TechQA.

Azure Pack REST API Authentication

756 views Asked by At

After hours of search in Microsoft messed up API documentation for its products, i am still no where on how to authenticate a rest API request in windows azure pack distribution. Primarily i want to create an API which automate the process of deploying virtual machine, but I cant find any documentation on how to acquire the authentication token to access the resources.

Some documentation states the use of ADFS, but don't provide any reference on the ADFS REST API for authentication.

And I don't want to use ADFS in the first place. I want to authenticate using AZURE tenant and admin interface.

In conclusion, if anyone can provide any help on the REST API authentication, it will make my day. Thanks in advance.

api rest azure authentication azure-pack
Original Q&A
2

There are 2 answers

2
Jack Zeng On

You can use the following PowerShell to acquire an access token.

Add-Type -Path 'C:\Program Files\Microsoft Azure Active Directory Connect\Microsoft.IdentityModel.Clients.ActiveDirectory.dll'

$tenantID = "<the tenant id of you subscription>"
$authString = "https://login.windows.net/$tenantID" 

# It must be an MFA-disabled admin. 
$username = "<the username>"
$password = "<the password>"

# The resource can be https://graph.windows.net/ if you are using graph api.
# Or, https://management.azure.com/ if you are using ARM.
$resource = "https://management.core.windows.net/"

# This is the common client id.
$client_id = "1950a258-227b-4e31-a9cf-717495945fc2"

$creds = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.UserCredential" `
    -ArgumentList $username,$password

$authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" `
    -ArgumentList $authString

$authenticationResult = $authContext.AcquireToken($resource,$client_id,$creds)

# An Authorization header can be formed like this.
$authHeader = $authenticationResult.AccessTokenType + " " + $authenticationResult.AccessToken
0
Adam.Kao On

I am doing some similar job like you did.

        static string GetAspAuthToken(string authSiteEndPoint, string userName, string password)
    {

        var identityProviderEndpoint = new EndpointAddress(new Uri(authSiteEndPoint + "/wstrust/issue/usernamemixed"));

        var identityProviderBinding = new WS2007HttpBinding(SecurityMode.TransportWithMessageCredential);
        identityProviderBinding.Security.Message.EstablishSecurityContext = false;
        identityProviderBinding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
        identityProviderBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;

        var trustChannelFactory = new WSTrustChannelFactory(identityProviderBinding, identityProviderEndpoint)
        {
            TrustVersion = TrustVersion.WSTrust13,
        };
        //This line is only if we're using self-signed certs in the installation 
        trustChannelFactory.Credentials.ServiceCertificate.SslCertificateAuthentication = new X509ServiceCertificateAuthentication() { CertificateValidationMode = X509CertificateValidationMode.None };

        trustChannelFactory.Credentials.SupportInteractive = false;
        trustChannelFactory.Credentials.UserName.UserName = userName;
        trustChannelFactory.Credentials.UserName.Password = password;

        var channel = trustChannelFactory.CreateChannel();
        var rst = new RequestSecurityToken(RequestTypes.Issue)
        {
            AppliesTo = new EndpointReference("http://azureservices/TenantSite"),
            TokenType = "urn:ietf:params:oauth:token-type:jwt",
            KeyType = KeyTypes.Bearer,
        };

        RequestSecurityTokenResponse rstr = null;
        SecurityToken token = null;


        token = channel.Issue(rst, out rstr);
        var tokenString = (token as GenericXmlSecurityToken).TokenXml.InnerText;
        var jwtString = Encoding.UTF8.GetString(Convert.FromBase64String(tokenString));

        return jwtString;
    }

Parameter "authSiteEndPoint" is your Tenant Authentication site url. default port is 30071.

You can find some resource here: https://msdn.microsoft.com/en-us/library/dn479258.aspx

The sample program "SampleAuthApplication" can solve your question.

Related Questions in API

Related Questions in REST

Related Questions in AZURE

Related Questions in AUTHENTICATION

Related Questions in AZURE-PACK

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions