Azure · isra-fel · Nov 5, 2020 · Oct 29, 2020
diff --git a/src/Accounts/Authentication/Properties/Resources.Designer.cs b/src/Accounts/Authentication/Properties/Resources.Designer.cs
diff --git a/src/Websites/Websites.Test/ScenarioTests/AccessRestrictionTests.cs b/src/Websites/Websites.Test/ScenarioTests/AccessRestrictionTests.cs
@@ -59,6 +59,20 @@ public void TestAddWebAppAccessRestriction()
             WebsitesController.NewInstance.RunPsTest(_logger, "Test-AddWebAppAccessRestriction");
         }
 
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        public void TestAddWebAppAccessRestrictionServiceTag()
+        {
+            WebsitesController.NewInstance.RunPsTest(_logger, "Test-AddWebAppAccessRestrictionServiceTag");
+        }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        public void TestAddWebAppAccessRestrictionHttpHeaders()
+        {
+            WebsitesController.NewInstance.RunPsTest(_logger, "Test-AddWebAppAccessRestrictionHttpHeaders");
+        }
+
         // Currently no mock for Network exists in the Test Framework
         //[Fact]
         //[Trait(Category.AcceptanceType, Category.CheckIn)]
@@ -74,6 +88,13 @@ public void TestRemoveWebAppAccessRestriction()
             WebsitesController.NewInstance.RunPsTest(_logger, "Test-RemoveWebAppAccessRestriction");
         }
 
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        public void TestRemoveWebAppAccessRestrictionServiceTag()
+        {
+            WebsitesController.NewInstance.RunPsTest(_logger, "Test-RemoveWebAppAccessRestrictionServiceTag");
+        }
+
         [Fact]
         [Trait(Category.AcceptanceType, Category.CheckIn)]
         public void TestAddWebAppAccessRestrictionScm()

diff --git a/src/Websites/Websites.Test/ScenarioTests/AccessRestrictionTests.ps1 b/src/Websites/Websites.Test/ScenarioTests/AccessRestrictionTests.ps1
@@ -189,6 +189,98 @@ function Test-AddWebAppAccessRestriction
 	}
 }
 
+<#
+.SYNOPSIS
+Add ServiceTag Access Restriction
+#>
+function Test-AddWebAppAccessRestrictionServiceTag
+{
+	# Setup
+	$rgname = Get-ResourceGroupName
+	$wname = Get-WebsiteName	
+	$location = Get-WebLocation
+	$whpName = Get-WebHostPlanName
+	$tier = "Shared"
+	$serviceTag = "AzureFrontDoor.Backend"
+
+	try
+	{
+		# Setup
+		New-AzResourceGroup -Name $rgname -Location $location
+		$serverFarm = New-AzAppServicePlan -ResourceGroupName $rgname -Name  $whpName -Location  $location -Tier $tier
+
+		# Create new web app
+		$webApp = New-AzWebApp -ResourceGroupName $rgname -Name $wname -Location $location -AppServicePlan $whpName 
+
+		# Assert Setup
+		Assert-AreEqual $wname $webApp.Name
+		Assert-AreEqual $serverFarm.Id $webApp.ServerFarmId
+
+		# Run Tests
+		$actual = Add-AzWebAppAccessRestrictionRule -ResourceGroupName $rgname -WebAppName $wname -Name frontdoor -Action Allow -ServiceTag $serviceTag -Priority 400 -PassThru
+
+		# Assert
+		Assert-AreEqual 2 $actual.MainSiteAccessRestrictions.Count
+		Assert-AreEqual "frontdoor" $actual.MainSiteAccessRestrictions[0].RuleName
+		Assert-AreEqual "Allow" $actual.MainSiteAccessRestrictions[0].Action
+		Assert-AreEqual $serviceTag $actual.MainSiteAccessRestrictions[0].IpAddress
+		Assert-AreEqual "Deny all" $actual.MainSiteAccessRestrictions[1].RuleName
+		Assert-AreEqual "Deny" $actual.MainSiteAccessRestrictions[1].Action
+	}
+	finally
+	{
+		# Cleanup
+		Remove-AzResourceGroup -Name $rgname -Force
+	}
+}
+
+<#
+.SYNOPSIS
+Add HttpHeader Access Restriction
+#>
+function Test-AddWebAppAccessRestrictionHttpHeaders
+{
+	# Setup
+	$rgname = Get-ResourceGroupName
+	$wname = Get-WebsiteName	
+	$location = Get-WebLocation
+	$whpName = Get-WebHostPlanName
+	$tier = "Shared"
+	$serviceTag = "AzureFrontDoor.Backend"
+
+	try
+	{
+		# Setup
+		New-AzResourceGroup -Name $rgname -Location $location
+		$serverFarm = New-AzAppServicePlan -ResourceGroupName $rgname -Name  $whpName -Location  $location -Tier $tier
+
+		# Create new web app
+		$webApp = New-AzWebApp -ResourceGroupName $rgname -Name $wname -Location $location -AppServicePlan $whpName 
+
+		# Assert Setup
+		Assert-AreEqual $wname $webApp.Name
+		Assert-AreEqual $serverFarm.Id $webApp.ServerFarmId
+
+		# Run Tests
+		$actual = Add-AzWebAppAccessRestrictionRule -ResourceGroupName $rgname -WebAppName $wname -Name singleinstance-frontdoor -Action Allow -ServiceTag $serviceTag `
+		-Priority 500 -HttpHeader @{'x-azure-fdid' = '355deb06-47c4-4ba4-9641-c7d7a98b913e'; 'x-forwarded-host' = 'www.contoso.com', 'app.contoso.com' } -PassThru
+
+		# Assert
+		Assert-AreEqual 2 $actual.MainSiteAccessRestrictions.Count
+		Assert-AreEqual "singleinstance-frontdoor" $actual.MainSiteAccessRestrictions[0].RuleName
+		Assert-AreEqual "Allow" $actual.MainSiteAccessRestrictions[0].Action
+		Assert-AreEqual $serviceTag $actual.MainSiteAccessRestrictions[0].IpAddress
+		Assert-NotNull $actual.MainSiteAccessRestrictions[0].HttpHeader
+		Assert-AreEqual "Deny all" $actual.MainSiteAccessRestrictions[1].RuleName
+		Assert-AreEqual "Deny" $actual.MainSiteAccessRestrictions[1].Action
+	}
+	finally
+	{
+		# Cleanup
+		Remove-AzResourceGroup -Name $rgname -Force
+	}
+}
+
 <#
 .SYNOPSIS
 Add Subnet Access Restriction
@@ -299,6 +391,59 @@ function Test-RemoveWebAppAccessRestriction
 	}
 }
 
+<#
+.SYNOPSIS
+Add and Remove ServiceTag Access Restriction
+#>
+function Test-RemoveWebAppAccessRestrictionServiceTag
+{
+	# Setup
+	$rgname = Get-ResourceGroupName
+	$wname = Get-WebsiteName	
+	$location = Get-WebLocation
+	$whpName = Get-WebHostPlanName
+	$tier = "Shared"
+	$serviceTag = "AzureCloud"
+
+	try
+	{
+		# Setup
+		New-AzResourceGroup -Name $rgname -Location $location
+		$serverFarm = New-AzAppServicePlan -ResourceGroupName $rgname -Name  $whpName -Location  $location -Tier $tier
+
+		# Create new web app
+		$webApp = New-AzWebApp -ResourceGroupName $rgname -Name $wname -Location $location -AppServicePlan $whpName 
+
+		# Assert Setup
+		Assert-AreEqual $wname $webApp.Name
+		Assert-AreEqual $serverFarm.Id $webApp.ServerFarmId
+
+		# Run Tests
+		$actual = Add-AzWebAppAccessRestrictionRule -ResourceGroupName $rgname -WebAppName $wname -Name all-azure -Action Allow -ServiceTag $serviceTag -Priority 400 -PassThru
+
+		# Assert
+		Assert-AreEqual 2 $actual.MainSiteAccessRestrictions.Count
+		Assert-AreEqual "all-azure" $actual.MainSiteAccessRestrictions[0].RuleName
+		Assert-AreEqual $serviceTag $actual.MainSiteAccessRestrictions[0].IpAddress
+		Assert-AreEqual "Allow" $actual.MainSiteAccessRestrictions[0].Action
+		Assert-AreEqual "Deny all" $actual.MainSiteAccessRestrictions[1].RuleName
+		Assert-AreEqual "Deny" $actual.MainSiteAccessRestrictions[1].Action
+
+		# Run Tests
+		$actual = Remove-AzWebAppAccessRestrictionRule -ResourceGroupName $rgname -WebAppName $wname -ServiceTag $serviceTag -PassThru
+
+		# Assert
+		Assert-AreEqual 1 $actual.MainSiteAccessRestrictions.Count
+		Assert-AreEqual "Allow all" $actual.MainSiteAccessRestrictions[0].RuleName
+		Assert-AreEqual "Allow" $actual.MainSiteAccessRestrictions[0].Action
+	}
+	finally
+	{
+		# Cleanup
+		Remove-AzResourceGroup -Name $rgname -Force
+	}
+}
+
 <#
 .SYNOPSIS
 Add IpAddress Access Restriction to SCM Site

diff --git a/...ds.Websites.Test.ScenarioTests.AccessRestrictionTests/TestAddWebAppAccessRestriction.json b/...ds.Websites.Test.ScenarioTests.AccessRestrictionTests/TestAddWebAppAccessRestriction.json
diff --git a/....Test.ScenarioTests.AccessRestrictionTests/TestAddWebAppAccessRestrictionHttpHeaders.json b/....Test.ScenarioTests.AccessRestrictionTests/TestAddWebAppAccessRestrictionHttpHeaders.json
diff --git a/...Websites.Test.ScenarioTests.AccessRestrictionTests/TestAddWebAppAccessRestrictionScm.json b/...Websites.Test.ScenarioTests.AccessRestrictionTests/TestAddWebAppAccessRestrictionScm.json
diff --git a/...s.Test.ScenarioTests.AccessRestrictionTests/TestAddWebAppAccessRestrictionServiceTag.json b/...s.Test.ScenarioTests.AccessRestrictionTests/TestAddWebAppAccessRestrictionServiceTag.json
diff --git a/...ebsites.Test.ScenarioTests.AccessRestrictionTests/TestAddWebAppAccessRestrictionSlot.json b/...ebsites.Test.ScenarioTests.AccessRestrictionTests/TestAddWebAppAccessRestrictionSlot.json
diff --git a/...ds.Websites.Test.ScenarioTests.AccessRestrictionTests/TestGetWebAppAccessRestriction.json b/...ds.Websites.Test.ScenarioTests.AccessRestrictionTests/TestGetWebAppAccessRestriction.json
diff --git a/...Websites.Test.ScenarioTests.AccessRestrictionTests/TestRemoveWebAppAccessRestriction.json b/...Websites.Test.ScenarioTests.AccessRestrictionTests/TestRemoveWebAppAccessRestriction.json
diff --git a/...sites.Test.ScenarioTests.AccessRestrictionTests/TestRemoveWebAppAccessRestrictionScm.json b/...sites.Test.ScenarioTests.AccessRestrictionTests/TestRemoveWebAppAccessRestrictionScm.json
diff --git a/...est.ScenarioTests.AccessRestrictionTests/TestRemoveWebAppAccessRestrictionServiceTag.json b/...est.ScenarioTests.AccessRestrictionTests/TestRemoveWebAppAccessRestrictionServiceTag.json
diff --git a/...s.Test.ScenarioTests.AccessRestrictionTests/TestUpdateWebAppAccessRestrictionComplex.json b/...s.Test.ScenarioTests.AccessRestrictionTests/TestUpdateWebAppAccessRestrictionComplex.json
diff --git a/...es.Test.ScenarioTests.AccessRestrictionTests/TestUpdateWebAppAccessRestrictionSimple.json b/...es.Test.ScenarioTests.AccessRestrictionTests/TestUpdateWebAppAccessRestrictionSimple.json
diff --git a/src/Websites/Websites.sln b/src/Websites/Websites.sln
@@ -1,6 +1,6 @@
 Microsoft Visual Studio Solution File, Format Version 12.00
-# Visual Studio 15
-VisualStudioVersion = 15.0.27703.2042
+# Visual Studio Version 16
+VisualStudioVersion = 16.0.30611.23
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Websites", "Websites\Websites.csproj", "{80A92297-7C92-456B-8EE7-9FB6CE30149D}"
 EndProject
@@ -18,6 +18,8 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "ScenarioTest.ResourceManage
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "TestFx", "..\..\tools\TestFx\TestFx.csproj", "{BC80A1D0-FFA4-43D9-AA74-799F5CB54B58}"
 EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Authenticators", "..\Accounts\Authenticators\Authenticators.csproj", "{31473C1B-1B34-4545-BF2D-50BEE84E7283}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -52,6 +54,10 @@ Global
 		{BC80A1D0-FFA4-43D9-AA74-799F5CB54B58}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{BC80A1D0-FFA4-43D9-AA74-799F5CB54B58}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{BC80A1D0-FFA4-43D9-AA74-799F5CB54B58}.Release|Any CPU.Build.0 = Release|Any CPU
+		{31473C1B-1B34-4545-BF2D-50BEE84E7283}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{31473C1B-1B34-4545-BF2D-50BEE84E7283}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{31473C1B-1B34-4545-BF2D-50BEE84E7283}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{31473C1B-1B34-4545-BF2D-50BEE84E7283}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE

diff --git a/src/Websites/Websites/ChangeLog.md b/src/Websites/Websites/ChangeLog.md
@@ -18,6 +18,7 @@
         - Additional information about change #1
 -->
 ## Upcoming Release
+* Added support for new access restriction features: ServiceTag, multi-ip and http-headers
 
 ## Version 2.0.0
 * Added support for Premium V3 pricing tier