/// <summary>
/// Creates a new authentication broker based for the specified resource.
/// <para/>
/// Returns `<see langword="true"/>` if an authority could be determined; otherwise `<see langword="false"/>`.
/// </summary>
/// <param name="targetUri">The resource for which authentication is being requested.</param>
/// <param name="scope">The scope of the access being requested.</param>
/// <param name="personalAccessTokenStore">Storage container for personal access token secrets.</param>
public static async Task <BaseAuthentication> GetAuthentication(
RuntimeContext context,
TargetUri targetUri,
TokenScope scope,
ICredentialStore personalAccessTokenStore)
{
if (context is null)
{
throw new ArgumentNullException(nameof(context));
}
if (targetUri is null)
{
throw new ArgumentNullException(nameof(targetUri));
}
if (scope is null)
{
throw new ArgumentNullException(nameof(scope));
}
if (personalAccessTokenStore is null)
{
throw new ArgumentNullException(nameof(personalAccessTokenStore));
}
BaseAuthentication authentication = null;
var result = await DetectAuthority(context, targetUri);
if (!result.HasValue)
{
return(null);
}
// Query for the tenant's identity
Guid tenantId = result.Value;
// empty identity is MSA, anything else is AAD
if (tenantId == Guid.Empty)
{
context.Trace.WriteLine("MSA authority detected.");
authentication = new MsaAuthentication(context, scope, personalAccessTokenStore);
}
else
{
context.Trace.WriteLine($"AAD authority for tenant '{tenantId}' detected.");
authentication = new AadAuthentication(context, tenantId, scope, personalAccessTokenStore);
(authentication as AadAuthentication).TenantId = tenantId;
}
return(authentication);
}
public static async Task <BaseAuthentication> CreateAuthentication(Program program, OperationArguments operationArguments)
{
if (operationArguments is null)
{
throw new ArgumentNullException(nameof(operationArguments));
}
if (operationArguments.TargetUri is null)
{
var innerException = new NullReferenceException($"`{operationArguments.TargetUri}` cannot be null.");
throw new ArgumentException(innerException.Message, nameof(operationArguments), innerException);
}
var secretsNamespace = operationArguments.CustomNamespace ?? Program.SecretsNamespace;
BaseAuthentication authority = null;
var basicCredentialCallback = (operationArguments.UseModalUi)
? new AcquireCredentialsDelegate(program.ModalPromptForCredentials)
: new AcquireCredentialsDelegate(program.BasicCredentialPrompt);
var bitbucketPrompts = new Bitbucket.AuthenticationPrompts(program.Context, operationArguments.ParentHwnd);
var bitbucketCredentialCallback = (operationArguments.UseModalUi)
? bitbucketPrompts.CredentialModalPrompt
: new Bitbucket.Authentication.AcquireCredentialsDelegate(program.BitbucketCredentialPrompt);
var bitbucketOauthCallback = (operationArguments.UseModalUi)
? bitbucketPrompts.AuthenticationOAuthModalPrompt
: new Bitbucket.Authentication.AcquireAuthenticationOAuthDelegate(program.BitbucketOAuthPrompt);
var githubPrompts = new Github.AuthenticationPrompts(program.Context, operationArguments.ParentHwnd);
var githubCredentialCallback = (operationArguments.UseModalUi)
? new Github.Authentication.AcquireCredentialsDelegate(githubPrompts.CredentialModalPrompt)
: new Github.Authentication.AcquireCredentialsDelegate(program.GitHubCredentialPrompt);
var githubAuthcodeCallback = (operationArguments.UseModalUi)
? new Github.Authentication.AcquireAuthenticationCodeDelegate(githubPrompts.AuthenticationCodeModalPrompt)
: new Github.Authentication.AcquireAuthenticationCodeDelegate(program.GitHubAuthCodePrompt);
NtlmSupport basicNtlmSupport = NtlmSupport.Auto;
switch (operationArguments.Authority)
{
case AuthorityType.Auto:
program.Trace.WriteLine($"detecting authority type for '{operationArguments.TargetUri}'.");
// Detect the authority.
authority = await Vsts.Authentication.GetAuthentication(program.Context,
operationArguments.TargetUri,
Program.VstsCredentialScope,
new SecretStore(program.Context, secretsNamespace, Vsts.Authentication.UriNameConversion))
?? Github.Authentication.GetAuthentication(program.Context,
operationArguments.TargetUri,
Program.GitHubCredentialScope,
new SecretStore(program.Context, secretsNamespace, Secret.UriToName),
githubCredentialCallback,
githubAuthcodeCallback,
null)
?? Bitbucket.Authentication.GetAuthentication(program.Context,
operationArguments.TargetUri,
new SecretStore(program.Context, secretsNamespace, Secret.UriToIdentityUrl),
bitbucketCredentialCallback,
bitbucketOauthCallback);
if (authority != null)
{
// Set the authority type based on the returned value.
if (authority is Vsts.MsaAuthentication)
{
operationArguments.Authority = AuthorityType.MicrosoftAccount;
goto case AuthorityType.MicrosoftAccount;
}
else if (authority is Vsts.AadAuthentication)
{
operationArguments.Authority = AuthorityType.AzureDirectory;
goto case AuthorityType.AzureDirectory;
}
else if (authority is Github.Authentication)
{
operationArguments.Authority = AuthorityType.GitHub;
goto case AuthorityType.GitHub;
}
else if (authority is Bitbucket.Authentication)
{
operationArguments.Authority = AuthorityType.Bitbucket;
goto case AuthorityType.Bitbucket;
}
}
goto default;
case AuthorityType.AzureDirectory:
program.Trace.WriteLine($"authority for '{operationArguments.TargetUri}' is Azure Directory.");
if (authority is null)
{
Guid tenantId = Guid.Empty;
// Get the identity of the tenant.
var result = await Vsts.Authentication.DetectAuthority(program.Context, operationArguments.TargetUri);
if (result.HasValue)
{
tenantId = result.Value;
}
// Create the authority object.
authority = new Vsts.AadAuthentication(program.Context,
tenantId,
operationArguments.VstsTokenScope,
new SecretStore(program.Context, secretsNamespace, Vsts.AadAuthentication.UriNameConversion));
}
// Return the allocated authority or a generic AAD backed VSTS authentication object.
return(authority);
case AuthorityType.Basic:
// Enforce basic authentication only.
basicNtlmSupport = NtlmSupport.Never;
goto default;
case AuthorityType.GitHub:
program.Trace.WriteLine($"authority for '{operationArguments.TargetUri}' is GitHub.");
// Return a GitHub authentication object.
return(authority ?? new Github.Authentication(program.Context,
operationArguments.TargetUri,
Program.GitHubCredentialScope,
new SecretStore(program.Context, secretsNamespace, Secret.UriToName),
githubCredentialCallback,
githubAuthcodeCallback,
null));
case AuthorityType.Bitbucket:
program.Trace.WriteLine($"authority for '{operationArguments.TargetUri}' is Bitbucket.");
// Return a Bitbucket authentication object.
return(authority ?? new Bitbucket.Authentication(program.Context,
new SecretStore(program.Context, secretsNamespace, Secret.UriToIdentityUrl),
bitbucketCredentialCallback,
bitbucketOauthCallback));
case AuthorityType.MicrosoftAccount:
program.Trace.WriteLine($"authority for '{operationArguments.TargetUri}' is Microsoft Live.");
// Return the allocated authority or a generic MSA backed VSTS authentication object.
return(authority ?? new Vsts.MsaAuthentication(program.Context,
operationArguments.VstsTokenScope,
new SecretStore(program.Context, secretsNamespace, Vsts.MsaAuthentication.UriNameConversion)));
case AuthorityType.Ntlm:
// Enforce NTLM authentication only.
basicNtlmSupport = NtlmSupport.Always;
goto default;
default:
program.Trace.WriteLine($"authority for '{operationArguments.TargetUri}' is basic with NTLM={basicNtlmSupport}.");
// Return a generic username + password authentication object.
return(authority ?? new BasicAuthentication(program.Context,
new SecretStore(program.Context, secretsNamespace, Secret.UriToIdentityUrl),
basicNtlmSupport,
basicCredentialCallback,
null));
}
}
