private static BlobClient GetBlobClient(ILogger log, string mode, string miClientID, string storageEndPoint, string clientId, string clientSecret, string tennat, string blobContainerName, string blobName) { log.LogInformation($"will access using {mode}"); Azure.Identity.TokenCredentialOptions options = default; ClientSecretCredential spnToken = new ClientSecretCredential(tennat, clientId, clientSecret); ManagedIdentityCredential token = new ManagedIdentityCredential(miClientID, options); string saConnectionString = ""; // note, that in a real impl, only one type should be used if (mode.Equals("spn")) { var client = new SecretClient(new Uri("https://gensaskv.vault.azure.net/"), spnToken); saConnectionString = client.GetSecret("sa-cs").Value.Value; } else { var client = new SecretClient(new Uri("https://gensaskv.vault.azure.net/"), token); saConnectionString = client.GetSecret("sa-cs").Value.Value; } BlobClient blobClient = new BlobClient(saConnectionString, blobContainerName, blobName); log.LogInformation($"got blob client via token, blobClient.CanGenerateSasUri ? {blobClient.CanGenerateSasUri}"); return(blobClient); }
/// <summary> /// Creates an instance of the EnvironmentCredential class and reads client secret details from environment variables. /// If the expected environment variables are not found at this time, the GetToken method will return the default <see cref="AccessToken"/> when invoked. /// </summary> /// <param name="options">Options that allow to configure the management of the requests sent to the Azure Active Directory service.</param> public EnvironmentCredential(TokenCredentialOptions options) { string tenantId = EnvironmentVariables.TenantId; string clientId = EnvironmentVariables.ClientId; string clientSecret = EnvironmentVariables.ClientSecret; string username = EnvironmentVariables.Username; string password = EnvironmentVariables.Password; if (tenantId != null && clientId != null) { if (clientSecret != null) { _credential = new ClientSecretCredential(tenantId, clientId, clientSecret, options); } else if (username != null && password != null && tenantId != null && clientId != null) { _credential = new UsernamePasswordCredential(username, password, clientId, tenantId); } } }
internal UsernamePasswordCredential( string username, string password, string tenantId, string clientId, TokenCredentialOptions options, CredentialPipeline pipeline, MsalPublicClient client) { Argument.AssertNotNull(username, nameof(username)); Argument.AssertNotNull(password, nameof(password)); Argument.AssertNotNull(clientId, nameof(clientId)); _tenantId = Validations.ValidateTenantId(tenantId, nameof(tenantId)); _username = username; _password = password.ToSecureString(); _clientId = clientId; _pipeline = pipeline ?? CredentialPipeline.GetInstance(options); Client = client ?? new MsalPublicClient(_pipeline, tenantId, clientId, null, options); }
/// <summary> /// Creates a new DeviceCodeCredential with the specifeid options, which will authenticate users with the specified application. /// </summary> /// <param name="deviceCodeCallback">The callback to be executed to display the device code to the user</param> /// <param name="tenantId">The tenant id of the application to which users will authenticate. This can be null for multi-tenanted applications.</param> /// <param name="clientId">The client id of the application to which the users will authenticate</param> /// <param name="options">The client options for the newly created DeviceCodeCredential</param> public DeviceCodeCredential(Func <DeviceCodeInfo, CancellationToken, Task> deviceCodeCallback, string tenantId, string clientId, TokenCredentialOptions options = default) { _clientId = clientId ?? throw new ArgumentNullException(nameof(clientId)); _deviceCodeCallback = deviceCodeCallback ?? throw new ArgumentNullException(nameof(deviceCodeCallback)); _options = options ?? new TokenCredentialOptions(); _pipeline = HttpPipelineBuilder.Build(_options); _clientDiagnostics = new ClientDiagnostics(options); var pubAppBuilder = PublicClientApplicationBuilder.Create(_clientId).WithHttpClientFactory(new HttpPipelineClientFactory(_pipeline)).WithRedirectUri("https://login.microsoftonline.com/common/oauth2/nativeclient"); if (!string.IsNullOrEmpty(tenantId)) { pubAppBuilder = pubAppBuilder.WithTenantId(tenantId); } _pubApp = pubAppBuilder.Build(); }
internal UsernamePasswordCredential( string username, string password, string tenantId, string clientId, TokenCredentialOptions options, CredentialPipeline pipeline, MsalPublicClient client) { Argument.AssertNotNull(username, nameof(username)); Argument.AssertNotNull(password, nameof(password)); Argument.AssertNotNull(clientId, nameof(clientId)); _tenantId = Validations.ValidateTenantId(tenantId, nameof(tenantId)); _allowMultiTenantAuthentication = options?.AllowMultiTenantAuthentication ?? false; _username = username; _password = password.ToSecureString(); _clientId = clientId; _pipeline = pipeline ?? CredentialPipeline.GetInstance(options); Client = client ?? new MsalPublicClient(_pipeline, tenantId, clientId, null, options as ITokenCacheOptions, options?.IsLoggingPIIEnabled ?? false); }
internal EnvironmentCredential(CredentialPipeline pipeline, TokenCredentialOptions options = null) { _pipeline = pipeline; _options = options ?? new TokenCredentialOptions(); string tenantId = EnvironmentVariables.TenantId; string clientId = EnvironmentVariables.ClientId; string clientSecret = EnvironmentVariables.ClientSecret; string clientCertificatePath = EnvironmentVariables.ClientCertificatePath; string clientSendCertificateChain = EnvironmentVariables.ClientSendCertificateChain; string username = EnvironmentVariables.Username; string password = EnvironmentVariables.Password; if (!string.IsNullOrEmpty(tenantId) && !string.IsNullOrEmpty(clientId)) { if (!string.IsNullOrEmpty(clientSecret)) { Credential = new ClientSecretCredential(tenantId, clientId, clientSecret, _options, _pipeline, null); } else if (!string.IsNullOrEmpty(username) && !string.IsNullOrEmpty(password)) { Credential = new UsernamePasswordCredential(username, password, tenantId, clientId, _options, _pipeline, null); } else if (!string.IsNullOrEmpty(clientCertificatePath)) { bool sendCertificateChain = !string.IsNullOrEmpty(clientSendCertificateChain) && (clientSendCertificateChain == "1" || clientSendCertificateChain == "true"); ClientCertificateCredentialOptions clientCertificateCredentialOptions = new ClientCertificateCredentialOptions { AuthorityHost = _options.AuthorityHost, IsLoggingPIIEnabled = _options.IsLoggingPIIEnabled, Transport = _options.Transport, SendCertificateChain = sendCertificateChain }; Credential = new ClientCertificateCredential(tenantId, clientId, clientCertificatePath, clientCertificateCredentialOptions, _pipeline, null); } } }
/// <summary> /// Creates an instance of the ClientCertificateCredential with the details needed to authenticate against Azure Active Directory with the specified certificate. /// </summary> /// <param name="tenantId">The Azure Active Directory tenant (directory) Id of the service principal.</param> /// <param name="clientId">The client (application) ID of the service principal</param> /// <param name="clientCertificate">The authentication X509 Certificate of the service principal</param> /// <param name="options">Options that allow to configure the management of the requests sent to the Azure Active Directory service.</param> public ClientCertificateCredential(string tenantId, string clientId, X509Certificate2 clientCertificate, TokenCredentialOptions options) { TenantId = tenantId ?? throw new ArgumentNullException(nameof(tenantId)); ClientId = clientId ?? throw new ArgumentNullException(nameof(clientId)); ClientCertificate = clientCertificate ?? throw new ArgumentNullException(nameof(clientCertificate)); _client = (options != null) ? new AadIdentityClient(options) : AadIdentityClient.SharedClient; }
internal DeviceCodeCredential(Func <DeviceCodeInfo, CancellationToken, Task> deviceCodeCallback, string tenantId, string clientId, TokenCredentialOptions options, CredentialPipeline pipeline) : this(deviceCodeCallback, tenantId, clientId, options, pipeline, null) { }
/// <inheritdoc /> internal VisualStudioCredential(string tenantId, TokenCredentialOptions options) : this(tenantId, options, default, default) { }
internal ClientCertificateCredential(string tenantId, string clientId, string certificatePath, TokenCredentialOptions options, CredentialPipeline pipeline, MsalConfidentialClient client) : this(tenantId, clientId, new X509Certificate2FromFileProvider(certificatePath ?? throw new ArgumentNullException(nameof(certificatePath))), options, pipeline, client)
/// <summary> /// Creates an instance of the <see cref="UsernamePasswordCredential"/> with the details needed to authenticate against Azure Active Directory with a simple username /// and password. /// </summary> /// <param name="username">The user account's user name, UPN.</param> /// <param name="password">The user account's password.</param> /// <param name="tenantId">The Azure Active Directory tenant (directory) ID or name.</param> /// <param name="clientId">The client (application) ID of an App Registration in the tenant.</param> /// <param name="options">The client options for the newly created UsernamePasswordCredential</param> public UsernamePasswordCredential(string username, string password, string tenantId, string clientId, TokenCredentialOptions options) : this(username, password, tenantId, clientId, options, null, null) { }
internal InteractiveBrowserCredential(string tenantId, string clientId, TokenCredentialOptions options, CredentialPipeline pipeline) : this(tenantId, clientId, options, pipeline, null) { }
public DefaultAzureCredentialFactory(TokenCredentialOptions options) : this(CredentialPipeline.GetInstance(options)) { }
internal UsernamePasswordCredential(string username, string password, string tenantId, string clientId, CredentialPipeline pipeline, TokenCredentialOptions options = default) : this(username, password, pipeline, pipeline.CreateMsalPublicClient(clientId, tenantId, cacheOptions : options as ITokenCacheOptions)) { }
/// <summary> /// Creates an instance of the <see cref="UsernamePasswordCredential"/> with the details needed to authenticate against Azure Active Directory with a simple username /// and password. /// </summary> /// <param name="username">The user account's user name, UPN.</param> /// <param name="password">The user account's password.</param> /// <param name="tenantId">The Azure Active Directory tenant (directory) ID or name.</param> /// <param name="clientId">The client (application) ID of an App Registration in the tenant.</param> /// <param name="options">The client options for the newly created UsernamePasswordCredential</param> public UsernamePasswordCredential(string username, string password, string tenantId, string clientId, TokenCredentialOptions options) : this(username, password, tenantId, clientId, CredentialPipeline.GetInstance(options)) { }
internal DeviceCodeCredential(Func <DeviceCodeInfo, CancellationToken, Task> deviceCodeCallback, string tenantId, string clientId, TokenCredentialOptions options, CredentialPipeline pipeline, MsalPublicClient client) { Argument.AssertNotNull(clientId, nameof(clientId)); Argument.AssertNotNull(deviceCodeCallback, nameof(deviceCodeCallback)); _tenantId = tenantId; ClientId = clientId; DeviceCodeCallback = deviceCodeCallback; DisableAutomaticAuthentication = (options as DeviceCodeCredentialOptions)?.DisableAutomaticAuthentication ?? false; Record = (options as DeviceCodeCredentialOptions)?.AuthenticationRecord; Pipeline = pipeline ?? CredentialPipeline.GetInstance(options); Client = client ?? new MsalPublicClient( Pipeline, tenantId, ClientId, AzureAuthorityHosts.GetDeviceCodeRedirectUri(Pipeline.AuthorityHost).AbsoluteUri, options as ITokenCacheOptions, options?.IsLoggingPIIEnabled ?? false); }
/// <summary> /// Creates a new <see cref="InteractiveBrowserCredential"/> with the specified options, which will authenticate users with the specified application. /// </summary> /// <param name="tenantId">The tenant id of the application and the users to authenticate. Can be null in the case of multi-tenant applications.</param> /// <param name="clientId">The client id of the application to which the users will authenticate</param> /// TODO: need to link to info on how the application has to be created to authenticate users, for multiple applications /// <param name="options">The client options for the newly created <see cref="InteractiveBrowserCredential"/>.</param> public InteractiveBrowserCredential(string tenantId, string clientId, TokenCredentialOptions options = default) : this(tenantId, clientId, options, null, null) { }
public SharedTokenCacheCredential(string username, TokenCredentialOptions options = default) : this(null, username, options, null, null) { }
/// <inheritdoc /> public VisualStudioCodeCredential(string tenantId, TokenCredentialOptions options) : this(tenantId, CredentialPipeline.GetInstance(options), default, default) { }
internal SharedTokenCacheCredential(string tenantId, string username, TokenCredentialOptions options, CredentialPipeline pipeline) : this(tenantId, username, options, pipeline, null) { }
internal UsernamePasswordCredential(string username, string password, string tenantId, string clientId, TokenCredentialOptions options, CredentialPipeline pipeline, MsalPublicClient client) { _username = username ?? throw new ArgumentNullException(nameof(username)); _password = (password != null) ? password.ToSecureString() : throw new ArgumentNullException(nameof(password)); _clientId = clientId ?? throw new ArgumentNullException(nameof(clientId)); Validations.ValidateTenantId(tenantId, nameof(tenantId)); _pipeline = pipeline ?? CredentialPipeline.GetInstance(options); _client = client ?? new MsalPublicClient(_pipeline, tenantId, clientId, null, options as ITokenCacheOptions); }
internal ClientSecretCredential(string tenantId, string clientId, string clientSecret, TokenCredentialOptions options, CredentialPipeline pipeline, MsalConfidentialClient client) { TenantId = tenantId ?? throw new ArgumentNullException(nameof(tenantId)); ClientId = clientId ?? throw new ArgumentNullException(nameof(clientId)); ClientSecret = clientSecret ?? throw new ArgumentNullException(nameof(clientSecret)); _pipeline = pipeline ?? CredentialPipeline.GetInstance(options); _client = client ?? new MsalConfidentialClient(_pipeline, tenantId, clientId, clientSecret, options as ITokenCacheOptions); }
/// <summary> /// Creates an instance of the ClientCertificateCredential with the details needed to authenticate against Azure Active Directory with the specified certificate. /// </summary> /// <param name="tenantId">The Azure Active Directory tenant (directory) Id of the service principal.</param> /// <param name="clientId">The client (application) ID of the service principal</param> /// <param name="clientCertificatePath">The path to a file which contains both the client certificate and private key.</param> /// <param name="options">Options that allow to configure the management of the requests sent to the Azure Active Directory service.</param> public ClientCertificateCredential(string tenantId, string clientId, string clientCertificatePath, TokenCredentialOptions options) : this(tenantId, clientId, clientCertificatePath, options, null, null) { }
/// <summary> /// Creates an instance of the ClientSecretCredential with the details needed to authenticate against Azure Active Directory with a prefetched authorization code. /// </summary> /// <param name="tenantId">The Azure Active Directory tenant (directory) Id of the service principal.</param> /// <param name="clientId">The client (application) ID of the service principal</param> /// <param name="clientSecret">A client secret that was generated for the App Registration used to authenticate the client.</param> /// <param name="authorizationCode">The authorization code obtained from a call to authorize. The code should be obtained with all required scopes. /// See https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow for more information.</param> /// <param name="options">Options that allow to configure the management of the requests sent to the Azure Active Directory service.</param> public AuthorizationCodeCredential(string tenantId, string clientId, string clientSecret, string authorizationCode, TokenCredentialOptions options) { if (tenantId is null) { throw new ArgumentNullException(nameof(tenantId)); } if (clientId is null) { throw new ArgumentNullException(nameof(clientId)); } if (clientSecret is null) { throw new ArgumentNullException(nameof(clientSecret)); } _authCode = authorizationCode ?? throw new ArgumentNullException(nameof(authorizationCode)); options ??= new TokenCredentialOptions(); _pipeline = CredentialPipeline.GetInstance(options); _confidentialClient = ConfidentialClientApplicationBuilder.Create(clientId).WithHttpClientFactory(new HttpPipelineClientFactory(_pipeline.HttpPipeline)).WithTenantId(tenantId).WithClientSecret(clientSecret).Build(); _clientDiagnostics = new ClientDiagnostics(options); }
/// <summary> /// Creates a new DeviceCodeCredential with the specified options, which will authenticate users with the specified application. /// </summary> /// <param name="deviceCodeCallback">The callback to be executed to display the device code to the user</param> /// <param name="tenantId">The tenant id of the application to which users will authenticate. This can be null for multi-tenanted applications.</param> /// <param name="clientId">The client id of the application to which the users will authenticate</param> /// <param name="options">The client options for the newly created DeviceCodeCredential</param> public DeviceCodeCredential(Func <DeviceCodeInfo, CancellationToken, Task> deviceCodeCallback, string tenantId, string clientId, TokenCredentialOptions options = default) : this(deviceCodeCallback, tenantId, clientId, options, null) { }
/// <summary> /// Creates an instance of the ClientSecretCredential with the details needed to authenticate against Azure Active Directory with a client secret. /// </summary> /// <param name="tenantId">The Azure Active Directory tenant (directory) Id of the service principal.</param> /// <param name="clientId">The client (application) ID of the service principal</param> /// <param name="clientSecret">A client secret that was generated for the App Registration used to authenticate the client.</param> /// <param name="options">Options that allow to configure the management of the requests sent to the Azure Active Directory service.</param> public ClientSecretCredential(string tenantId, string clientId, string clientSecret, TokenCredentialOptions options) : this(tenantId, clientId, clientSecret, options, null, null) { }
internal DeviceCodeCredential(Func <DeviceCodeInfo, CancellationToken, Task> deviceCodeCallback, string tenantId, string clientId, TokenCredentialOptions options, CredentialPipeline pipeline, MsalPublicClient client) { _clientId = clientId ?? throw new ArgumentNullException(nameof(clientId)); _deviceCodeCallback = deviceCodeCallback ?? throw new ArgumentNullException(nameof(deviceCodeCallback)); _pipeline = pipeline ?? CredentialPipeline.GetInstance(options); _client = client ?? new MsalPublicClient(_pipeline, tenantId, clientId, AzureAuthorityHosts.GetDeviceCodeRedirectUri(_pipeline.AuthorityHost).ToString(), options as ITokenCacheOptions); }
internal ClientSecretCredential(string tenantId, string clientId, string clientSecret, TokenCredentialOptions options, CredentialPipeline pipeline, MsalConfidentialClient client) { Argument.AssertNotNull(clientId, nameof(clientId)); Argument.AssertNotNull(clientSecret, nameof(clientSecret)); TenantId = Validations.ValidateTenantId(tenantId, nameof(tenantId)); ClientId = clientId ?? throw new ArgumentNullException(nameof(clientId)); ClientSecret = clientSecret; _allowMultiTenantAuthentication = options?.AllowMultiTenantAuthentication ?? false; _pipeline = pipeline ?? CredentialPipeline.GetInstance(options); Client = client ?? new MsalConfidentialClient( _pipeline, tenantId, clientId, clientSecret, options as ITokenCacheOptions, (options as ClientSecretCredentialOptions)?.RegionalAuthority, options?.IsLoggingPIIEnabled ?? false); }
/// <summary> /// Creates an instance of the ManagedIdentityCredential capable of authenticating a resource with a managed identity. /// </summary> /// <param name="clientId"> /// The client id to authenticate for a user assigned managed identity. More information on user assigned managed identities can be found here: /// https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview#how-a-user-assigned-managed-identity-works-with-an-azure-vm /// </param> /// <param name="options">Options to configure the management of the requests sent to the Azure Active Directory service.</param> public ManagedIdentityCredential(string clientId = null, TokenCredentialOptions options = null) : this(clientId, CredentialPipeline.GetInstance(options)) { }
public DeviceCodeCredential(Func <DeviceCodeInfo, CancellationToken, Task> deviceCodeCallback, string tenantId, string clientId, TokenCredentialOptions options = default) : this(deviceCodeCallback, Validations.ValidateTenantId(tenantId, nameof(tenantId), allowNull : true), clientId, options, null) { }