCacheProvider tokenCacheProvider); string authority = null; if (TryGetEnvironment(AzureSession.Instance.GetProperty(AzureSession.Property.Environment), out IAzureEnvironment sessionEnvironment)) { authority = $"{sessionEnvironment.ActiveDirectoryAuthority}organizations"; } var accounts = tokenCacheProvider.ListAccounts(authority); if (!accounts.Any()) { if (!Contexts.Any(c => c.Key != "Default" && c.Value.Account.Type == AzureAccount.AccountType.User)) { // If there are no accounts in the cache, but we never had any existing contexts, return return; } WriteWarningMessage($"No accounts found in the shared token cache; removing all user contexts."); var removedContext = false; foreach (var contextName in Contexts.Keys) { var context = Contexts[contextName]; if (context.Account.Type != AzureAccount.AccountType.User) { continue; } removedContext |= TryCacheRemoveContext(contextName); } // If no contexts were removed, return now to avoid writing to file later if (!removedContext) { return; } } else { var removedUsers = new HashSet <string>(); var updatedContext = false; foreach (var contextName in Contexts.Keys) { var context = Contexts[contextName]; if ((string.Equals(contextName, "Default") && context.Account == null) || context.Account.Type != AzureAccount.AccountType.User) { continue; } if (accounts.Any(a => string.Equals(a.Username, context.Account.Id, StringComparison.OrdinalIgnoreCase))) { continue; } if (!removedUsers.Contains(context.Account.Id)) { removedUsers.Add(context.Account.Id); WriteWarningMessage(string.Format(Resources.UserMissingFromSharedTokenCache, context.Account.Id)); } updatedContext |= TryCacheRemoveContext(contextName); } // Check to see if each account has at least one context foreach (var account in accounts) { if (Contexts.Values.Where(v => v.Account != null && v.Account.Type == AzureAccount.AccountType.User) .Any(v => string.Equals(v.Account.Id, account.Username, StringComparison.OrdinalIgnoreCase))) { continue; } WriteWarningMessage(string.Format(Resources.CreatingContextsWarning, account.Username)); var environment = sessionEnvironment ?? AzureEnvironment.PublicEnvironments .Where(env => env.Value.ActiveDirectoryAuthority.Contains(account.Environment)) .Select(env => env.Value) .FirstOrDefault(); var azureAccount = new AzureAccount() { Id = account.Username, Type = AzureAccount.AccountType.User }; List <IAccessToken> tokens = null; try { tokens = tokenCacheProvider.GetTenantTokensForAccount(account, environment, WriteWarningMessage); } catch (Exception e) { //In SSO scenario, if the account from token cache has multiple tenants, e.g. MSA account, MSAL randomly picks up //one tenant to ask for token, MSAL will throw exception if MSA home tenant is chosen. The exception is swallowed here as short term fix. WriteWarningMessage(string.Format(Resources.NoTokenFoundWarning, account.Username)); EnqueueDebugMessage(e.ToString()); continue; } foreach (var token in tokens) { var azureTenant = new AzureTenant() { Id = token.TenantId }; azureAccount.SetOrAppendProperty(AzureAccount.Property.Tenants, token.TenantId); var subscriptions = tokenCacheProvider.GetSubscriptionsFromTenantToken(account, environment, token, WriteWarningMessage); if (!subscriptions.Any()) { subscriptions.Add(null); } foreach (var subscription in subscriptions) { var context = new AzureContext(subscription, azureAccount, environment, azureTenant); if (!TryGetContextName(context, out string name)) { WriteWarningMessage(string.Format(Resources.NoContextNameForSubscription, subscription.Id)); continue; } if (!TrySetContext(name, context)) { WriteWarningMessage(string.Format(Resources.UnableToCreateContextForSubscription, subscription.Id)); } else { updatedContext = true; } } } } // If the context list was not updated, return now to avoid writing to file later if (!updatedContext) { return; } } Save(ProfilePath, false); }
public List<AzureSubscription> ImportPublishSettings(string filePath, string environmentName) { var subscriptions = ListSubscriptionsFromPublishSettingsFile(filePath, environmentName); if (subscriptions.Any()) { foreach (var subscription in subscriptions) { AzureAccount account = new AzureAccount { Id = subscription.Account, Type = AzureAccount.AccountType.Certificate }; account.SetOrAppendProperty(AzureAccount.Property.Subscriptions, subscription.Id.ToString()); AddOrSetAccount(account); if (!Profile.Subscriptions.ContainsKey(subscription.Id)) { AddOrSetSubscription(subscription); } if (Profile.DefaultSubscription == null) { Profile.DefaultSubscription = subscription; } } } return subscriptions; }
private void InitializeAzureProfile(AzureSMProfile profile, string parameterSet, AzureProfileSettings settings) { var savedCache = AzureSession.TokenCache; AzureSession.TokenCache = TokenCache.DefaultShared; try { var profileClient = new ProfileClient(profile); if (settings.Environment == null) { settings.Environment = AzureEnvironment.PublicEnvironments["AzureCloud"]; } switch (parameterSet) { case CertificateParameterSet: profileClient.InitializeProfile(settings.Environment, new Guid(settings.SubscriptionId), settings.Certificate, settings.StorageAccount); break; case CredentialsParameterSet: var userAccount = new AzureAccount { Id = settings.Credential.UserName, Type = AzureAccount.AccountType.User }; profileClient.InitializeProfile(settings.Environment, new Guid(settings.SubscriptionId), userAccount, settings.Credential.Password, settings.StorageAccount); break; case AccessTokenParameterSet: profileClient.InitializeProfile(settings.Environment, new Guid(settings.SubscriptionId), settings.AccessToken, settings.AccountId, settings.StorageAccount); break; case ServicePrincipalParameterSet: var servicePrincipalAccount = new AzureAccount { Id = settings.Credential.UserName, Type = AzureAccount.AccountType.ServicePrincipal, }; servicePrincipalAccount.SetOrAppendProperty(AzureAccount.Property.Tenants, settings.Tenant); profileClient.InitializeProfile(settings.Environment, new Guid(settings.SubscriptionId), servicePrincipalAccount, settings.Credential.Password, settings.StorageAccount); break; case EmptyParameterSet: if (!profile.Environments.ContainsKey(settings.Environment.Name)) { profile.Environments.Add(settings.Environment.Name, settings.Environment); } break; } } finally { AzureSession.TokenCache = savedCache; } }
public void Login( AzureAccount account, AzureEnvironment environment) { ShowDialog promptBehavior = ShowDialog.Always; var tenants = ListAccountTenants(account, environment, promptBehavior).ToArray(); account.SetProperty(AzureAccount.Property.Tenants, null); string accountId = null; List<AzureSubscription> azureSubscriptions = new List<AzureSubscription>(); List<string> authtokens = new List<string>(); for (int i = 0; i < tenants.Count(); i++) { var tenant = tenants[i].Id.ToString(); IAccessToken token = AcquireAccessToken(account, environment, tenant, ShowDialog.Auto); if (accountId == null) { accountId = account.Id; account.SetOrAppendProperty(AzureAccount.Property.Tenants, tenant); } else if (accountId.Equals(account.Id, StringComparison.OrdinalIgnoreCase)) { account.SetOrAppendProperty(AzureAccount.Property.Tenants, tenant); } else { // if account ID is different from the first tenant account id we need to ignore current tenant Console.WriteLine(string.Format( "Account ID '{0}' for tenant '{1}' does not match home Account ID '{2}'", account.Id, tenant, accountId)); account.Id = accountId; token = null; } int found = TryGetTenantSubscription(token, account, environment, tenant, azureSubscriptions, authtokens); } for(int i=0; i<azureSubscriptions.Count; ++i) { var subscription = azureSubscriptions[i]; Console.WriteLine("Subscription:"); Console.WriteLine(" Name = {0}", subscription.Name); Console.WriteLine(" Id = {0}", subscription.Id); Console.WriteLine(" State = {0}", subscription.State); Console.WriteLine(" Account = {0}", subscription.Account); ShowIoTHubsInSubscription(subscription.Id.ToString(), authtokens[i]).Wait(); } }