private async Task <AuthenticationHeaderValue> GetAuthenticationHeaderForAppServiceAsync(string resource, CancellationToken cancellationToken = default(CancellationToken))
{
var endpoint = Environment.GetEnvironmentVariable("MSI_ENDPOINT") ?? throw new ArgumentNullException("MSI_ENDPOINT");
var secret = Environment.GetEnvironmentVariable("MSI_SECRET") ?? throw new ArgumentNullException("MSI_SECRET");
HttpRequestMessage msiRequest = new HttpRequestMessage(HttpMethod.Get, $"{endpoint}?resource={resource}&api-version={MSITokenProvider.appServiceMsiApiVersion}");
msiRequest.Headers.Add("Metadata", "true");
msiRequest.Headers.Add("Secret", secret);
var msiResponse = await(new HttpClient()).SendAsync(msiRequest, cancellationToken);
string content = await msiResponse.Content.ReadAsStringAsync();
dynamic loginInfo = JsonConvert.DeserializeObject(content);
string tokenType = loginInfo.token_type;
if (tokenType == null)
{
throw MSILoginException.TokenTypeNotFound(content);
}
string accessToken = loginInfo.access_token;
if (accessToken == null)
{
throw MSILoginException.AcessTokenNotFound(content);
}
return(new AuthenticationHeaderValue(tokenType, accessToken));
}
public async Task <AuthenticationHeaderValue> GetAuthenticationHeaderAsync(CancellationToken cancellationToken)
{
HttpRequestMessage msiRequest = new HttpRequestMessage(HttpMethod.Post, $"http://localhost:{port}/oauth2/token");
msiRequest.Headers.Add("Metadata", "true");
IDictionary <string, string> parameters = new Dictionary <string, string>();
parameters.Add("resource", $"{resource}");
msiRequest.Content = new FormUrlEncodedContent(parameters);
var msiResponse = await(new HttpClient()).SendAsync(msiRequest, cancellationToken);
string content = await msiResponse.Content.ReadAsStringAsync();
dynamic loginInfo = JsonConvert.DeserializeObject(content);
string tokenType = loginInfo.token_type;
if (tokenType == null)
{
throw MSILoginException.TokenTypeNotFound(content);
}
string accessToken = loginInfo.access_token;
if (accessToken == null)
{
throw MSILoginException.AcessTokenNotFound(content);
}
return(new AuthenticationHeaderValue(tokenType, accessToken));
}
private async Task <MSIToken> GetTokenFromMSIExtensionAsync(int port, string resource, CancellationToken cancellationToken)
{
HttpRequestMessage msiRequest = new HttpRequestMessage(HttpMethod.Post, $"http://localhost:{port}/oauth2/token");
msiRequest.Headers.Add("Metadata", "true");
IDictionary <string, string> parameters = new Dictionary <string, string>
{
{ "resource", $"{resource}" }
};
if (this.msiLoginInformation.UserAssignedIdentityObjectId != null)
{
parameters.Add("object_id", this.msiLoginInformation.UserAssignedIdentityObjectId);
}
else if (this.msiLoginInformation.UserAssignedIdentityClientId != null)
{
parameters.Add("client_id", this.msiLoginInformation.UserAssignedIdentityClientId);
}
else if (this.msiLoginInformation.UserAssignedIdentityResourceId != null)
{
parameters.Add("msi_res_id", this.msiLoginInformation.UserAssignedIdentityResourceId);
}
else
{
throw new ArgumentException("MSI: UserAssignedIdentityObjectId, UserAssignedIdentityClientId or UserAssignedIdentityResourceId must be set");
}
msiRequest.Content = new FormUrlEncodedContent(parameters);
var msiResponse = await(new HttpClient()).SendAsync(msiRequest, cancellationToken);
string content = await msiResponse.Content.ReadAsStringAsync();
dynamic loginInfo = JsonConvert.DeserializeObject(content);
if (loginInfo.access_token == null)
{
throw MSILoginException.AcessTokenNotFound(content);
}
if (loginInfo.token_type == null)
{
throw MSILoginException.TokenTypeNotFound(content);
}
//
MSIToken msiToken = new MSIToken
{
AccessToken = loginInfo.access_token,
TokenType = loginInfo.token_type
};
return(msiToken);
}
private async Task <AuthenticationHeaderValue> GetAuthenticationHeaderForVirtualMachineAsync(string resource, CancellationToken cancellationToken = default(CancellationToken))
{
int port = msiLoginInformation.Port == null ? 50342 : msiLoginInformation.Port.Value;
HttpRequestMessage msiRequest = new HttpRequestMessage(HttpMethod.Post, $"http://localhost:{port}/oauth2/token");
msiRequest.Headers.Add("Metadata", "true");
IDictionary <string, string> parameters = new Dictionary <string, string>
{
{ "resource", $"{resource}" }
};
if (this.msiLoginInformation.UserAssignedIdentityObjectId != null)
{
parameters.Add("object_id", this.msiLoginInformation.UserAssignedIdentityObjectId);
}
else if (this.msiLoginInformation.UserAssignedIdentityClientId != null)
{
parameters.Add("client_id", this.msiLoginInformation.UserAssignedIdentityClientId);
}
else if (this.msiLoginInformation.UserAssignedIdentityResourceId != null)
{
parameters.Add("msi_res_id", this.msiLoginInformation.UserAssignedIdentityResourceId);
}
msiRequest.Content = new FormUrlEncodedContent(parameters);
var msiResponse = await(new HttpClient()).SendAsync(msiRequest, cancellationToken);
string content = await msiResponse.Content.ReadAsStringAsync();
dynamic loginInfo = JsonConvert.DeserializeObject(content);
string tokenType = loginInfo.token_type;
if (tokenType == null)
{
throw MSILoginException.TokenTypeNotFound(content);
}
string accessToken = loginInfo.access_token;
if (accessToken == null)
{
throw MSILoginException.AcessTokenNotFound(content);
}
return(new AuthenticationHeaderValue(tokenType, accessToken));
}
private async Task <MSIToken> RetrieveTokenFromIMDSWithRetryAsync(string resource, CancellationToken cancellationToken)
{
var uriBuilder = new UriBuilder(MSITokenProvider.imdsEndpoint);
//
var query = new Dictionary <string, string>
{
["api-version"] = MSITokenProvider.imdsMsiApiVersion,
["resource"] = resource
};
if (this.msiLoginInformation.UserAssignedIdentityObjectId != null)
{
query["object_id"] = this.msiLoginInformation.UserAssignedIdentityObjectId;
}
else if (this.msiLoginInformation.UserAssignedIdentityClientId != null)
{
query["client_id"] = this.msiLoginInformation.UserAssignedIdentityClientId;
}
else if (this.msiLoginInformation.UserAssignedIdentityResourceId != null)
{
query["msi_res_id"] = this.msiLoginInformation.UserAssignedIdentityResourceId;
}
uriBuilder.Query = await new FormUrlEncodedContent(query).ReadAsStringAsync();
string url = uriBuilder.ToString();
//
int retry = 1;
int maxRetry = retrySlots.Count;
//
while (retry <= maxRetry)
{
//
using (HttpRequestMessage msiRequest = new HttpRequestMessage(HttpMethod.Get, url))
{
msiRequest.Headers.Add("Metadata", "true");
using (HttpResponseMessage msiResponse = await(new HttpClient()).SendAsync(msiRequest, cancellationToken))
{
int statusCode = ((int)msiResponse.StatusCode);
if (ShouldRetry(statusCode))
{
int retryTimeoutInMs = retrySlots[new Random().Next(retry)] * 1000;
retryTimeoutInMs = (statusCode == 410 && retryTimeoutInMs < imdsUpgradeTimeInMs) ? imdsUpgradeTimeInMs : retryTimeoutInMs;
retry++;
if (retry > maxRetry)
{
break;
}
else
{
await SdkContext.DelayProvider.DelayAsync(retryTimeoutInMs, cancellationToken);
}
}
else if (statusCode != 200)
{
string content = await msiResponse.Content.ReadAsStringAsync();
throw new HttpRequestException($"Code: {statusCode} ReasonReasonPhrase: {msiResponse.ReasonPhrase} Body: {content}");
}
else
{
string content = await msiResponse.Content.ReadAsStringAsync();
dynamic loginInfo = JsonConvert.DeserializeObject(content);
if (loginInfo.access_token == null)
{
throw MSILoginException.AccessTokenNotFound(content);
}
if (loginInfo.token_type == null)
{
throw MSILoginException.TokenTypeNotFound(content);
}
//
MSIToken msiToken = new MSIToken
{
AccessToken = loginInfo.access_token,
ExpireOn = loginInfo.expires_on,
TokenType = loginInfo.token_type
};
return(msiToken);
}
}
}
}
throw new MSIMaxRetryReachedException(maxRetry);
}