public async Task GetSystemTokenLiveAsync() { var credential = new ManagedIdentityCredential(); AccessToken token = await credential.GetTokenAsync(new TokenRequestContext(new string[] { "https://management.azure.com//.default" })); Assert.IsNotNull(token.Token); }
private static async Task <string> GetTokenAsync(string instanceUri) { var managedIdentityCredential = new ManagedIdentityCredential(clientId); var properScope = new Uri(instanceUri).GetComponents(UriComponents.SchemeAndServer, UriFormat.UriEscaped); var acessToken = await managedIdentityCredential.GetTokenAsync(new TokenRequestContext(new[] { properScope })); return(acessToken.Token); }
public async Task ScopesHonoredAsync() { var credential = new ManagedIdentityCredential(); credential._client(new MockManagedIdentityClient()); AccessToken defaultScopeToken = await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default)); Assert.IsTrue(new MockToken(defaultScopeToken.Token).HasField("scopes", MockScopes.Default.ToString())); }
static void Main(string[] args) { var credential = new ManagedIdentityCredential(); var token = await credential.GetTokenAsync(new string[] { "https://management.azure.com//.default" }); Console.WriteLine(token.Token); Console.WriteLine(token.ExpiresOn); }
public override Task <IAccessToken> Authenticate(AuthenticationParameters parameters, CancellationToken cancellationToken) { var msiParameters = parameters as ManagedServiceIdentityParameters; var scopes = new[] { GetResourceId(msiParameters.ResourceId, msiParameters.Environment) }; var requestContext = new TokenRequestContext(scopes); ManagedIdentityCredential identityCredential = new ManagedIdentityCredential(); var tokenTask = identityCredential.GetTokenAsync(requestContext); return(MsalAccessToken.GetAccessTokenAsync(tokenTask, msiParameters.TenantId, msiParameters.Account.Id)); }
public async Task ScopesHonoredAsync() { var credential = new ManagedIdentityCredential() { Client = new MockIdentityClient() }; string defaultScopeToken = await credential.GetTokenAsync(MockScopes.Default); Assert.IsTrue(new MockToken(defaultScopeToken).HasField("scopes", MockScopes.Default.ToString())); }
public async Task <DbConnection> GetConnectionAsync( CancellationToken cancellationToken = default(CancellationToken)) { var sqlConnection = new SqlConnection(_connectionString); var credential = new ManagedIdentityCredential(); var accessToken = (await credential.GetTokenAsync( new TokenRequestContext(_authenticationTokenScopes), cancellationToken)).Token; sqlConnection.AccessToken = accessToken; return(sqlConnection); }
public async Task CancellationTokenHonoredAsync() { var credential = new ManagedIdentityCredential(); credential._client(new MockManagedIdentityClient()); var cancellation = new CancellationTokenSource(); ValueTask <AccessToken> getTokenComplete = credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default), cancellation.Token); cancellation.Cancel(); Assert.ThrowsAsync <TaskCanceledException>(async() => await getTokenComplete, "failed to cancel GetToken call"); await Task.CompletedTask; }
public async Task VerifyCloudShellMsiRequestWithClientIdMockAsync() { using (new TestEnvVar("MSI_ENDPOINT", "https://mock.msi.endpoint/")) using (new TestEnvVar("MSI_SECRET", null)) { var response = new MockResponse(200); var expectedToken = "mock-msi-access-token"; response.SetContent($"{{ \"access_token\": \"{expectedToken}\", \"expires_on\": {(DateTimeOffset.UtcNow + TimeSpan.FromSeconds(3600)).ToUnixTimeSeconds()} }}"); var mockTransport = new MockTransport(response); var options = new TokenCredentialOptions() { Transport = mockTransport }; ManagedIdentityCredential client = InstrumentClient(new ManagedIdentityCredential("mock-client-id", options)); AccessToken actualToken = await client.GetTokenAsync(new TokenRequestContext(MockScopes.Default)); Assert.AreEqual(expectedToken, actualToken.Token); MockRequest request = mockTransport.Requests[0]; Assert.IsTrue(request.Uri.ToString().StartsWith("https://mock.msi.endpoint/")); Assert.IsTrue(request.Content.TryComputeLength(out long contentLen)); var content = new byte[contentLen]; MemoryStream contentBuff = new MemoryStream(content); request.Content.WriteTo(contentBuff, default); string body = Encoding.UTF8.GetString(content); Assert.IsTrue(body.Contains($"resource={Uri.EscapeDataString(ScopeUtilities.ScopesToResource(MockScopes.Default))}")); Assert.IsTrue(body.Contains($"client_id=mock-client-id")); Assert.IsTrue(request.Headers.TryGetValue("Metadata", out string actMetadata)); Assert.AreEqual("true", actMetadata); } }
public static async Task <HttpResponseMessage> Run( [HttpTrigger(AuthorizationLevel.Function, "get", Route = null)] HttpRequest req, ILogger log) { log.LogInformation("Get Groups using Azure.Identity..."); #if DEBUG log.LogInformation("Using client credentials"); X509Certificate2 cert = Certs.GetCertificateFromStore(Configuration.LocalDevCertName); var credential = new ClientCertificateCredential(Configuration.LocalDevTenantId, Configuration.LocalDevAppId, cert); #else log.LogInformation("Using Managed identity credentials"); var credential = new ManagedIdentityCredential(); #endif try { var accessTokenRequest = await credential.GetTokenAsync( new TokenRequestContext(scopes : new string[] { "https://graph.microsoft.com/.default" }) { } ); var accessToken = accessTokenRequest.Token; //log.LogInformation(accessToken); var httpClient = new HttpClient() { DefaultRequestHeaders = { Authorization = new AuthenticationHeaderValue("Bearer", accessToken) } }; var result = await httpClient.GetStringAsync("https://graph.microsoft.com/v1.0/groups"); return(new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent(result, Encoding.UTF8, "application/json") }); } catch (AuthenticationFailedException ex) { log.LogError($"Authentication Failed. {ex.Message}"); return(null); } }
public async Task VerifyImdsRequestWithClientIdMockAsync() { using (new TestEnvVar("MSI_ENDPOINT", null)) using (new TestEnvVar("MSI_SECRET", null)) { var response = new MockResponse(200); var expectedToken = "mock-msi-access-token"; response.SetContent($"{{ \"access_token\": \"{expectedToken}\", \"expires_on\": \"3600\" }}"); var mockTransport = new MockTransport(response); var options = new TokenCredentialOptions() { Transport = mockTransport }; var pipeline = CredentialPipeline.GetInstance(options); var client = new MockManagedIdentityClient(pipeline, "mock-client-id") { ManagedIdentitySourceFactory = () => new ImdsManagedIdentitySource(pipeline.HttpPipeline, "mock-client-id") }; ManagedIdentityCredential credential = InstrumentClient(new ManagedIdentityCredential(pipeline, client)); AccessToken actualToken = await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default)); Assert.AreEqual(expectedToken, actualToken.Token); MockRequest request = mockTransport.Requests[0]; string query = request.Uri.Query; Assert.IsTrue(query.Contains("api-version=2018-02-01")); Assert.IsTrue(query.Contains($"resource={Uri.EscapeDataString(ScopeUtilities.ScopesToResource(MockScopes.Default))}")); Assert.IsTrue(query.Contains($"client_id=mock-client-id")); Assert.IsTrue(request.Headers.TryGetValue("Metadata", out string metadataValue)); Assert.AreEqual("true", metadataValue); } }
public async Task CancellationTokenHonoredAsync() { var credential = new ManagedIdentityCredential() { Client = new MockIdentityClient() }; var cancellation = new CancellationTokenSource(); ValueTask <string> getTokenComplete = credential.GetTokenAsync(MockScopes.Default, cancellation.Token); cancellation.Cancel(); Assert.ThrowsAsync <TaskCanceledException>(async() => await getTokenComplete, "failed to cancel GetToken call"); await Task.CompletedTask; }
public async Task VerifyAppServiceMsiRequestWithClientIdMockAsync() { using (new TestEnvVar("MSI_ENDPOINT", "https://mock.msi.endpoint/")) using (new TestEnvVar("MSI_SECRET", "mock-msi-secret")) { var response = new MockResponse(200); var expectedToken = "mock-msi-access-token"; response.SetContent($"{{ \"access_token\": \"{expectedToken}\", \"expires_on\": \"{DateTimeOffset.UtcNow.ToString()}\" }}"); var mockTransport = new MockTransport(response); var options = new TokenCredentialOptions() { Transport = mockTransport }; ManagedIdentityCredential credential = InstrumentClient(new ManagedIdentityCredential("mock-client-id", options)); AccessToken actualToken = await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default)); Assert.AreEqual(expectedToken, actualToken.Token); MockRequest request = mockTransport.SingleRequest; Assert.IsTrue(request.Uri.ToString().StartsWith("https://mock.msi.endpoint/")); string query = request.Uri.Query; Assert.IsTrue(query.Contains("api-version=2017-09-01")); Assert.IsTrue(query.Contains($"resource={Uri.EscapeDataString(ScopeUtilities.ScopesToResource(MockScopes.Default))}")); Assert.IsTrue(query.Contains($"clientid=mock-client-id")); Assert.IsTrue(request.Headers.TryGetValue("secret", out string actSecretValue)); Assert.AreEqual("mock-msi-secret", actSecretValue); } }
public void VerifyImdsAvailableUserCanceledMockAsync() { using (new TestEnvVar("MSI_ENDPOINT", null)) using (new TestEnvVar("MSI_SECRET", null)) { var mockTransport = new MockTransport(request => throw new OperationCanceledException("mock user canceled exception")); var options = new TokenCredentialOptions() { Transport = mockTransport }; ManagedIdentityCredential credential = InstrumentClient(new ManagedIdentityCredential("mock-client-id", options)); CancellationTokenSource cancellationSource = new CancellationTokenSource(); cancellationSource.Cancel(); Assert.CatchAsync <OperationCanceledException>(async() => await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default), cancellationSource.Token)); } }
public async Task VerifyImdsRequestWithClientIdMockAsync() { using (new TestEnvVar("MSI_ENDPOINT", null)) using (new TestEnvVar("MSI_SECRET", null)) { var response = new MockResponse(200); var expectedToken = "mock-msi-access-token"; response.SetContent($"{{ \"access_token\": \"{expectedToken}\", \"expires_on\": \"3600\" }}"); var mockTransport = new MockTransport(response, response); var options = new IdentityClientOptions() { Transport = mockTransport }; var credential = new ManagedIdentityCredential(clientId: "mock-client-id", options: options); AccessToken actualToken = await credential.GetTokenAsync(MockScopes.Default); Assert.AreEqual(expectedToken, actualToken.Token); MockRequest request = mockTransport.Requests[mockTransport.Requests.Count - 1]; string query = request.UriBuilder.Query; Assert.IsTrue(query.Contains("api-version=2018-02-01")); Assert.IsTrue(query.Contains($"resource={Uri.EscapeDataString(ScopeUtilities.ScopesToResource(MockScopes.Default))}")); Assert.IsTrue(query.Contains($"client_id=mock-client-id")); Assert.IsTrue(request.Headers.TryGetValue("Metadata", out string metadataValue)); Assert.AreEqual("true", metadataValue); } }
private bool GetManagedIdentity(string managedClientId) { bool retval = false; try { ManagedIdentityCredential managedCredential = new ManagedIdentityCredential(managedClientId, new TokenCredentialOptions { Diagnostics = { ApplicationId = Constants.ApplicationName, IsDistributedTracingEnabled = true, IsLoggingContentEnabled = true, IsLoggingEnabled = true, LoggedHeaderNames = { "x-ms-request-id" }, LoggedQueryParameters = { "api-version" } } }); ManagedIdentityToken = managedCredential.GetTokenAsync(new TokenRequestContext(new string[1] { $"{Constants.ManagementAzureCom}/.default" })).Result; retval = true; } catch (Exception e) { Log.Info($"exception:{e.Message}"); } return(retval); }
public async void Run([TimerTrigger("0 */5 * * * *")] TimerInfo myTimer, ILogger log) { string strQuery = "Resources | where tags['resize-Enable'] =~ 'True'"; var resizeUpList = new List <JObject>(); var resizeDownList = new List <JObject>(); string storageKeyName = "storageAccount"; string storageAppSetting = _configuration[storageKeyName]; log.LogInformation("Storage Account: " + storageAppSetting); string queueKeyName = "storageQueue"; string queueAppSetting = _configuration[queueKeyName]; log.LogInformation("Storage Queue: " + queueAppSetting); string debugKeyName = "debugMode"; string debugAppSetting = _configuration[debugKeyName]; log.LogInformation("Debug: " + debugAppSetting); bool debugFlag = bool.Parse(debugAppSetting); QueueClient messageQueue = getQueueClient(storageAppSetting, queueAppSetting); ManagedIdentityCredential managedIdentityCredential = new ManagedIdentityCredential(); string[] scope = new string[] { "https://management.azure.com/.default" }; var accessToken = (await managedIdentityCredential.GetTokenAsync(new Azure.Core.TokenRequestContext(scope))).Token; TokenCredentials serviceClientCreds = new TokenCredentials(accessToken); ResourceGraphClient rgClient = new ResourceGraphClient(serviceClientCreds); SubscriptionClient subscriptionClient = new SubscriptionClient(serviceClientCreds); IEnumerable <SubscriptionModel> subscriptions = await subscriptionClient.Subscriptions.ListAsync(); var subscriptionIds = subscriptions .Where(s => s.State == SubscriptionState.Enabled) .Select(s => s.SubscriptionId) .ToList(); QueryRequest request = new QueryRequest { Subscriptions = subscriptionIds, Query = strQuery, Options = new QueryRequestOptions(resultFormat: ResultFormat.ObjectArray) }; var response = await rgClient.ResourcesAsync(request); JArray resources = JArray.Parse(response.Data.ToString()); log.LogInformation("Current Time: " + DateTime.UtcNow.ToString("dddd htt")); foreach (JObject resource in resources) { log.LogInformation("Target: " + resource["name"].ToString()); Hashtable times = new Hashtable() { { "StartTime", resource["tags"]["resize-StartTime"].ToString() }, { "EndTime", resource["tags"]["resize-EndTime"].ToString() } }; foreach (string key in times.Keys) { log.LogInformation(string.Format("{0}: {1}", key, times[key])); } Regex rg = new Regex("saveState-.*"); if (resizeTime(times)) { // log.LogInformation("Resize Time: YES"); if (resource["tags"].Children <JProperty>().Any(prop => rg.IsMatch(prop.Name.ToString()))) { log.LogInformation(resource["name"].ToString() + " Already Scaled Down..."); } else { log.LogInformation(resource["name"].ToString() + " Needs to be Scaled Down..."); resizeDownList.Add(resource); } } else { // log.LogInformation("Resize Time: NO"); if (resource["tags"].Children <JProperty>().Any(prop => rg.IsMatch(prop.Name.ToString()))) { log.LogInformation(resource["name"].ToString() + " Needs to be Scaled Up..."); resizeUpList.Add(resource); } else { log.LogInformation(resource["name"].ToString() + " Already Scaled Up..."); } } } foreach (var item in resizeUpList) { log.LogInformation(item["name"].ToString() + " => up"); var messageData = new JObject(); messageData.Add(new JProperty("debug", debugFlag)); messageData.Add(new JProperty("direction", "up")); messageData.Add(new JProperty("graphResults", item)); writeQueueMessage(messageData, messageQueue); } ; foreach (var item in resizeDownList) { log.LogInformation(item["name"].ToString() + " => down"); var messageData = new JObject(); messageData.Add(new JProperty("debug", debugFlag)); messageData.Add(new JProperty("direction", "down")); messageData.Add(new JProperty("graphResults", item)); writeQueueMessage(messageData, messageQueue); } ; }
public void VerifyImdsUnavailableImmediateFailureMockAsync() { using (new TestEnvVar("MSI_ENDPOINT", null)) using (new TestEnvVar("MSI_SECRET", null)) { var mockTransport = new MockTransport(request => throw new Exception("mock imds probe exception")); var options = new TokenCredentialOptions() { Transport = mockTransport }; ManagedIdentityCredential credential = InstrumentClient(new ManagedIdentityCredential("mock-client-id", options)); Assert.ThrowsAsync <CredentialUnavailableException>(async() => await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default))); MockRequest request = mockTransport.Requests[0]; string query = request.Uri.Query; Assert.IsTrue(query.Contains("api-version=2018-02-01")); Assert.False(request.Headers.TryGetValue("Metadata", out string _)); } }
protected override async Task <AccessToken> GetAccessTokenFromProviderAsync(CancellationToken cancellationToken) { var credential = new ManagedIdentityCredential(); return(await credential.GetTokenAsync(new TokenRequestContext(_authenticationTokenScopes), cancellationToken)); }