7

I used to manage Azure resources an old preview version. The authentication worked something like this:

// Authorize 
this.AuthenticationResult = this.Authorize();
this.Credentials = new TokenCloudCredentials(config.SubscriptionId, this.AuthenticationResult.AccessToken);
this.ResourceManagement = new ResourceManagementClient(this.Credentials, new Uri(config.ManagementBaseUrl));

That would pop up and interactive user login window. I'd like to do the same with the new fluent nuget package (Microsoft.Azure.Management.Fluent version="1.0.0")

Azure.Authenticate(???)

This seems to be the best documentation of the authentication method: https://github.com/Azure/azure-sdk-for-net/blob/Fluent/AUTH.md

But it only covers options that will store credentials on the HDD which I'd like to avoid. So that whatever user is using my program is needed to login.

So in summary: How do I authenticate using an interactive user login with the latest Azure management API?

Sam7
  • 3,062
  • 2
  • 33
  • 53

2 Answers2

1

According to SDK source code, there is no interactive user login currently. 

 credentialsCache[adSettings.TokenAudience] = await UserTokenProvider.LoginSilentAsync(
                        userLoginInformation.ClientId, TenantId, userLoginInformation.UserName,
                        userLoginInformation.Password, adSettings, TokenCache.DefaultShared);

But it only covers options that will store credentials on the HDD which I'd like to avoid. So that whatever user is using my program is needed to login.

To avoid storing credentials on the HDD , if no interactive user login is accepted we could use Login Slient model with username and password.

var credentials = new AzureCredentials(new UserLoginInformation { ClientId = "Azure client Id",UserName = "username",Password = "Password"}, "tenant Id", AzureEnvironment.AzureGlobalCloud);  //AzureChinaCloud,AzureGermanCloud,AzureUSGovernment

var azure = Azure
            .Configure()
            .Authenticate(credentials)
            .WithDefaultSubscription();
Tom Sun - MSFT
  • 22,436
  • 3
  • 23
  • 40
  • Thanks. Do you mind clarifying what's meant by `Azure client Id` & `tenant Id`? – Sam7 May 16 '17 at 07:58
  • About Azure **client Id** & **tenant Id** please refer to [create an active-directory application](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal#create-an-active-directory-application) – Tom Sun - MSFT May 16 '17 at 09:27
  • 1
    `How will this work with 2 factor authentication?` If it is working with 2 factors authentication, base on my experience, we need to use interactive interface. – Tom Sun - MSFT May 16 '17 at 09:29
  • I guess that's what my original question was "How do I use the interactive interface?" – Sam7 May 16 '17 at 23:25
  • According to the SDK source code Microsoft.Azure.Management.Fluent Azure SDK is not supported to login with interactive interface currently. – Tom Sun - MSFT May 17 '17 at 03:26
  • If we need to interactive interface, then we need to manage Azure resources an old SDK version. For registried Azure AD native app we could use `var cred = UserTokenProvider.LoginWithPromptAsync("Azure AD domain name", new ActiveDirectoryClientSettings(applicationId, new Uri("redirecturl"))).Result`; For registried Azure AD WebApp, more details please refer to the [document](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-integrating-applications) – Tom Sun - MSFT May 17 '17 at 03:26
  • This is rediculous. Should be able to programatically able to log in with just my azure account, username and password. What's this nonsense of client id and tenant id? When we write code to do things, it should be able to do anything our accounts is authorized to do. It's just a tool. It's clicking buttons for me that I'd have to do myself anyway. It's an assist. If I can log into Azure Portal and do something with my username and password, then I should be able to write code that does the same thing with those same credentials without all these complex additional hoops to jump through. – Triynko Dec 08 '20 at 22:21
1

Fluent libraries does not support interactive login. If your project targets .Net Core then you can use Device Flow authentication, but that will require you to pop-up to the caller information received from Azure AD Source code in Fluent Repo

hovsepm
  • 146
  • 1
  • 3