public override Task <IAccessToken> Authenticate(AuthenticationParameters parameters, CancellationToken cancellationToken) { var tokenParameters = parameters as AccessTokenParameters; var tenant = tokenParameters.TenantId; var account = tokenParameters.Account; var resourceId = tokenParameters.ResourceId; var environment = tokenParameters.Environment; var rawToken = new RawAccessToken { TenantId = tenant, UserId = account.Id, LoginType = AzureAccount.AccountType.AccessToken }; if ((resourceId.EqualsInsensitively(environment.AzureKeyVaultServiceEndpointResourceId) || resourceId.EqualsInsensitively(AzureEnvironment.Endpoint.AzureKeyVaultServiceEndpointResourceId) || resourceId.EqualsInsensitively(environment.GetEndpoint(environment.AzureKeyVaultServiceEndpointResourceId)) || resourceId.EqualsInsensitively(environment.GetEndpoint(AzureEnvironment.Endpoint.AzureKeyVaultServiceEndpointResourceId))) && account.IsPropertySet(AzureAccount.Property.KeyVaultAccessToken)) { TracingAdapter.Information($"{DateTime.Now:T} - [AccessTokenAuthenticator] Creating KeyVault access token - Tenant: '{tenant}', ResourceId: '{resourceId}', UserId: '{account.Id}'"); rawToken.AccessToken = account.GetProperty(AzureAccount.Property.KeyVaultAccessToken); } else if ((resourceId.EqualsInsensitively(environment.GraphEndpointResourceId) || resourceId.EqualsInsensitively(AzureEnvironment.Endpoint.GraphEndpointResourceId) || resourceId.EqualsInsensitively(environment.GetEndpoint(environment.GraphEndpointResourceId)) || resourceId.EqualsInsensitively(environment.GetEndpoint(AzureEnvironment.Endpoint.GraphEndpointResourceId))) && account.IsPropertySet(AzureAccount.Property.GraphAccessToken)) { TracingAdapter.Information($"{DateTime.Now:T} - [AccessTokenAuthenticator] Creating Graph access token - Tenant: '{tenant}', ResourceId: '{resourceId}', UserId: '{account.Id}'"); rawToken.AccessToken = account.GetProperty(AzureAccount.Property.GraphAccessToken); } else if ((resourceId.EqualsInsensitively(environment.ActiveDirectoryServiceEndpointResourceId) || resourceId.EqualsInsensitively(AzureEnvironment.Endpoint.ActiveDirectoryServiceEndpointResourceId) || resourceId.EqualsInsensitively(environment.GetEndpoint(environment.ActiveDirectoryServiceEndpointResourceId)) || resourceId.EqualsInsensitively(environment.GetEndpoint(AzureEnvironment.Endpoint.ActiveDirectoryServiceEndpointResourceId))) && account.IsPropertySet(AzureAccount.Property.AccessToken)) { TracingAdapter.Information($"{DateTime.Now:T} - [AccessTokenAuthenticator] Creating access token - Tenant: '{tenant}', ResourceId: '{resourceId}', UserId: '{account.Id}'"); rawToken.AccessToken = account.GetAccessToken(); } else if (((environment.ExtendedProperties.ContainsKey(AzureEnvironment.ExtendedEndpoint.MicrosoftGraphEndpointResourceId) && resourceId.EqualsInsensitively(environment.ExtendedProperties[AzureEnvironment.ExtendedEndpoint.MicrosoftGraphEndpointResourceId])) || resourceId.EqualsInsensitively(AzureEnvironment.ExtendedEndpoint.MicrosoftGraphEndpointResourceId) || resourceId.EqualsInsensitively(environment.GetEndpoint(AzureEnvironment.ExtendedEndpoint.MicrosoftGraphEndpointResourceId))) && account.IsPropertySet(Constants.MicrosoftGraphAccessToken)) { TracingAdapter.Information($"{DateTime.Now:T} - [AccessTokenAuthenticator] Creating access token - Tenant: '{tenant}', ResourceId: '{resourceId}', UserId: '{account.Id}'"); rawToken.AccessToken = account.GetProperty(Constants.MicrosoftGraphAccessToken); } else { throw new InvalidOperationException(string.Format(_accessTokenFailure, resourceId)); } return(Task.Run(() => rawToken as IAccessToken, cancellationToken)); }
public IAccessToken Authenticate( IAzureAccount account, IAzureEnvironment environment, string tenant, SecureString password, string promptBehavior, Action <string> promptAction, IAzureTokenCache tokenCache, string resourceId = AzureEnvironment.Endpoint.ActiveDirectoryServiceEndpointResourceId) { IAccessToken token; var cache = tokenCache as TokenCache; if (cache == null) { cache = TokenCache.DefaultShared; } var configuration = GetAdalConfiguration(environment, tenant, resourceId, cache); TracingAdapter.Information( Resources.AdalAuthConfigurationTrace, configuration.AdDomain, configuration.AdEndpoint, configuration.ClientId, configuration.ClientRedirectUri, configuration.ResourceClientUri, configuration.ValidateAuthority); if (account != null && account.Type == AzureAccount.AccountType.ManagedService) { token = GetManagedServiceToken(account, environment, tenant, resourceId); } else if (account != null && environment != null && account.Type == AzureAccount.AccountType.AccessToken) { var rawToken = new RawAccessToken { TenantId = tenant, UserId = account.Id, LoginType = AzureAccount.AccountType.AccessToken }; if ((string.Equals(resourceId, environment.AzureKeyVaultServiceEndpointResourceId, StringComparison.OrdinalIgnoreCase) || string.Equals(AzureEnvironment.Endpoint.AzureKeyVaultServiceEndpointResourceId, resourceId, StringComparison.OrdinalIgnoreCase)) && account.IsPropertySet(AzureAccount.Property.KeyVaultAccessToken)) { rawToken.AccessToken = account.GetProperty(AzureAccount.Property.KeyVaultAccessToken); } else if ((string.Equals(resourceId, environment.GraphEndpointResourceId, StringComparison.OrdinalIgnoreCase) || string.Equals(AzureEnvironment.Endpoint.GraphEndpointResourceId, resourceId, StringComparison.OrdinalIgnoreCase)) && account.IsPropertySet(AzureAccount.Property.GraphAccessToken)) { rawToken.AccessToken = account.GetProperty(AzureAccount.Property.GraphAccessToken); } else if ((string.Equals(resourceId, environment.ActiveDirectoryServiceEndpointResourceId, StringComparison.OrdinalIgnoreCase) || string.Equals(AzureEnvironment.Endpoint.ActiveDirectoryServiceEndpointResourceId, resourceId, StringComparison.OrdinalIgnoreCase)) && account.IsPropertySet(AzureAccount.Property.AccessToken)) { rawToken.AccessToken = account.GetAccessToken(); } else { throw new InvalidOperationException(string.Format(Resources.AccessTokenResourceNotFound, resourceId)); } token = rawToken; } else if (account.IsPropertySet(AzureAccount.Property.CertificateThumbprint)) { var thumbprint = account.GetProperty(AzureAccount.Property.CertificateThumbprint); #if !NETSTANDARD token = TokenProvider.GetAccessTokenWithCertificate(configuration, account.Id, thumbprint, account.Type); #else throw new NotSupportedException("Certificate based authentication is not supported in netcore version."); #endif } else { token = TokenProvider.GetAccessToken(configuration, promptBehavior, promptAction, account.Id, password, account.Type); } account.Id = token.UserId; return(token); }