public IAccessToken Authenticate(
AzureAccount account,
AzureEnvironment environment,
string tenant,
SecureString password,
ShowDialog promptBehavior,
TokenCache tokenCache,
AzureEnvironment.Endpoint resourceId = AzureEnvironment.Endpoint.ActiveDirectoryServiceEndpointResourceId)
{
var configuration = GetAdalConfiguration(environment, tenant, resourceId, tokenCache);
TracingAdapter.Information(Resources.AdalAuthConfigurationTrace, configuration.AdDomain, configuration.AdEndpoint,
configuration.ClientId, configuration.ClientRedirectUri, configuration.ResourceClientUri, configuration.ValidateAuthority);
IAccessToken token;
if (account.IsPropertySet(AzureAccount.Property.CertificateThumbprint))
{
var thumbprint = account.GetProperty(AzureAccount.Property.CertificateThumbprint);
token = TokenProvider.GetAccessTokenWithCertificate(configuration, account.Id, thumbprint, account.Type);
}
else
{
token = TokenProvider.GetAccessToken(configuration, promptBehavior, account.Id, password, account.Type);
}
account.Id = token.UserId;
return(token);
}
private List <AzureTenant> ListAccountTenants(AzureAccount account, AzureEnvironment environment, SecureString password, ShowDialog promptBehavior)
{
List <AzureTenant> result = new List <AzureTenant>();
try
{
var commonTenantToken = AcquireAccessToken(account, environment, AuthenticationFactory.CommonAdTenant,
password, promptBehavior);
using (var subscriptionClient = AzureSession.ClientFactory.CreateCustomClient <SubscriptionClient>(
new TokenCloudCredentials(commonTenantToken.AccessToken),
environment.GetEndpointAsUri(AzureEnvironment.Endpoint.ResourceManager)))
{
//TODO: Fix subscription client to not require subscriptionId
result = account.MergeTenants(subscriptionClient.Tenants.List().TenantIds, commonTenantToken);
}
}
catch
{
WriteWarningMessage(string.Format(Microsoft.Azure.Commands.Profile.Properties.Resources.UnableToAqcuireToken, AuthenticationFactory.CommonAdTenant));
if (account.IsPropertySet(AzureAccount.Property.Tenants))
{
result =
account.GetPropertyAsArray(AzureAccount.Property.Tenants)
.Select(ti => new AzureTenant()
{
Id = new Guid(ti),
Domain = AccessTokenExtensions.GetDomain(account.Id)
}).ToList();
}
}
return(result);
}
private IEnumerable <AzureSubscription> ListSubscriptionsFromServer(AzureAccount account, AzureEnvironment environment, SecureString password, ShowDialog promptBehavior)
{
string[] tenants = null;
try
{
if (!account.IsPropertySet(AzureAccount.Property.Tenants))
{
tenants = LoadAccountTenants(account, environment, password, promptBehavior);
}
else
{
var storedTenants = account.GetPropertyAsArray(AzureAccount.Property.Tenants);
if (account.Type == AzureAccount.AccountType.User && storedTenants.Count() == 1)
{
TracingAdapter.Information(Resources.AuthenticatingForSingleTenant, account.Id, storedTenants[0]);
AzureSession.AuthenticationFactory.Authenticate(account, environment, storedTenants[0], password,
promptBehavior);
}
}
}
catch (AadAuthenticationException aadEx)
{
WriteOrThrowAadExceptionMessage(aadEx);
return(new AzureSubscription[0]);
}
try
{
tenants = tenants ?? account.GetPropertyAsArray(AzureAccount.Property.Tenants);
List <AzureSubscription> rdfeSubscriptions = ListServiceManagementSubscriptions(account, environment,
password, ShowDialog.Never, tenants).ToList();
// Set user ID
foreach (var subscription in rdfeSubscriptions)
{
account.SetOrAppendProperty(AzureAccount.Property.Subscriptions, subscription.Id.ToString());
}
if (rdfeSubscriptions.Any())
{
return(rdfeSubscriptions);
}
else
{
return(new AzureSubscription[0]);
}
}
catch (AadAuthenticationException aadEx)
{
WriteOrThrowAadExceptionMessage(aadEx);
return(new AzureSubscription[0]);
}
}
private IEnumerable <AzureSubscription> ListSubscriptionsFromServer(AzureAccount account, AzureEnvironment environment, SecureString password, ShowDialog promptBehavior)
{
string[] tenants = null;
try
{
if (!account.IsPropertySet(AzureAccount.Property.Tenants))
{
tenants = LoadAccountTenants(account, environment, password, promptBehavior);
}
}
catch (AadAuthenticationException aadEx)
{
WriteOrThrowAadExceptionMessage(aadEx);
return(new AzureSubscription[0]);
}
try
{
tenants = tenants ?? account.GetPropertyAsArray(AzureAccount.Property.Tenants);
List <AzureSubscription> mergedSubscriptions = MergeSubscriptions(
ListServiceManagementSubscriptions(account, environment, password, ShowDialog.Never, tenants).ToList(),
ListResourceManagerSubscriptions(account, environment, password, ShowDialog.Never, tenants).ToList());
// Set user ID
foreach (var subscription in mergedSubscriptions)
{
account.SetOrAppendProperty(AzureAccount.Property.Subscriptions, subscription.Id.ToString());
}
if (mergedSubscriptions.Any())
{
return(mergedSubscriptions);
}
else
{
return(new AzureSubscription[0]);
}
}
catch (AadAuthenticationException aadEx)
{
WriteOrThrowAadExceptionMessage(aadEx);
return(new AzureSubscription[0]);
}
}
/// <summary>
/// Convert the older representation of accounts into the newer representation
/// </summary>
/// <param name="account">The legacy account to convert</param>
/// <returns>An AzureAccount model with data copied from the legacy account</returns>
public static IAzureAccount Convert(this LegacyAzureAccount account)
{
var result = new AzureAccount();
result.Id = account.Id;
result.Type = ConvertAccountType(account.Type);
foreach (var property in account.Properties)
{
result.SetProperty(property.Key, property.Value);
}
if (result.IsPropertySet(AzureAccount.Property.AccessToken))
{
result.Credential = result.GetAccessToken();
}
return(result);
}
/// <summary>
/// Create a new access token from the given account and tenant id
/// </summary>
/// <param name="account">The account, containing user id, access token information</param>
/// <param name="tenantId">The tenant id for the given access token</param>
/// <param name="tokenType">The token type for the given token.</param>
public SimpleAccessToken(AzureAccount account, string tenantId, string tokenType = _defaultTokenType)
{
if (account == null)
{
throw new ArgumentNullException("account");
}
if (string.IsNullOrWhiteSpace(account.Id))
{
throw new ArgumentOutOfRangeException("account", Resources.AccessTokenRequiresAccount);
}
if (account.Type != AzureAccount.AccountType.AccessToken ||
!account.IsPropertySet(AzureAccount.Property.AccessToken))
{
throw new ArgumentException(Resources.TypeNotAccessToken);
}
this.UserId = account.Id;
this._tokenType = tokenType;
this.AccessToken = account.GetProperty(AzureAccount.Property.AccessToken);
this.TenantId = tenantId;
}
public AzureRMProfile Login(
AzureAccount account,
AzureEnvironment environment,
string tenantId,
string subscriptionId,
string subscriptionName,
SecureString password)
{
AzureSubscription newSubscription = null;
AzureTenant newTenant = null;
ShowDialog promptBehavior =
(password == null &&
account.Type != AzureAccount.AccountType.AccessToken &&
!account.IsPropertySet(AzureAccount.Property.CertificateThumbprint))
? ShowDialog.Always : ShowDialog.Never;
// (tenant and subscription are present) OR
// (tenant is present and subscription is not provided)
if (!string.IsNullOrEmpty(tenantId))
{
var token = AcquireAccessToken(account, environment, tenantId, password, promptBehavior);
if (TryGetTenantSubscription(token, account, environment, tenantId, subscriptionId, subscriptionName, out newSubscription, out newTenant))
{
account.SetOrAppendProperty(AzureAccount.Property.Tenants, new[] { newTenant.Id.ToString() });
}
}
// (tenant is not provided and subscription is present) OR
// (tenant is not provided and subscription is not provided)
else
{
var tenants = ListAccountTenants(account, environment, password, promptBehavior).Select(s => s.Id.ToString()).ToArray();
account.SetProperty(AzureAccount.Property.Tenants, null);
string accountId = null;
for (int i = 0; i < tenants.Count(); i++)
{
var tenant = tenants[i];
AzureTenant tempTenant;
AzureSubscription tempSubscription;
IAccessToken token = null;
try
{
token = AcquireAccessToken(account, environment, tenant, password, ShowDialog.Auto);
if (accountId == null)
{
accountId = account.Id;
account.SetOrAppendProperty(AzureAccount.Property.Tenants, tenant);
}
else if (accountId.Equals(account.Id, StringComparison.OrdinalIgnoreCase))
{
account.SetOrAppendProperty(AzureAccount.Property.Tenants, tenant);
}
else
{ // if account ID is different from the first tenant account id we need to ignore current tenant
WriteWarningMessage(string.Format(
Microsoft.Azure.Commands.Profile.Properties.Resources.AccountIdMismatch,
account.Id,
tenant,
accountId));
account.Id = accountId;
token = null;
}
}
catch
{
WriteWarningMessage(string.Format(Microsoft.Azure.Commands.Profile.Properties.Resources.UnableToAqcuireToken, tenant));
}
if (token != null &&
newTenant == null &&
TryGetTenantSubscription(token, account, environment, tenant, subscriptionId, subscriptionName, out tempSubscription, out tempTenant))
{
newTenant = tempTenant;
newSubscription = tempSubscription;
}
}
}
if (newSubscription == null)
{
if (subscriptionId != null)
{
throw new PSInvalidOperationException(String.Format(Properties.Resources.SubscriptionIdNotFound, account.Id, subscriptionId));
}
else if (subscriptionName != null)
{
throw new PSInvalidOperationException(String.Format(Properties.Resources.SubscriptionNameNotFound, account.Id, subscriptionName));
}
_profile.Context = new AzureContext(account, environment, newTenant);
}
else
{
_profile.Context = new AzureContext(newSubscription, account, environment, newTenant);
if (!newSubscription.State.Equals("Enabled", StringComparison.OrdinalIgnoreCase))
{
WriteWarningMessage(string.Format(
Microsoft.Azure.Commands.Profile.Properties.Resources.SelectedSubscriptionNotActive,
newSubscription.State));
}
}
_profile.Context.TokenCache = TokenCache.DefaultShared.Serialize();
return(_profile);
}
public AzureRMProfile Login(
AzureAccount account,
AzureEnvironment environment,
string tenantId,
string subscriptionId,
string subscriptionName,
SecureString password)
{
AzureSubscription newSubscription = null;
AzureTenant newTenant = null;
ShowDialog promptBehavior =
(password == null &&
account.Type != AzureAccount.AccountType.AccessToken &&
!account.IsPropertySet(AzureAccount.Property.CertificateThumbprint))
? ShowDialog.Always : ShowDialog.Never;
// (tenant and subscription are present) OR
// (tenant is present and subscription is not provided)
if (!string.IsNullOrEmpty(tenantId))
{
var token = AcquireAccessToken(account, environment, tenantId, password, promptBehavior);
TryGetTenantSubscription(token, account, environment, tenantId, subscriptionId, subscriptionName, out newSubscription, out newTenant);
}
// (tenant is not provided and subscription is present) OR
// (tenant is not provided and subscription is not provided)
else
{
foreach (var tenant in ListAccountTenants(account, environment, password, promptBehavior))
{
AzureTenant tempTenant;
AzureSubscription tempSubscription;
var token = AcquireAccessToken(account, environment, tenant.Id.ToString(), password,
ShowDialog.Auto);
if (newTenant == null && TryGetTenantSubscription(token, account, environment, tenant.Id.ToString(), subscriptionId, subscriptionName, out tempSubscription, out tempTenant) &&
newTenant == null)
{
newTenant = tempTenant;
newSubscription = tempSubscription;
}
}
}
if (newSubscription == null)
{
if (subscriptionId != null)
{
throw new PSInvalidOperationException(String.Format(Properties.Resources.SubscriptionIdNotFound, account.Id, subscriptionId));
}
else if (subscriptionName != null)
{
throw new PSInvalidOperationException(String.Format(Properties.Resources.SubscriptionNameNotFound, account.Id, subscriptionId));
}
_profile.Context = new AzureContext(account, environment, newTenant);
}
else
{
_profile.Context = new AzureContext(newSubscription, account, environment, newTenant);
}
_profile.Context.TokenCache = TokenCache.DefaultShared.Serialize();
return(_profile);
}