Skip to content
Merged
Show file tree
Hide file tree
Changes from 3 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -15,3 +15,4 @@ description: Samples for the Azure.ResourceManager client library
- [Hello World - Getting a subscription async](https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/resourcemanager/Azure.ResourceManager/samples/Sample1_HelloWorldAsync.md)
- [Managing Resource Groups](https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/resourcemanager/Azure.ResourceManager/samples/Sample2_ManagingResourceGroups.md)
- [Creating a virtual network](https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/resourcemanager/Azure.ResourceManager/samples/Sample3_CreatingAVirtualNetwork.md)
- [Enable Cross-Tenant Authentication](https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/resourcemanager/Azure.ResourceManager/samples/Sample4_MultiTenant.md)
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
Example: Authenticate across tenants
Comment thread
HarveyLink marked this conversation as resolved.
--------------------------------------
For this example, you need the following namespaces:
```C# Snippet:MultiTenant_Namespaces
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
```

In order to test for multi-tenant, you will need to setup a service principal for another tenant.
1. Enable multi tenant on your SPN.
2. Add the redirect URL under the web (not single page application), e.g. https://www.microsoft.com
3. Using following link to add SPN to tenant2:
https://login.microsoftonline.com/<Tenant2_ID>/oauth2/authorize?client_id=<Client_ID>&response_type=code&redirect_uri=https%3A%2F%2Fwww.microsoft.com%2F
4. Give enough permission for the SPN in both tenants/subscriptions.
5. Set related environment variables to your machine.

***Create a pipeline policy***

```C# Snippet:Sample_Header_Policy
public class AuxiliaryPoilcy : HttpPipelineSynchronousPolicy
{
private static string AUTHORIZATION_AUXILIARY_HEADER = "x-ms-authorization-auxiliary";
string _token;

public AuxiliaryPoilcy(string token)
{
_token = token;
}

public override void OnSendingRequest(HttpMessage message)
{
string token = "Bearer " + _token;
if (!message.Request.Headers.TryGetValue(AUTHORIZATION_AUXILIARY_HEADER, out _))
{
message.Request.Headers.Add(AUTHORIZATION_AUXILIARY_HEADER, token);
}
}
}
```

***Authenticate the client and add token to the header***

```C# Snippet:Enable_Cross_Tenant_Authentication
string clientId = Environment.GetEnvironmentVariable("CLIENT_ID");
string clientSecret = Environment.GetEnvironmentVariable("CLIENT_SECRET");
string tenantId01 = Environment.GetEnvironmentVariable("TENANT_ID_01");
string tenantId02 = Environment.GetEnvironmentVariable("TENANT_ID_02");
string subscriptionId01 = Environment.GetEnvironmentVariable("SUBSCRIPTION_ID_01");

// Prepare client and policy for tenant01
ClientSecretCredential credForTenant01 = new ClientSecretCredential(tenantId01, clientId, clientSecret);
ClientSecretCredential credForTenant02 = new ClientSecretCredential(tenantId02, clientId, clientSecret);

string token = (await credForTenant02.GetTokenAsync(new Azure.Core.TokenRequestContext(
new[] { "https://management.azure.com/.default" }))).Token;
ArmClientOptions options = new ArmClientOptions();
AuxiliaryPoilcy headerPolicy = new AuxiliaryPoilcy(token);
options.AddPolicy(headerPolicy, HttpPipelinePosition.PerCall);
ArmClient client = new ArmClient(credForTenant01, subscriptionId01, options);
```
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
using Azure.Core;
using Azure.Core.Pipeline;

namespace Azure.ResourceManager.Tests.Samples
{
#region Snippet:Sample_Header_Policy
public class AuxiliaryPoilcy : HttpPipelineSynchronousPolicy
Comment thread
HarveyLink marked this conversation as resolved.
Outdated
{
private static string AUTHORIZATION_AUXILIARY_HEADER = "x-ms-authorization-auxiliary";
string _token;

public AuxiliaryPoilcy(string token)
{
_token = token;
}

public override void OnSendingRequest(HttpMessage message)
{
string token = "Bearer " + _token;
if (!message.Request.Headers.TryGetValue(AUTHORIZATION_AUXILIARY_HEADER, out _))
Comment thread
HarveyLink marked this conversation as resolved.
{
message.Request.Headers.Add(AUTHORIZATION_AUXILIARY_HEADER, token);
}
}
}
#endregion
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
#region Snippet:MultiTenant_Namespaces
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
#endregion
using NUnit.Framework;

namespace Azure.ResourceManager.Tests.Samples
{
public class Sample4_MultiTenant
{
[Test]
[Ignore("Only verifying that the sample builds")]
public async Task EnableCrossTenantAuthentication()
{
#region Snippet:Enable_Cross_Tenant_Authentication
string clientId = Environment.GetEnvironmentVariable("CLIENT_ID");
string clientSecret = Environment.GetEnvironmentVariable("CLIENT_SECRET");
string tenantId01 = Environment.GetEnvironmentVariable("TENANT_ID_01");
string tenantId02 = Environment.GetEnvironmentVariable("TENANT_ID_02");
string subscriptionId01 = Environment.GetEnvironmentVariable("SUBSCRIPTION_ID_01");

// Prepare client and policy for tenant01
ClientSecretCredential credForTenant01 = new ClientSecretCredential(tenantId01, clientId, clientSecret);
ClientSecretCredential credForTenant02 = new ClientSecretCredential(tenantId02, clientId, clientSecret);
Comment thread
HarveyLink marked this conversation as resolved.
Outdated

string token = (await credForTenant02.GetTokenAsync(new Azure.Core.TokenRequestContext(
Comment thread
HarveyLink marked this conversation as resolved.
Outdated
new[] { "https://management.azure.com/.default" }))).Token;
Comment thread
HarveyLink marked this conversation as resolved.
Outdated
ArmClientOptions options = new ArmClientOptions();
AuxiliaryPoilcy headerPolicy = new AuxiliaryPoilcy(token);
options.AddPolicy(headerPolicy, HttpPipelinePosition.PerCall);
ArmClient client = new ArmClient(credForTenant01, subscriptionId01, options);
#endregion
}
}
}