locked
Impersonate Azure credentials in c# RRS feed

  • Question

  • I want to create a simple app in C# to collect some data available for me when I am using Azure Portal e.g. an effective user permissions to Azure Data Lake Stores. I found a lot of examples to register app in AD but it is difficult when I am not an AD administrator. I can check this only on my corporate MSDN subscription but not on the client one.

    So I came up with the idea that I will use the same mechanism as Azure Storage Explorer or CLI, but have found no examples how to do it (maybe I do not know how to search it). Additionally I use MFA in my company (Symantec VIP).

    Is there anyone here who did something similar or could tell me where to look for a solution?

    • Moved by Femisulu-MSFT Saturday, April 27, 2019 2:17 AM better suited in AAD
    Friday, April 26, 2019 8:49 AM

Answers

All replies

  • For  example: 

    https://gist.github.com/buchizo/18a66af3e17e2767d51613e33d75195f

    that code using device login. device login can support your account with MFA.


    • Edited by k.buchiMVP Saturday, April 27, 2019 7:41 AM
    Saturday, April 27, 2019 7:38 AM
  • Thank you for this example, but it seems not work for me. Maybe I am missing something?

    It stops on:

    var token = await authenticationContext.AcquireTokenByDeviceCodeAsync(deviceresult);
    I do not get any login screen - nothing.

    Monday, April 29, 2019 12:39 PM
  • You should access to url of deviceresult.VerificationUrl and enter code from deviceresult.UserCode.

    After that, you'll do normaly login process (enter account id and password with MFA).

    Monday, April 29, 2019 4:49 PM
  • Thank you, again!

    Ok, It works this way but when I run Azure CLI I do not have to go to the https://microsoft.com/devicelogin and enter the UserCode prior to login. Additionally I got a web page open in default browser to provide my credentials.

    Does Azure CLI (or Azure Storage Browser) provide this code somehow without user interaction?

    Monday, April 29, 2019 5:51 PM
  • If your app is .NET Framework, you can use login UI as follows:

    https://gist.github.com/buchizo/e80be6da152377e7ed9c7d46e59794d2

    This sample can use FileCache. You will no require login after fist login with UI, because app uses token cache.

    OR:

    DeviceCode login with FileCache. In this case, your app will no require login until token expired after fist login. 
     

    https://gist.github.com/buchizo/8d3a53f6e8676ab87cf853934ab35acf


    * Those are samples. If you want to production use, you should modified some topics. e.g. token refresh, token vault (store)..
    Monday, April 29, 2019 6:54 PM