1

I became to wonder, what would could the equivalents of

  • Login-AzureRmAccount
  • New-AzureRmADServicePrincipal
  • New-AzureRmADApplication

in Azure SDK for .NET. For some reason I don't seem to be able to locate them and I would like to do something like in this blog post, but in code.

<edit: 2017-06-20 00:42

Taking some cues from Tom Sun and poking this a bit deeper, I found an answer that solves partially a problem of "old libraries" and also the one initially choosing a subscription. It's described at https://stackoverflow.com/a/41360632/1332416, but that code is already a bit old too, and poking a bit further, there's a re-write of that into a bit newer form at https://stackoverflow.com/a/38036598/1332416. However, this isn't quite there yet, I keep poking a bit further (unless someone pokes further). I think I rephrased the original question unprecisely. I'd like to re-create "the usual log-in flow with PowerShell", but this time in code. These PS commands are a bit rough to pin down, though. :)

The part about choosing a subscription using PowerShell could be like this: $subscription = Get-AzureRmSubscription | Out-GridView -Title "Select the subsbcription for the deployment" -PassThru Select-AzureRmSubscription -SubscriptionId $subscription.SubscriptionId

Veksi
  • 3,556
  • 3
  • 30
  • 69

1 Answers1

1

From the Azure Management Libraries for .NET source code, I couldn't find Creating AD ServicePrincipal and Azure AD function. After some investigation, I found we could do that with Microsoft.Azure.ActiveDirectory.GraphClient SDK. I do a test demo, it works correctly on my side. The following is my detail steps:

Preparation:

1.We need to create a native AD Application in the Azure portal

enter image description here

  1. Assign Access the directory as the signed-in user delegated permissions

enter image description here

  1. We could get our tenant Id that is Directory info on the screenshot portal

enter image description here

Steps:

1.Create a C# console project.

2.Reference the Microsoft.Azure.ActiveDirectory.GraphClient SDK, more details please refer to packages.config section

3.Add the following code in the project.

 public static async Task<string> GetAccessToken(string userName, string password)
        {
            var tokenResponse = await context.AcquireTokenAsync("https://graph.windows.net", appId, new UserCredential(userName, password));
            var accessToken = tokenResponse.AccessToken;
            return accessToken;
        }

    static string appId = "created AD Application Id";
    static string tenantId = "tenant Id";
    static string graphResourceId = "https://graph.windows.net";
    static string username = "user name";
    static string userPasswrod = "passowrd";
    static void Main(string[] args)
    {

        Uri servicePointUri = new Uri(graphResourceId);
        Uri serviceRoot = new Uri(servicePointUri, tenantId);
        ActiveDirectoryClient activeDirectoryClient = new ActiveDirectoryClient(serviceRoot, async () => await GetAccessToken(username, userPasswrod));
        Application application = new Application
        {  
            Homepage = "http://localhost:13526/",
            DisplayName = "tomnewapplication",
            IdentifierUris = new List<string> { "http://localhost/abcde" }
        };

     //Create Azure Directory Application   
     activeDirectoryClient.Applications.AddApplicationAsync(application).Wait();
        ServicePrincipal servicePrincipal = new ServicePrincipal
        {
            AppId = "existing AD application Id"
        };
     //Create service principal 
       activeDirectoryClient.ServicePrincipals.AddServicePrincipalAsync(servicePrincipal).Wait();
    }

4. Check from azure portal

enter image description here

packages.config file

<?xml version="1.0" encoding="utf-8"?>
<packages>
  <package id="Microsoft.Azure.ActiveDirectory.GraphClient" version="2.1.1" targetFramework="net452" />
  <package id="Microsoft.Data.Edm" version="5.6.4" targetFramework="net452" />
  <package id="Microsoft.Data.OData" version="5.6.4" targetFramework="net452" />
  <package id="Microsoft.Data.Services.Client" version="5.6.4" targetFramework="net452" />
  <package id="Microsoft.Graph" version="1.2.0" targetFramework="net452" />
  <package id="Microsoft.Graph.Core" version="1.3.0" targetFramework="net452" />
  <package id="Microsoft.IdentityModel.Clients.ActiveDirectory" version="2.28.3" targetFramework="net452" />
  <package id="Newtonsoft.Json" version="6.0.1" targetFramework="net452" />
  <package id="System.Spatial" version="5.6.4" targetFramework="net452" />
</packages>
Tom Sun - MSFT
  • 24,161
  • 3
  • 30
  • 47
  • Hmm, interesting. I wonder if that library is updated. Good points though, I'll be back on computer in some hours, let me play with this a bit. The tenant ID could probably be queried as using `Get-AzureRmSubscription` and then choosing one, but maybe it too would use that a bit unupdated looking Nuget package... Looks like going to https://www.nuget.org/packages/Microsoft.Graph/.. :) – Veksi Jun 19 '17 at 17:20
  • I have update the answer to add the packages info. Please try to use [Microsoft.Azure.ActiveDirectory.GraphClient](https://www.nuget.org/packages/Microsoft.Azure.ActiveDirectory.GraphClient/) SDK not [Microsoft.Graph](https://www.nuget.org/packages/Microsoft.Graph/) SDK. – Tom Sun - MSFT Jun 19 '17 at 20:40
  • I appreciate the trouble you have gone through already. I'm a bit hesitant to accept the answer, though a good one, since the libraries are deprecated and though I see I neglected to provide the PS commandlet about choosing subscription, it proves to be as problematic as the others in "standard flow" when translated into C# code. I updated the question with some more research, I plan to dig a bit deeper on this. If nothing comes up, I'll accept this (tomorrow, probably). – Veksi Jun 19 '17 at 21:47
  • All good and well with this, I dig a bit deeper and maybe post a new, better formed question if I get some more time to dig with this. Thanks for the trouble! – Veksi Jun 20 '17 at 13:28
  • Hey I am trying to use Azure RM .Net library, which require a AzureCredential object to authenticate. I was wondering if there is anyway to generate this without creating Azure AD application and just by passing user name and password (Similar to Connect-AzureRmAccount). – Hari Govind Apr 03 '18 at 12:46
  • @HariGovind You could try the following code `var credentials =new AzureCredentials(new UserLoginInformation { ClientId = "Azure client Id",UserName = "username",Password = "Password"}, "tenant Id", AzureEnvironment.AzureGlobalCloud); //AzureChinaCloud,AzureGermanCloud,AzureUSGovernment`. It still need to create the Azure AD application. – Tom Sun - MSFT Apr 04 '18 at 01:19
  • Thanks @TomSun , I tried this code and It works fine, but I was wondering if there is anyway to do this without the Azure AD Application? – Hari Govind Apr 04 '18 at 05:09
  • @HariGovind Based on my experience, Azure AD appliction is required. – Tom Sun - MSFT Apr 04 '18 at 05:12
  • Thanks @TomSun, I was also thinking about the same. – Hari Govind Apr 04 '18 at 05:15
  • @TomSun I was wondering if there is a way to execute Azure RM powershell through C# and probably get the results. – Hari Govind Apr 04 '18 at 05:27
  • May I know why Azure AD application is not acceptable for you? – Tom Sun - MSFT Apr 04 '18 at 05:31
  • why do we need to create a native AD application to create a new application – Balasubramaniam Sep 21 '18 at 11:17