I used to manage Azure resources an old preview version. The authentication worked something like this:
// Authorize
this.AuthenticationResult = this.Authorize();
this.Credentials = new TokenCloudCredentials(config.SubscriptionId, this.AuthenticationResult.AccessToken);
this.ResourceManagement = new ResourceManagementClient(this.Credentials, new Uri(config.ManagementBaseUrl));
That would pop up and interactive user login window. I'd like to do the same with the new fluent nuget package (Microsoft.Azure.Management.Fluent version="1.0.0"
)
Azure.Authenticate(???)
This seems to be the best documentation of the authentication method: https://github.com/Azure/azure-sdk-for-net/blob/Fluent/AUTH.md
But it only covers options that will store credentials on the HDD which I'd like to avoid. So that whatever user is using my program is needed to login.
So in summary: How do I authenticate using an interactive user login with the latest Azure management API?
Enable Azure Active Directory in your App Service app. Sign in to the Azure portal and navigate to your app. Select Authentication in the menu on the left. Click Add identity provider.
The Azure CLI's default authentication method for logins uses a web browser and access token to sign in. Run the login command. If the CLI can open your default browser, it will initiate authorization code flow and open the default browser to load an Azure sign-in page.
Available verification methodsMicrosoft Authenticator app. Windows Hello for Business. FIDO2 security key. OATH hardware token (preview)
Service principal: You create a service principal account in Azure Active Directory, and use it to authenticate or get a token. A service principal is used when you need an automated process to authenticate to the service without requiring user interaction.
According to SDK source code, there is no interactive user login currently.
credentialsCache[adSettings.TokenAudience] = await UserTokenProvider.LoginSilentAsync(
userLoginInformation.ClientId, TenantId, userLoginInformation.UserName,
userLoginInformation.Password, adSettings, TokenCache.DefaultShared);
But it only covers options that will store credentials on the HDD which I'd like to avoid. So that whatever user is using my program is needed to login.
To avoid storing credentials on the HDD , if no interactive user login is accepted we could use Login Slient model with username and password.
var credentials = new AzureCredentials(new UserLoginInformation { ClientId = "Azure client Id",UserName = "username",Password = "Password"}, "tenant Id", AzureEnvironment.AzureGlobalCloud); //AzureChinaCloud,AzureGermanCloud,AzureUSGovernment
var azure = Azure
.Configure()
.Authenticate(credentials)
.WithDefaultSubscription();
Fluent libraries does not support interactive login. If your project targets .Net Core then you can use Device Flow authentication, but that will require you to pop-up to the caller information received from Azure AD Source code in Fluent Repo
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With