Interface to secure secrets storage which indexes values by target and utilizes the operating system keychain / secrets vault.
Наследование: BaseSecureStore, ICredentialStore, ITokenStore
Пример #1
0
 /// <summary>
 /// Attempts to enumerate and delete any and all Azure Directory Authentication
 /// Refresh tokens caches by GCM asynchronously.
 /// </summary>
 /// <returns>A <see cref="Task"/> for the async action.</returns>
 private static Task SecurityPurgeAdaTokens(SecretStore adaStore)
 {
     // this can and should be done asynchronously to minimize user impact
     return(Task.Run(() =>
     {
         adaStore.PurgeCredentials();
     }));
 }
        private static BaseAuthentication CreateAuthentication(OperationArguments operationArguments)
        {
            Debug.Assert(operationArguments != null, "The operationArguments is null");

            Trace.WriteLine("Program::CreateAuthentication");

            var secrets = new SecretStore(SecretsNamespace);
            BaseAuthentication authority = null;

            switch (operationArguments.Authority)
            {
                case AuthorityType.Auto:
                    Trace.WriteLine("   detecting authority type");

                    // detect the authority
                    if (BaseVsoAuthentication.GetAuthentication(operationArguments.TargetUri,
                                                                VsoCredentialScope,
                                                                secrets,
                                                                null,
                                                                out authority)
                        || GithubAuthentication.GetAuthentication(operationArguments.TargetUri,
                                                                  GithubCredentialScope,
                                                                  secrets,
                                                                  GithubCredentialPrompt,
                                                                  GithubAuthCodePrompt,
                                                                  null,
                                                                  out authority))
                    {
                        // set the authority type based on the returned value
                        if (authority is VsoMsaAuthentication)
                        {
                            operationArguments.Authority = AuthorityType.MicrosoftAccount;
                            goto case AuthorityType.MicrosoftAccount;
                        }
                        else if (authority is VsoAadAuthentication)
                        {
                            operationArguments.Authority = AuthorityType.AzureDirectory;
                            goto case AuthorityType.AzureDirectory;
                        }
                        else if (authority is GithubAuthentication)
                        {
                            operationArguments.Authority = AuthorityType.GitHub;
                            goto case AuthorityType.GitHub;
                        }
                    }

                    operationArguments.Authority = AuthorityType.Basic;
                    goto case AuthorityType.Basic;

                case AuthorityType.AzureDirectory:
                    Trace.WriteLine("   authority is Azure Directory");

                    Guid tenantId = Guid.Empty;
                    // return the allocated authority or a generic AAD backed VSO authentication object
                    return authority ?? new VsoAadAuthentication(Guid.Empty, VsoCredentialScope, secrets);

                case AuthorityType.Basic:
                default:
                    Trace.WriteLine("   authority is basic");

                    // return a generic username + password authentication object
                    return authority ?? new BasicAuthentication(secrets);

                case AuthorityType.GitHub:
                    Trace.WriteLine("   authority it GitHub");

                    // return a GitHub authenitcation object
                    return authority ?? new GithubAuthentication(GithubCredentialScope,
                                                                 secrets,
                                                                 GithubCredentialPrompt,
                                                                 GithubAuthCodePrompt,
                                                                 null);

                case AuthorityType.MicrosoftAccount:
                    Trace.WriteLine("   authority is Microsoft Live");

                    // return the allocated authority or a generic MSA backed VSO authentication object
                    return authority ?? new VsoMsaAuthentication(VsoCredentialScope, secrets);
            }
        }
        private static BaseAuthentication CreateAuthentication(OperationArguments operationArguments)
        {
            Debug.Assert(operationArguments != null, "The operationArguments is null");
            Debug.Assert(operationArguments.TargetUri != null, "The operationArgument.TargetUri is null");

            var secretsNamespace = operationArguments.CustomNamespace ?? SecretsNamespace;
            var secrets = new SecretStore(secretsNamespace, null, null, Secret.UriToName);
            BaseAuthentication authority = null;

            var basicCredentialCallback = (operationArguments.UseModalUi)
                    ? new AcquireCredentialsDelegate(Program.ModalPromptForCredentials)
                    : new AcquireCredentialsDelegate(Program.BasicCredentialPrompt);

            var githubCredentialCallback = (operationArguments.UseModalUi)
                    ? new GitHubAuthentication.AcquireCredentialsDelegate(GitHub.Authentication.AuthenticationPrompts.CredentialModalPrompt)
                    : new GitHubAuthentication.AcquireCredentialsDelegate(Program.GitHubCredentialPrompt);

            var githubAuthcodeCallback = (operationArguments.UseModalUi)
                    ? new GitHubAuthentication.AcquireAuthenticationCodeDelegate(GitHub.Authentication.AuthenticationPrompts.AuthenticationCodeModalPrompt)
                    : new GitHubAuthentication.AcquireAuthenticationCodeDelegate(Program.GitHubAuthCodePrompt);

            NtlmSupport basicNtlmSupport = NtlmSupport.Auto;

            switch (operationArguments.Authority)
            {
                case AuthorityType.Auto:
                    Git.Trace.WriteLine($"detecting authority type for '{operationArguments.TargetUri}'.");

                    // detect the authority
                    authority = BaseVstsAuthentication.GetAuthentication(operationArguments.TargetUri,
                                                                         VstsCredentialScope,
                                                                         secrets)
                             ?? GitHubAuthentication.GetAuthentication(operationArguments.TargetUri,
                                                                       GitHubCredentialScope,
                                                                       secrets,
                                                                       githubCredentialCallback,
                                                                       githubAuthcodeCallback,
                                                                       null);

                    if (authority != null)
                    {
                        // set the authority type based on the returned value
                        if (authority is VstsMsaAuthentication)
                        {
                            operationArguments.Authority = AuthorityType.MicrosoftAccount;
                            goto case AuthorityType.MicrosoftAccount;
                        }
                        else if (authority is VstsAadAuthentication)
                        {
                            operationArguments.Authority = AuthorityType.AzureDirectory;
                            goto case AuthorityType.AzureDirectory;
                        }
                        else if (authority is GitHubAuthentication)
                        {
                            operationArguments.Authority = AuthorityType.GitHub;
                            goto case AuthorityType.GitHub;
                        }
                    }

                    operationArguments.Authority = AuthorityType.Basic;
                    goto case AuthorityType.Basic;

                case AuthorityType.AzureDirectory:
                    Git.Trace.WriteLine($"authority for '{operationArguments.TargetUri}' is Azure Directory.");

                    Guid tenantId = Guid.Empty;
                    // return the allocated authority or a generic AAD backed VSTS authentication object
                    return authority ?? new VstsAadAuthentication(Guid.Empty, VstsCredentialScope, secrets);

                case AuthorityType.Basic:
                    // enforce basic authentication only
                    basicNtlmSupport = NtlmSupport.Never;
                    goto default;

                case AuthorityType.GitHub:
                    Git.Trace.WriteLine($"authority for '{operationArguments.TargetUri}' is GitHub.");

                    // return a GitHub authentication object
                    return authority ?? new GitHubAuthentication(GitHubCredentialScope,
                                                                 secrets,
                                                                 githubCredentialCallback,
                                                                 githubAuthcodeCallback,
                                                                 null);

                case AuthorityType.MicrosoftAccount:
                    Git.Trace.WriteLine($"authority for '{operationArguments.TargetUri}' is Microsoft Live.");

                    // return the allocated authority or a generic MSA backed VSTS authentication object
                    return authority ?? new VstsMsaAuthentication(VstsCredentialScope, secrets);

                case AuthorityType.Ntlm:
                    // enforce NTLM authentication only
                    basicNtlmSupport = NtlmSupport.Always;
                    goto default;

                default:
                    Git.Trace.WriteLine($"authority for '{operationArguments.TargetUri}' is basic with NTLM={basicNtlmSupport}.");

                    // return a generic username + password authentication object
                    return authority ?? new BasicAuthentication(secrets, basicNtlmSupport, basicCredentialCallback, null);
            }
        }
 /// <summary>
 /// Attempts to enumerate and delete any and all Azure Directory Authentication
 /// Refresh tokens caches by GCM asynchronously.
 /// </summary>
 /// <returns>A <see cref="Task"/> for the async action.</returns>
 private static Task SecurityPurgeAdaTokens(SecretStore adaStore)
 {
     // this can and should be done asynchronously to minimize user impact
     return Task.Run(() =>
     {
         adaStore.PurgeCredentials();
     });
 }
        private static BaseAuthentication CreateAuthentication(OperationArguments operationArguments)
        {
            Debug.Assert(operationArguments != null, "The operationArguments is null");
            Debug.Assert(operationArguments.TargetUri != null, "The operationArgument.TargetUri is null");

            Trace.WriteLine("Program::CreateAuthentication");

            Secret.UriNameConversion getTargetName = Secret.UriToSimpleName;
            if (operationArguments.UseHttpPath)
            {
                getTargetName = Secret.UriToPathedName;
            }
            var secrets = new SecretStore(SecretsNamespace, null, null, getTargetName);
            BaseAuthentication authority = null;

            switch (operationArguments.Authority)
            {
                case AuthorityType.Auto:
                    Trace.WriteLine("   detecting authority type");

                    // detect the authority
                    if (BaseVstsAuthentication.GetAuthentication(operationArguments.TargetUri,
                                                                VstsCredentialScope,
                                                                secrets,
                                                                null,
                                                                out authority)
                        || GithubAuthentication.GetAuthentication(operationArguments.TargetUri,
                                                                  GithubCredentialScope,
                                                                  secrets,
                                                                  operationArguments.UseModalUi
                                                                    ? new GithubAuthentication.AcquireCredentialsDelegate(GitHub.Authentication.AuthenticationPrompts.CredentialModalPrompt)
                                                                    : new GithubAuthentication.AcquireCredentialsDelegate(GithubCredentialPrompt),
                                                                  operationArguments.UseModalUi
                                                                    ? new GithubAuthentication.AcquireAuthenticationCodeDelegate(GitHub.Authentication.AuthenticationPrompts.AuthenticationCodeModalPrompt)
                                                                    : new GithubAuthentication.AcquireAuthenticationCodeDelegate(GithubAuthCodePrompt),
                                                                  null,
                                                                  out authority))
                    {
                        // set the authority type based on the returned value
                        if (authority is VstsMsaAuthentication)
                        {
                            operationArguments.Authority = AuthorityType.MicrosoftAccount;
                            goto case AuthorityType.MicrosoftAccount;
                        }
                        else if (authority is VstsAadAuthentication)
                        {
                            operationArguments.Authority = AuthorityType.AzureDirectory;
                            goto case AuthorityType.AzureDirectory;
                        }
                        else if (authority is GithubAuthentication)
                        {
                            operationArguments.Authority = AuthorityType.GitHub;
                            goto case AuthorityType.GitHub;
                        }
                    }

                    operationArguments.Authority = AuthorityType.Basic;
                    goto case AuthorityType.Basic;

                case AuthorityType.AzureDirectory:
                    Trace.WriteLine("   authority is Azure Directory");

                    Guid tenantId = Guid.Empty;
                    // return the allocated authority or a generic AAD backed VSTS authentication object
                    return authority ?? new VstsAadAuthentication(Guid.Empty, VstsCredentialScope, secrets);

                case AuthorityType.Basic:
                default:
                    Trace.WriteLine("   authority is basic");

                    // return a generic username + password authentication object
                    return authority ?? new BasicAuthentication(secrets);

                case AuthorityType.GitHub:
                    Trace.WriteLine("   authority it GitHub");

                    // return a GitHub authenitcation object
                    return authority ?? new GithubAuthentication(GithubCredentialScope,
                                                                 secrets,
                                                                 operationArguments.UseModalUi
                                                                    ? new GithubAuthentication.AcquireCredentialsDelegate(GitHub.Authentication.AuthenticationPrompts.CredentialModalPrompt)
                                                                    : new GithubAuthentication.AcquireCredentialsDelegate(GithubCredentialPrompt),
                                                                 operationArguments.UseModalUi
                                                                    ? new GithubAuthentication.AcquireAuthenticationCodeDelegate(GitHub.Authentication.AuthenticationPrompts.AuthenticationCodeModalPrompt)
                                                                    : new GithubAuthentication.AcquireAuthenticationCodeDelegate(GithubAuthCodePrompt),
                                                                 null);

                case AuthorityType.MicrosoftAccount:
                    Trace.WriteLine("   authority is Microsoft Live");

                    // return the allocated authority or a generic MSA backed VSTS authentication object
                    return authority ?? new VstsMsaAuthentication(VstsCredentialScope, secrets);
            }
        }