AzureCredentialsFactory.FromUser needs documentation/examples
See original GitHub issueI want to use .NET (F#) to manage Azure, instead of having to use Powershell or the Azure CLI or the Azure portal, and I want to do it as myself with my own permissions instead of having to set up a service principal that has the same permissions as me. It looks like AzureCredentialsFactory.FromUser may be what I’m looking for, but I must be using it wrong because it throws an auth exception. Here’s my script snippet:
let myClientId = "4aa4d595-fdf3-4271-a995-ba13a7f60f0c" // ApplicationID from Azure portal, see screenshot
let cred = SdkContext.AzureCredentialsFactory.FromUser("maxw@microsoft.com", pwd, myClientId, mytenantId, AzureEnvironment.AzureGlobalCloud)
let azure = Azure.Configure().Authenticate(cred)
printfn "%A" <| azure.ActiveDirectoryUsers.GetByName("coworker@microsoft.com")
Expected: some information about my coworker.
Actual: GetByName() throws authentication exception
at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.IdentityModel.Clients.ActiveDirectory.HttpWebRequestWrapper.<GetResponseSyncOrAsync>d__2.MoveNext()
...
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Azure.Management.ResourceManager.Fluent.Core.Extensions.Synchronize[TResult](Func`1 function)
at Microsoft.Azure.Management.Graph.RBAC.Fluent.ActiveDirectoryUsersImpl.Microsoft.Azure.Management.ResourceManager.Fluent.Core.CollectionActions.ISupportsGettingByName<Microsoft.Azure.Management.Graph.RBAC.Fluent.IActiveDirectoryUser>.GetByName(String name)
at Program.main(String[] argv) in d:\code\rse\azureManagement\azureManagement\azMan\Program.fs:line 32
Firstly, what is the correct usage? Secondly, why doesn’t Authenticate() throw instead of waiting for the GetByName() call before throwing?
Issue Analytics
- State:
- Created 5 years ago
- Reactions:1
- Comments:5 (3 by maintainers)
Top Results From Across the Web
AzureCredentialsFactory Class
Creates a credentials object from a service principal. FromSystemAssignedManagedServiceIdentity(MSIResourceType, AzureEnvironment, String). Creates a credential ...
Read more >AzureCredentialsFactory.FromMSI Method
Creates a credential object using token from local managed service identity endpoint.
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Thanks for the explanation of the .FromUser failure from 2FA.
Are there any examples of using .FromDevice()? I’m not sure what form Func<DeviceCodeResult, bool> is supposed to take.
My device is just a regular Windows 10 desktop machine.
This is due to the 2FA requirement in Microsoft tenant.
AzureCredentialsFactory.FromUser
only works if 2FA is not turned on in the directory.Authenticate()
does not actually make a REST call no matter how much the method name tells otherwise. A token is acquired on the wire when a first REST call is made, and once every hour afterwards.