static async Task Main(string[] args)
{
// Define the permission scopes that you need
string[] scopes = { "Directory.AccessAsUser.All" };
// Start interactive login session
var options = new InteractiveBrowserCredentialOptions()
{
ClientId = "<client-id>",
TenantId = "<tenant-id>",
RedirectUri = new Uri("http://localhost")
};
// And a TokenCredential implementation
var interactiveCredential = new InteractiveBrowserCredential(options);
// Create GraphServiceClient instance
var graphClient = new GraphServiceClient(interactiveCredential, scopes);
// Set variable (in real solution you should rely on UI to collect passwords in a secure way)
var currentPassword = "******";
var newPassword = "******";
// Change current user's password
await graphClient.Me.ChangePassword(currentPassword, newPassword).Request().PostAsync();
Console.WriteLine("Password changed!");
}
public void ValidateConstructorOverload1()
{
// tests the InteractiveBrowserCredential constructor overload
// public InteractiveBrowserCredential(InteractiveBrowserCredentialOptions options)
// null
var credential = new InteractiveBrowserCredential((InteractiveBrowserCredentialOptions)null);
AssertOptionsHonored(new InteractiveBrowserCredentialOptions(), credential);
Assert.AreEqual(CredentialPipeline.GetInstance(null), credential.Pipeline);
// with options
var options = new InteractiveBrowserCredentialOptions
{
ClientId = Guid.NewGuid().ToString(),
TenantId = Guid.NewGuid().ToString(),
AuthorityHost = new Uri("https://login.myauthority.com/"),
DisableAutomaticAuthentication = true,
EnablePersistentCache = true,
AllowUnencryptedCache = true,
AuthenticationRecord = new AuthenticationRecord()
};
credential = new InteractiveBrowserCredential(options);
AssertOptionsHonored(options, credential);
}
public void InteractiveBrowserCredentialOptionsNullTenantId()
{
var options = new InteractiveBrowserCredentialOptions();
// validate no exception is thrown when setting TenantId to null
options.TenantId = null;
}
public override Task <IAccessToken> Authenticate(AuthenticationParameters parameters, CancellationToken cancellationToken)
{
var interactiveParameters = parameters as InteractiveParameters;
var onPremise = interactiveParameters.Environment.OnPremise;
//null instead of "organizations" should be passed to Azure.Identity to support MSA account
var tenantId = onPremise ? AdfsTenant :
(string.Equals(parameters.TenantId, OrganizationsTenant, StringComparison.OrdinalIgnoreCase) ? null : parameters.TenantId);
var tokenCacheProvider = interactiveParameters.TokenCacheProvider;
var resource = interactiveParameters.Environment.GetEndpoint(interactiveParameters.ResourceId) ?? interactiveParameters.ResourceId;
var scopes = AuthenticationHelpers.GetScope(onPremise, resource);
var clientId = AuthenticationHelpers.PowerShellClientId;
var requestContext = new TokenRequestContext(scopes);
var authority = interactiveParameters.Environment.ActiveDirectoryAuthority;
var options = new InteractiveBrowserCredentialOptions()
{
ClientId = clientId,
TenantId = tenantId,
TokenCachePersistenceOptions = tokenCacheProvider.GetTokenCachePersistenceOptions(),
AuthorityHost = new Uri(authority),
RedirectUri = GetReplyUrl(onPremise, interactiveParameters),
};
var browserCredential = new InteractiveBrowserCredential(options);
TracingAdapter.Information($"{DateTime.Now:T} - [InteractiveUserAuthenticator] Calling InteractiveBrowserCredential.AuthenticateAsync with TenantId:'{options.TenantId}', Scopes:'{string.Join(",", scopes)}', AuthorityHost:'{options.AuthorityHost}', RedirectUri:'{options.RedirectUri}'");
var authTask = browserCredential.AuthenticateAsync(requestContext, cancellationToken);
return(MsalAccessToken.GetAccessTokenAsync(
authTask,
browserCredential,
requestContext,
cancellationToken));
}
public override Task <IAccessToken> Authenticate(AuthenticationParameters parameters, CancellationToken cancellationToken)
{
var interactiveParameters = parameters as InteractiveParameters;
var onPremise = interactiveParameters.Environment.OnPremise;
//null instead of "organizations" should be passed to Azure.Identity to support MSA account
var tenantId = onPremise ? AdfsTenant :
(string.Equals(parameters.TenantId, OrganizationsTenant, StringComparison.OrdinalIgnoreCase) ? null : parameters.TenantId);
var tokenCacheProvider = interactiveParameters.TokenCacheProvider;
var resource = interactiveParameters.Environment.GetEndpoint(interactiveParameters.ResourceId) ?? interactiveParameters.ResourceId;
var scopes = AuthenticationHelpers.GetScope(onPremise, resource);
var clientId = AuthenticationHelpers.PowerShellClientId;
var requestContext = new TokenRequestContext(scopes);
var authority = interactiveParameters.Environment.ActiveDirectoryAuthority;
AzureSession.Instance.TryGetComponent(nameof(PowerShellTokenCache), out PowerShellTokenCache tokenCache);
var options = new InteractiveBrowserCredentialOptions()
{
ClientId = clientId,
TenantId = tenantId,
TokenCache = tokenCache.TokenCache,
AuthorityHost = new Uri(authority),
RedirectUri = GetReplyUrl(onPremise, interactiveParameters),
};
var browserCredential = new InteractiveBrowserCredential(options);
var authTask = browserCredential.AuthenticateAsync(requestContext, cancellationToken);
return(MsalAccessToken.GetAccessTokenAsync(
authTask,
browserCredential,
requestContext,
cancellationToken));
}
public async Task <ImageCredentials> GetCredentials()
{
var options = new InteractiveBrowserCredentialOptions()
{
TenantId = tenantId,
};
OnAuthenticating?.Invoke();
var credential = new InteractiveBrowserCredential(options);
var client = new SecretClient(new Uri(vaultUrl), credential);
// wait for the first request to finish so that
// we the user signs in before the other requests
// that way the token will be cached and reused for subsequent
// requests without requiring signin
var name = await client.GetSecretAsync(nameKey);
var secrets = await Task.WhenAll(
client.GetSecretAsync(serverKey),
client.GetSecretAsync(usernameKey),
client.GetSecretAsync(passwordKey));
return(new ImageCredentials()
{
Name = name.Value.Value,
Server = secrets[0].Value.Value,
Username = secrets[1].Value.Value,
Password = secrets[2].Value.Value
});
}
public void InteractiveBrowserCredentialOptionsInvalidTenantId([Values("", "invalid?character")] string tenantId)
{
var options = new InteractiveBrowserCredentialOptions();
var ex = Assert.Catch <ArgumentException>(() => options.TenantId = tenantId);
ValidateTenantIdArgumentException(tenantId, null, ex);
}
public void AssertOptionsHonored(InteractiveBrowserCredentialOptions options, InteractiveBrowserCredential credential)
{
Assert.AreEqual(options.ClientId, credential.ClientId);
Assert.AreEqual(options.TenantId, credential.Client.TenantId);
Assert.AreEqual(options.AuthorityHost, credential.Pipeline.AuthorityHost);
Assert.AreEqual(options.DisableAutomaticAuthentication, credential.DisableAutomaticAuthentication);
Assert.AreEqual(options.EnablePersistentCache, credential.Client.EnablePersistentCache);
Assert.AreEqual(options.AllowUnencryptedCache, credential.Client.AllowUnencryptedCache);
Assert.AreEqual(options.AuthenticationRecord, credential.Record);
}
public void AssertOptionsHonored(InteractiveBrowserCredentialOptions options, InteractiveBrowserCredential credential)
{
Assert.AreEqual(options.ClientId, credential.ClientId);
Assert.AreEqual(options.TenantId, credential.Client.TenantId);
Assert.AreEqual(options.AuthorityHost, credential.Pipeline.AuthorityHost);
Assert.AreEqual(options.DisableAutomaticAuthentication, credential.DisableAutomaticAuthentication);
Assert.AreEqual(options.AuthenticationRecord, credential.Record);
if (options.RedirectUri != null)
{
Assert.AreEqual(options.RedirectUri, new Uri(credential.Client.RedirectUrl));
}
else
{
Assert.AreEqual(Constants.DefaultRedirectUrl, credential.Client.RedirectUrl);
}
}
public void ValidateConstructorOverload3()
{
// tests the InteractiveBrowserCredential constructor overload
// public InteractiveBrowserCredential(string tenantId, string clientId, TokenCredentialOptions options = default)
// null, null
Assert.Throws <ArgumentNullException>(() => new InteractiveBrowserCredential(null, null));
// null, null, null
Assert.Throws <ArgumentNullException>(() => new InteractiveBrowserCredential(null, null, null));
// str, null
Assert.Throws <ArgumentNullException>(() => new InteractiveBrowserCredential("tenantid", null));
// null, str
var options = new InteractiveBrowserCredentialOptions {
ClientId = Guid.NewGuid().ToString()
};
var credential = new InteractiveBrowserCredential(null, options.ClientId);
AssertOptionsHonored(options, credential);
Assert.AreEqual(CredentialPipeline.GetInstance(null), credential.Pipeline);
// str, str
options.TenantId = Guid.NewGuid().ToString();
credential = new InteractiveBrowserCredential(options.TenantId, options.ClientId);
AssertOptionsHonored(options, credential);
Assert.AreEqual(CredentialPipeline.GetInstance(null), credential.Pipeline);
// str, str, options
options.AuthorityHost = new Uri("https://login.myauthority.com/");
credential = new InteractiveBrowserCredential(options.TenantId, options.ClientId, new TokenCredentialOptions {
AuthorityHost = options.AuthorityHost
});
AssertOptionsHonored(options, credential);
}
static void Main()
{
// Create a token credential, which enables us to authenticate to the Business Central Admin Center APIs.
// Note 1: This will open the AAD login page in a browser window.
// Note 2: You can also skip passing in options altogether if you want to log into your own Business Central admin center, i.e., not a delegated admin scenario
var interactiveBrowserCredentialOptions = new InteractiveBrowserCredentialOptions
{
ClientId = "a19cb26a-2e4c-408b-82e1-6311742ecc50", // partner's AAD app id
RedirectUri = new Uri("http://localhost"), // partner's AAD app redirect URI
TenantId = "f5b6b245-5dd2-4bf5-94d4-35ef04d73c6d", // customer's tenant id
};
var tokenCredential = new InteractiveBrowserCredential(interactiveBrowserCredentialOptions);
// Create the Admin Center client
var adminCenterClient = new AdminCenterClient(tokenCredential);
// Manage environments
Environments.ListEnvironments(adminCenterClient);
Environments.CreateNewEnvironment(adminCenterClient, "MySandbox", "Sandbox", "DK");
Environments.CopyProductionEnvironmentToSandboxEnvironment(adminCenterClient, "MyProd", "MySandboxAsACopy");
Environments.SetAppInsightsKey(adminCenterClient, "MyProd", new Guid("0da21b54-841e-4a64-a117-6092784245f9"));
Environments.GetDatabaseSize(adminCenterClient, "MyProd");
Environments.GetSupportSettings(adminCenterClient, "MyProd");
// Manage support settings
NotificationRecipients.GetNotificationRecipients(adminCenterClient);
NotificationRecipients.AddNotificationRecipient(adminCenterClient, "*****@*****.**", "Partner Notifications Mail Group");
// Manage apps
Apps.GetInstalledApps(adminCenterClient, "MyProd");
Apps.GetAvailableAppUpdates(adminCenterClient, "MyProd");
Apps.UpdateApp(adminCenterClient, "MyProd", new Guid("334ef79e-547e-4631-8ba1-7a7f18e14de6"), "16.0.11240.12188");
Apps.GetAppOperations(adminCenterClient, "MyProd", new Guid("334ef79e-547e-4631-8ba1-7a7f18e14de6"));
// Manage active sessions
Sessions.GetActiveSessions(adminCenterClient, "MyProd");
Sessions.CancelSession(adminCenterClient, "MyProd", 196719);
// Manage update settings
UpdateSettings.GetUpdateWindow(adminCenterClient, "MyProd");
UpdateSettings.SetUpdateWindow(adminCenterClient, "MyProd", new DateTime(2020, 06, 01, 4, 15, 0), new DateTime(2020, 06, 01, 11, 30, 0));
UpdateSettings.GetScheduledUpdates(adminCenterClient, "MyProd");
}
public void ValidateConstructorOverload2()
{
// tests the InteractiveBrowserCredential constructor overload
// public InteractiveBrowserCredential(string clientId)
// null
Assert.Throws <ArgumentNullException>(() => new InteractiveBrowserCredential((string)null));
// not null
var options = new InteractiveBrowserCredentialOptions
{
ClientId = Guid.NewGuid().ToString()
};
var credential = new InteractiveBrowserCredential(options.ClientId);
AssertOptionsHonored(options, credential);
Assert.AreEqual(CredentialPipeline.GetInstance(null), credential.Pipeline);
}
static async Task UseInteractiveBrowserCredentialAsync()
{
// Define the permission scopes that you need
string[] scopes = { "User.Read" };
var options = new InteractiveBrowserCredentialOptions()
{
ClientId = "<client-id>",
TenantId = "<tenant-id>",
RedirectUri = new Uri("http://localhost")
};
// And a TokenCredential implementation
var interactiveCredential = new InteractiveBrowserCredential(options);
// GraphServiceClient now supports as TokenCredential input
var graphClient = new GraphServiceClient(interactiveCredential, scopes);
// Use regular Graph SDK fluent syntax
var me = await graphClient.Me.Request().GetAsync();
Console.WriteLine(me.DisplayName);
}
