static async Task Main(string[] args) { // Define the permission scopes that you need string[] scopes = { "Directory.AccessAsUser.All" }; // Start interactive login session var options = new InteractiveBrowserCredentialOptions() { ClientId = "<client-id>", TenantId = "<tenant-id>", RedirectUri = new Uri("http://localhost") }; // And a TokenCredential implementation var interactiveCredential = new InteractiveBrowserCredential(options); // Create GraphServiceClient instance var graphClient = new GraphServiceClient(interactiveCredential, scopes); // Set variable (in real solution you should rely on UI to collect passwords in a secure way) var currentPassword = "******"; var newPassword = "******"; // Change current user's password await graphClient.Me.ChangePassword(currentPassword, newPassword).Request().PostAsync(); Console.WriteLine("Password changed!"); }
public void ValidateConstructorOverload1() { // tests the InteractiveBrowserCredential constructor overload // public InteractiveBrowserCredential(InteractiveBrowserCredentialOptions options) // null var credential = new InteractiveBrowserCredential((InteractiveBrowserCredentialOptions)null); AssertOptionsHonored(new InteractiveBrowserCredentialOptions(), credential); Assert.AreEqual(CredentialPipeline.GetInstance(null), credential.Pipeline); // with options var options = new InteractiveBrowserCredentialOptions { ClientId = Guid.NewGuid().ToString(), TenantId = Guid.NewGuid().ToString(), AuthorityHost = new Uri("https://login.myauthority.com/"), DisableAutomaticAuthentication = true, EnablePersistentCache = true, AllowUnencryptedCache = true, AuthenticationRecord = new AuthenticationRecord() }; credential = new InteractiveBrowserCredential(options); AssertOptionsHonored(options, credential); }
public void InteractiveBrowserCredentialOptionsNullTenantId() { var options = new InteractiveBrowserCredentialOptions(); // validate no exception is thrown when setting TenantId to null options.TenantId = null; }
public override Task <IAccessToken> Authenticate(AuthenticationParameters parameters, CancellationToken cancellationToken) { var interactiveParameters = parameters as InteractiveParameters; var onPremise = interactiveParameters.Environment.OnPremise; //null instead of "organizations" should be passed to Azure.Identity to support MSA account var tenantId = onPremise ? AdfsTenant : (string.Equals(parameters.TenantId, OrganizationsTenant, StringComparison.OrdinalIgnoreCase) ? null : parameters.TenantId); var tokenCacheProvider = interactiveParameters.TokenCacheProvider; var resource = interactiveParameters.Environment.GetEndpoint(interactiveParameters.ResourceId) ?? interactiveParameters.ResourceId; var scopes = AuthenticationHelpers.GetScope(onPremise, resource); var clientId = AuthenticationHelpers.PowerShellClientId; var requestContext = new TokenRequestContext(scopes); var authority = interactiveParameters.Environment.ActiveDirectoryAuthority; var options = new InteractiveBrowserCredentialOptions() { ClientId = clientId, TenantId = tenantId, TokenCachePersistenceOptions = tokenCacheProvider.GetTokenCachePersistenceOptions(), AuthorityHost = new Uri(authority), RedirectUri = GetReplyUrl(onPremise, interactiveParameters), }; var browserCredential = new InteractiveBrowserCredential(options); TracingAdapter.Information($"{DateTime.Now:T} - [InteractiveUserAuthenticator] Calling InteractiveBrowserCredential.AuthenticateAsync with TenantId:'{options.TenantId}', Scopes:'{string.Join(",", scopes)}', AuthorityHost:'{options.AuthorityHost}', RedirectUri:'{options.RedirectUri}'"); var authTask = browserCredential.AuthenticateAsync(requestContext, cancellationToken); return(MsalAccessToken.GetAccessTokenAsync( authTask, browserCredential, requestContext, cancellationToken)); }
public override Task <IAccessToken> Authenticate(AuthenticationParameters parameters, CancellationToken cancellationToken) { var interactiveParameters = parameters as InteractiveParameters; var onPremise = interactiveParameters.Environment.OnPremise; //null instead of "organizations" should be passed to Azure.Identity to support MSA account var tenantId = onPremise ? AdfsTenant : (string.Equals(parameters.TenantId, OrganizationsTenant, StringComparison.OrdinalIgnoreCase) ? null : parameters.TenantId); var tokenCacheProvider = interactiveParameters.TokenCacheProvider; var resource = interactiveParameters.Environment.GetEndpoint(interactiveParameters.ResourceId) ?? interactiveParameters.ResourceId; var scopes = AuthenticationHelpers.GetScope(onPremise, resource); var clientId = AuthenticationHelpers.PowerShellClientId; var requestContext = new TokenRequestContext(scopes); var authority = interactiveParameters.Environment.ActiveDirectoryAuthority; AzureSession.Instance.TryGetComponent(nameof(PowerShellTokenCache), out PowerShellTokenCache tokenCache); var options = new InteractiveBrowserCredentialOptions() { ClientId = clientId, TenantId = tenantId, TokenCache = tokenCache.TokenCache, AuthorityHost = new Uri(authority), RedirectUri = GetReplyUrl(onPremise, interactiveParameters), }; var browserCredential = new InteractiveBrowserCredential(options); var authTask = browserCredential.AuthenticateAsync(requestContext, cancellationToken); return(MsalAccessToken.GetAccessTokenAsync( authTask, browserCredential, requestContext, cancellationToken)); }
public async Task <ImageCredentials> GetCredentials() { var options = new InteractiveBrowserCredentialOptions() { TenantId = tenantId, }; OnAuthenticating?.Invoke(); var credential = new InteractiveBrowserCredential(options); var client = new SecretClient(new Uri(vaultUrl), credential); // wait for the first request to finish so that // we the user signs in before the other requests // that way the token will be cached and reused for subsequent // requests without requiring signin var name = await client.GetSecretAsync(nameKey); var secrets = await Task.WhenAll( client.GetSecretAsync(serverKey), client.GetSecretAsync(usernameKey), client.GetSecretAsync(passwordKey)); return(new ImageCredentials() { Name = name.Value.Value, Server = secrets[0].Value.Value, Username = secrets[1].Value.Value, Password = secrets[2].Value.Value }); }
public void InteractiveBrowserCredentialOptionsInvalidTenantId([Values("", "invalid?character")] string tenantId) { var options = new InteractiveBrowserCredentialOptions(); var ex = Assert.Catch <ArgumentException>(() => options.TenantId = tenantId); ValidateTenantIdArgumentException(tenantId, null, ex); }
public void AssertOptionsHonored(InteractiveBrowserCredentialOptions options, InteractiveBrowserCredential credential) { Assert.AreEqual(options.ClientId, credential.ClientId); Assert.AreEqual(options.TenantId, credential.Client.TenantId); Assert.AreEqual(options.AuthorityHost, credential.Pipeline.AuthorityHost); Assert.AreEqual(options.DisableAutomaticAuthentication, credential.DisableAutomaticAuthentication); Assert.AreEqual(options.EnablePersistentCache, credential.Client.EnablePersistentCache); Assert.AreEqual(options.AllowUnencryptedCache, credential.Client.AllowUnencryptedCache); Assert.AreEqual(options.AuthenticationRecord, credential.Record); }
public void AssertOptionsHonored(InteractiveBrowserCredentialOptions options, InteractiveBrowserCredential credential) { Assert.AreEqual(options.ClientId, credential.ClientId); Assert.AreEqual(options.TenantId, credential.Client.TenantId); Assert.AreEqual(options.AuthorityHost, credential.Pipeline.AuthorityHost); Assert.AreEqual(options.DisableAutomaticAuthentication, credential.DisableAutomaticAuthentication); Assert.AreEqual(options.AuthenticationRecord, credential.Record); if (options.RedirectUri != null) { Assert.AreEqual(options.RedirectUri, new Uri(credential.Client.RedirectUrl)); } else { Assert.AreEqual(Constants.DefaultRedirectUrl, credential.Client.RedirectUrl); } }
public void ValidateConstructorOverload3() { // tests the InteractiveBrowserCredential constructor overload // public InteractiveBrowserCredential(string tenantId, string clientId, TokenCredentialOptions options = default) // null, null Assert.Throws <ArgumentNullException>(() => new InteractiveBrowserCredential(null, null)); // null, null, null Assert.Throws <ArgumentNullException>(() => new InteractiveBrowserCredential(null, null, null)); // str, null Assert.Throws <ArgumentNullException>(() => new InteractiveBrowserCredential("tenantid", null)); // null, str var options = new InteractiveBrowserCredentialOptions { ClientId = Guid.NewGuid().ToString() }; var credential = new InteractiveBrowserCredential(null, options.ClientId); AssertOptionsHonored(options, credential); Assert.AreEqual(CredentialPipeline.GetInstance(null), credential.Pipeline); // str, str options.TenantId = Guid.NewGuid().ToString(); credential = new InteractiveBrowserCredential(options.TenantId, options.ClientId); AssertOptionsHonored(options, credential); Assert.AreEqual(CredentialPipeline.GetInstance(null), credential.Pipeline); // str, str, options options.AuthorityHost = new Uri("https://login.myauthority.com/"); credential = new InteractiveBrowserCredential(options.TenantId, options.ClientId, new TokenCredentialOptions { AuthorityHost = options.AuthorityHost }); AssertOptionsHonored(options, credential); }
static void Main() { // Create a token credential, which enables us to authenticate to the Business Central Admin Center APIs. // Note 1: This will open the AAD login page in a browser window. // Note 2: You can also skip passing in options altogether if you want to log into your own Business Central admin center, i.e., not a delegated admin scenario var interactiveBrowserCredentialOptions = new InteractiveBrowserCredentialOptions { ClientId = "a19cb26a-2e4c-408b-82e1-6311742ecc50", // partner's AAD app id RedirectUri = new Uri("http://localhost"), // partner's AAD app redirect URI TenantId = "f5b6b245-5dd2-4bf5-94d4-35ef04d73c6d", // customer's tenant id }; var tokenCredential = new InteractiveBrowserCredential(interactiveBrowserCredentialOptions); // Create the Admin Center client var adminCenterClient = new AdminCenterClient(tokenCredential); // Manage environments Environments.ListEnvironments(adminCenterClient); Environments.CreateNewEnvironment(adminCenterClient, "MySandbox", "Sandbox", "DK"); Environments.CopyProductionEnvironmentToSandboxEnvironment(adminCenterClient, "MyProd", "MySandboxAsACopy"); Environments.SetAppInsightsKey(adminCenterClient, "MyProd", new Guid("0da21b54-841e-4a64-a117-6092784245f9")); Environments.GetDatabaseSize(adminCenterClient, "MyProd"); Environments.GetSupportSettings(adminCenterClient, "MyProd"); // Manage support settings NotificationRecipients.GetNotificationRecipients(adminCenterClient); NotificationRecipients.AddNotificationRecipient(adminCenterClient, "*****@*****.**", "Partner Notifications Mail Group"); // Manage apps Apps.GetInstalledApps(adminCenterClient, "MyProd"); Apps.GetAvailableAppUpdates(adminCenterClient, "MyProd"); Apps.UpdateApp(adminCenterClient, "MyProd", new Guid("334ef79e-547e-4631-8ba1-7a7f18e14de6"), "16.0.11240.12188"); Apps.GetAppOperations(adminCenterClient, "MyProd", new Guid("334ef79e-547e-4631-8ba1-7a7f18e14de6")); // Manage active sessions Sessions.GetActiveSessions(adminCenterClient, "MyProd"); Sessions.CancelSession(adminCenterClient, "MyProd", 196719); // Manage update settings UpdateSettings.GetUpdateWindow(adminCenterClient, "MyProd"); UpdateSettings.SetUpdateWindow(adminCenterClient, "MyProd", new DateTime(2020, 06, 01, 4, 15, 0), new DateTime(2020, 06, 01, 11, 30, 0)); UpdateSettings.GetScheduledUpdates(adminCenterClient, "MyProd"); }
public void ValidateConstructorOverload2() { // tests the InteractiveBrowserCredential constructor overload // public InteractiveBrowserCredential(string clientId) // null Assert.Throws <ArgumentNullException>(() => new InteractiveBrowserCredential((string)null)); // not null var options = new InteractiveBrowserCredentialOptions { ClientId = Guid.NewGuid().ToString() }; var credential = new InteractiveBrowserCredential(options.ClientId); AssertOptionsHonored(options, credential); Assert.AreEqual(CredentialPipeline.GetInstance(null), credential.Pipeline); }
static async Task UseInteractiveBrowserCredentialAsync() { // Define the permission scopes that you need string[] scopes = { "User.Read" }; var options = new InteractiveBrowserCredentialOptions() { ClientId = "<client-id>", TenantId = "<tenant-id>", RedirectUri = new Uri("http://localhost") }; // And a TokenCredential implementation var interactiveCredential = new InteractiveBrowserCredential(options); // GraphServiceClient now supports as TokenCredential input var graphClient = new GraphServiceClient(interactiveCredential, scopes); // Use regular Graph SDK fluent syntax var me = await graphClient.Me.Request().GetAsync(); Console.WriteLine(me.DisplayName); }