public void CanAuthenticateUsingMSIObjectId()
{
AzureSessionInitializer.InitializeAzureSession();
string expectedAccessToken = Guid.NewGuid().ToString();
_output.WriteLine("Expected access token for ARM URI: {0}", expectedAccessToken);
string expectedToken2 = Guid.NewGuid().ToString();
string tenant = Guid.NewGuid().ToString();
_output.WriteLine("Expected access token for graph URI: {0}", expectedToken2);
string userId = Guid.NewGuid().ToString();
var account = new AzureAccount
{
Id = userId,
Type = AzureAccount.AccountType.ManagedService
};
var environment = AzureEnvironment.PublicEnvironments["AzureCloud"];
var expectedResource = environment.ActiveDirectoryServiceEndpointResourceId;
var builder = new UriBuilder(AuthenticationFactory.DefaultMSILoginUri);
builder.Query = $"resource={Uri.EscapeDataString(environment.ActiveDirectoryServiceEndpointResourceId)}&object_id={userId}&api-version=2018-02-01";
var defaultUri = builder.Uri.ToString();
var customBuilder = new UriBuilder(AuthenticationFactory.DefaultMSILoginUri);
customBuilder.Query = $"resource={Uri.EscapeDataString(environment.GraphEndpointResourceId)}&object_id={userId}&api-version=2018-02-01";
var customUri = customBuilder.Uri.ToString();
var responses = new Dictionary <string, ManagedServiceTokenInfo>(StringComparer.OrdinalIgnoreCase)
{
{ defaultUri, new ManagedServiceTokenInfo {
AccessToken = expectedAccessToken, ExpiresIn = 3600, Resource = expectedResource
} },
{ customUri, new ManagedServiceTokenInfo {
AccessToken = expectedToken2, ExpiresIn = 3600, Resource = environment.GraphEndpointResourceId
} }
};
AzureSession.Instance.RegisterComponent(HttpClientOperationsFactory.Name, () => TestHttpOperationsFactory.Create(responses, _output), true);
var authFactory = new AuthenticationFactory();
IRenewableToken token = (IRenewableToken)authFactory.Authenticate(account, environment, tenant, null, null, null);
_output.WriteLine($"Received access token for default Uri ${token.AccessToken}");
Assert.Equal(expectedAccessToken, token.AccessToken);
var account2 = new AzureAccount
{
Id = userId,
Type = AzureAccount.AccountType.ManagedService
};
var token2 = authFactory.Authenticate(account2, environment, tenant, null, null, null, AzureEnvironment.Endpoint.GraphEndpointResourceId);
_output.WriteLine($"Received access token for custom Uri ${token2.AccessToken}");
Assert.Equal(expectedToken2, token2.AccessToken);
Assert.Equal(3600, Math.Round(token.ExpiresOn.DateTime.Subtract(DateTime.UtcNow).TotalSeconds));
var token3 = authFactory.Authenticate(account, environment, tenant, null, null, null, "bar");
Assert.Throws <InvalidOperationException>(() => token3.AccessToken);
}
public void CanAuthenticateUsingMSIDefault()
{
AzureSessionInitializer.InitializeAzureSession();
IAuthenticatorBuilder authenticatorBuilder = new DefaultAuthenticatorBuilder();
AzureSession.Instance.RegisterComponent(AuthenticatorBuilder.AuthenticatorBuilderKey, () => authenticatorBuilder);
PowerShellTokenCacheProvider factory = new InMemoryTokenCacheProvider();
AzureSession.Instance.RegisterComponent(PowerShellTokenCacheProvider.PowerShellTokenCacheProviderKey, () => factory);
string expectedAccessToken = Guid.NewGuid().ToString();
_output.WriteLine("Expected access token for default URI: {0}", expectedAccessToken);
string expectedToken2 = Guid.NewGuid().ToString();
string tenant = Guid.NewGuid().ToString();
_output.WriteLine("Expected access token for custom URI: {0}", expectedToken2);
string userId = "*****@*****.**";
var account = new AzureAccount
{
Id = userId,
Type = AzureAccount.AccountType.ManagedService
};
var environment = AzureEnvironment.PublicEnvironments["AzureCloud"];
var expectedResource = environment.ActiveDirectoryServiceEndpointResourceId;
var builder = new UriBuilder(AuthenticationFactory.DefaultBackupMSILoginUri);
builder.Query = $"resource={Uri.EscapeDataString(environment.ActiveDirectoryServiceEndpointResourceId)}&api-version=2018-02-01";
var defaultUri = builder.Uri.ToString();
var responses = new Dictionary <string, ManagedServiceTokenInfo>(StringComparer.OrdinalIgnoreCase)
{
{ defaultUri, new ManagedServiceTokenInfo {
AccessToken = expectedAccessToken, ExpiresIn = 3600, Resource = expectedResource
} },
{ "http://myfunkyurl:10432/oauth2/token?resource=foo&api-version=2018-02-01", new ManagedServiceTokenInfo {
AccessToken = expectedToken2, ExpiresIn = 3600, Resource = "foo"
} }
};
AzureSession.Instance.RegisterComponent(HttpClientOperationsFactory.Name, () => TestHttpOperationsFactory.Create(responses, _output), true);
var authFactory = new AuthenticationFactory();
IRenewableToken token = (IRenewableToken)authFactory.Authenticate(account, environment, tenant, null, null, null);
_output.WriteLine($"Received access token for default Uri ${token.AccessToken}");
Assert.Equal(expectedAccessToken, token.AccessToken);
Assert.Equal(3600, Math.Round(token.ExpiresOn.Subtract(DateTimeOffset.Now).TotalSeconds));
var account2 = new AzureAccount
{
Id = userId,
Type = AzureAccount.AccountType.ManagedService
};
account2.SetProperty(AzureAccount.Property.MSILoginUri, "http://myfunkyurl:10432/oauth2/token");
var token2 = authFactory.Authenticate(account2, environment, tenant, null, null, null, "foo");
_output.WriteLine($"Received access token for custom Uri ${token2.AccessToken}");
Assert.Equal(expectedToken2, token2.AccessToken);
var token3 = authFactory.Authenticate(account, environment, tenant, null, null, null, "bar");
Assert.Throws <InvalidOperationException>(() => token3.AccessToken);
}
