1

I have an app created by VS's Windows Template Studio. I have the authentication working and I can successfully get a token using the same credentials I use for the Azure portal (Interactive). 

using Microsoft.Identity.Client
...

private IPublicClientApplication _client;

_client = PublicClientApplicationBuilder.Create(_clientId)
                  .WithAuthority(AadAuthorityAudience.AzureAdMultipleOrgs)
                  .WithRedirectUri($"msal{_clientId}://auth")
                  .Build();

var accounts = await _client.GetAccountsAsync();  

_authenticationResult = await _client.AcquireTokenInteractive(_scopes)                                                     
                                     .WithAccount(accounts.FirstOrDefault())
                                     .ExecuteAsync();

How do I use the token with the Azure API libraries such as:

  • Microsoft.Azure.Management.ResourceManager.Fluent

  • Microsoft.Azure.Services.AppAuthentication

jlo-gmail
  • 4,453
  • 3
  • 37
  • 64

1 Answers1

0

According to my test, we can use the access token to manage Azure resources with Microsoft.Azure.Management.ResourceManager.Fluent SDk. For more details, please refer to Using authentication token in azure sdk fluent. The detailed steps are as below.

  1. Configure permissions for the Azure AD applications you use. enter image description here enter image description here

  2. Code

var client = PublicClientApplicationBuilder.Create(clientId)
                .WithAuthority(AadAuthorityAudience.AzureAdMultipleOrgs)
                .WithRedirectUri($"msal{clientId}://auth")
                .Build();

            var accounts = client.GetAccountsAsync().Result;
            string[] scopes = { "https://management.azure.com/user_impersonation" };
            var result = client.AcquireTokenInteractive(scopes)
                                      .WithAccount(accounts.FirstOrDefault())
                                      .ExecuteAsync().Result;

            string subscritionID = ""; // the subciption Id
            string tenantId= "";// the tenata contains the subscription you use
            TokenCredentials tokenCredentials = new TokenCredentials(result.AccessToken);
            var azureCredentials = new AzureCredentials(tokenCredentials, tokenCredentials, tenantId, AzureEnvironment.AzureGlobalCloud);
            var restClient = RestClient
            .Configure()
            .WithEnvironment(AzureEnvironment.AzureGlobalCloud)
            .WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic)
            .WithCredentials(azureCredentials)
            .Build();
            var azure = Azure
                .Authenticate(restClient, tenantId)
                .WithSubscription(subscritionID);
            var sp = azure.ResourceGroups.List();
            foreach (var group in sp) {

                Console.WriteLine("group name :"+ group.Name);
            }

enter image description here

Besides, regarding the sdk Microsoft.Azure.Services.AppAuthentication, it is also used to enable service to authenticate to Azure services. In other words, it is another way to get the token. But it only supports authentication with Azure MSI.

Jim Xu
  • 21,610
  • 2
  • 19
  • 39
  • Worked, but I had to provide '.WithAuthority("https://login.windows.net/xx-xx-xx-xx-xx", true)'. I am building this app to connect to any Azure Tenant. I would like to provide a list of Tenants (before of after login) Is there a way to get the tenants associated to a UserID. – jlo-gmail Oct 17 '19 at 14:19
  • @jlo-gmail If you want to get one user's all tenants, you can use the rest api ```GET https://management.azure.com/tenants?api-version=2019-06-01```. For more details, please refer to https://learn.microsoft.com/en-us/rest/api/resources/tenants/list – Jim Xu Oct 18 '19 at 02:37
  • @jlo-gmail Do you have any other concerns? – Jim Xu Oct 21 '19 at 01:20