C# 使用AAD/MFA凭据连接到多个Azure DBs
我正在尝试编写一个netcore控制台应用程序,它连接到多个Azure SQL数据库,并针对这些数据库执行一些脚本。我们公司要求Azure AD具有数据库的MFA登录名 我已成功地使用以下信息使其登录: 设置C# 使用AAD/MFA凭据连接到多个Azure DBs,c#,sql-server,.net-core,azure-active-directory,azure-sql-database,C#,Sql Server,.net Core,Azure Active Directory,Azure Sql Database,我正在尝试编写一个netcore控制台应用程序,它连接到多个Azure SQL数据库,并针对这些数据库执行一些脚本。我们公司要求Azure AD具有数据库的MFA登录名 我已成功地使用以下信息使其登录: 设置 static void Main(string[] args) { var provider = new ActiveDirectoryAuthProvider(); SqlAuthenticationProvider.SetProvider( SqlAu
static void Main(string[] args)
{
var provider = new ActiveDirectoryAuthProvider();
SqlAuthenticationProvider.SetProvider(
SqlAuthenticationMethod.ActiveDirectoryIntegrated,
//SC.SqlAuthenticationMethod.ActiveDirectoryInteractive,
//SC.SqlAuthenticationMethod.ActiveDirectoryIntegrated, // Alternatives.
//SC.SqlAuthenticationMethod.ActiveDirectoryPassword,
provider);
}
public class ActiveDirectoryAuthProvider : SqlAuthenticationProvider
{
// Program._ more static values that you set!
private readonly string _clientId = "MyClientID";
public override async TT.Task<SC.SqlAuthenticationToken>
AcquireTokenAsync(SC.SqlAuthenticationParameters parameters)
{
AD.AuthenticationContext authContext =
new AD.AuthenticationContext(parameters.Authority);
authContext.CorrelationId = parameters.ConnectionId;
AD.AuthenticationResult result;
switch (parameters.AuthenticationMethod)
{
case SC.SqlAuthenticationMethod.ActiveDirectoryIntegrated:
Console.WriteLine("In method 'AcquireTokenAsync', case_1 == '.ActiveDirectoryIntegrated'.");
Console.WriteLine($"Resource: {parameters.Resource}");
result = await authContext.AcquireTokenAsync(
parameters.Resource,
_clientId,
new AD.UserCredential(GlobalSettings.CredentialsSettings.Username));
break;
default: throw new InvalidOperationException();
}
return new SC.SqlAuthenticationToken(result.AccessToken, result.ExpiresOn);
}
public override bool IsSupported(SC.SqlAuthenticationMethod authenticationMethod)
{
return authenticationMethod == SC.SqlAuthenticationMethod.ActiveDirectoryIntegrated
|| authenticationMethod == SC.SqlAuthenticationMethod.ActiveDirectoryInteractive;
}
}
static void Main(string[] args)
{
var provider = new ActiveDirectoryAuthProvider();
SqlAuthenticationProvider.SetProvider(
SqlAuthenticationMethod.ActiveDirectoryInteractive,
//SC.SqlAuthenticationMethod.ActiveDirectoryIntegrated, // Alternatives.
//SC.SqlAuthenticationMethod.ActiveDirectoryPassword,
provider);
}
是否有任何方法要求所有数据库只进行一次浏览器身份验证?它们都在同一个Azure SQL实例上。因此,代码中有一些PEBKAC。尽管它使用的是
builder.Authentication=SqlAuthenticationMethod.ActiveDirectoryInteractiveActiveDirectoryIntegratedActiveDirectoryIntegratedActiveDirectoryInteractivestatic void Main(string[] args)
{
var provider = new ActiveDirectoryAuthProvider();
SqlAuthenticationProvider.SetProvider(
SqlAuthenticationMethod.ActiveDirectoryIntegrated,
//SC.SqlAuthenticationMethod.ActiveDirectoryInteractive,
//SC.SqlAuthenticationMethod.ActiveDirectoryIntegrated, // Alternatives.
//SC.SqlAuthenticationMethod.ActiveDirectoryPassword,
provider);
}
public class ActiveDirectoryAuthProvider : SqlAuthenticationProvider
{
// Program._ more static values that you set!
private readonly string _clientId = "MyClientID";
public override async TT.Task<SC.SqlAuthenticationToken>
AcquireTokenAsync(SC.SqlAuthenticationParameters parameters)
{
AD.AuthenticationContext authContext =
new AD.AuthenticationContext(parameters.Authority);
authContext.CorrelationId = parameters.ConnectionId;
AD.AuthenticationResult result;
switch (parameters.AuthenticationMethod)
{
case SC.SqlAuthenticationMethod.ActiveDirectoryIntegrated:
Console.WriteLine("In method 'AcquireTokenAsync', case_1 == '.ActiveDirectoryIntegrated'.");
Console.WriteLine($"Resource: {parameters.Resource}");
result = await authContext.AcquireTokenAsync(
parameters.Resource,
_clientId,
new AD.UserCredential(GlobalSettings.CredentialsSettings.Username));
break;
default: throw new InvalidOperationException();
}
return new SC.SqlAuthenticationToken(result.AccessToken, result.ExpiresOn);
}
public override bool IsSupported(SC.SqlAuthenticationMethod authenticationMethod)
{
return authenticationMethod == SC.SqlAuthenticationMethod.ActiveDirectoryIntegrated
|| authenticationMethod == SC.SqlAuthenticationMethod.ActiveDirectoryInteractive;
}
}
static void Main(string[] args)
{
var provider = new ActiveDirectoryAuthProvider();
SqlAuthenticationProvider.SetProvider(
SqlAuthenticationMethod.ActiveDirectoryInteractive,
//SC.SqlAuthenticationMethod.ActiveDirectoryIntegrated, // Alternatives.
//SC.SqlAuthenticationMethod.ActiveDirectoryPassword,
provider);
}
public class ActiveDirectoryAuthProvider : SqlAuthenticationProvider
{
private readonly string _clientId = "MyClientID";
private Uri _redirectURL { get; set; } = new Uri("http://localhost:8089");
private AD.AuthenticationContext AuthContext { get; set; }
private TokenCache Cache { get; set; }
public ActiveDirectoryAuthProvider()
{
Cache = new TokenCache();
}
public override async TT.Task<SC.SqlAuthenticationToken> AcquireTokenAsync(SC.SqlAuthenticationParameters parameters)
{
var authContext = AuthContext ?? new AD.AuthenticationContext(parameters.Authority, Cache);
authContext.CorrelationId = parameters.ConnectionId;
AD.AuthenticationResult result;
try
{
result = await authContext.AcquireTokenSilentAsync(
parameters.Resource,
_clientId);
}
catch (AdalSilentTokenAcquisitionException)
{
result = await authContext.AcquireTokenAsync(
parameters.Resource,
_clientId,
_redirectURL,
new AD.PlatformParameters(PromptBehavior.Auto, new CustomWebUi()),
new UserIdentifier(parameters.UserId, UserIdentifierType.RequiredDisplayableId));
}
var token = new SC.SqlAuthenticationToken(result.AccessToken, result.ExpiresOn);
return token;
}
public override bool IsSupported(SC.SqlAuthenticationMethod authenticationMethod)
{
return authenticationMethod == SC.SqlAuthenticationMethod.ActiveDirectoryInteractive;
}
}
/// <summary>
/// This object is responsible for listening to a single TCP request, on localhost:port,
/// extracting the uri, parsing
/// </summary>
/// <remarks>
/// The underlying TCP listener might capture multiple requests, but only the first one is handled.
///
/// Cribbed this class from https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/blob/9e0f57b53edfdcf027cbff401d3ca6c02e95ef1b/tests/devapps/NetCoreTestApp/Experimental/SingleMessageTcpListener.cs
/// </remarks>
internal class SingleMessageTcpListener : IDisposable
{
private readonly int _port;
private readonly System.Net.Sockets.TcpListener _tcpListener;
public SingleMessageTcpListener(int port)
{
if (port < 1 || port == 80)
{
throw new ArgumentOutOfRangeException("Expected a valid port number, > 0, not 80");
}
_port = port;
_tcpListener = new System.Net.Sockets.TcpListener(IPAddress.Loopback, _port);
}
public async Task ListenToSingleRequestAndRespondAsync(
Func<Uri, string> responseProducer,
CancellationToken cancellationToken)
{
cancellationToken.Register(() => _tcpListener.Stop());
_tcpListener.Start();
TcpClient tcpClient = null;
try
{
tcpClient =
await AcceptTcpClientAsync(cancellationToken)
.ConfigureAwait(false);
await ExtractUriAndRespondAsync(tcpClient, responseProducer, cancellationToken).ConfigureAwait(false);
}
finally
{
tcpClient?.Close();
}
}
/// <summary>
/// AcceptTcpClientAsync does not natively support cancellation, so use this wrapper. Make sure
/// the cancellation token is registered to stop the listener.
/// </summary>
/// <remarks>See https://stackoverflow.com/questions/19220957/tcplistener-how-to-stop-listening-while-awaiting-accepttcpclientasync</remarks>
private async Task<TcpClient> AcceptTcpClientAsync(CancellationToken token)
{
try
{
return await _tcpListener.AcceptTcpClientAsync().ConfigureAwait(false);
}
catch (Exception ex) when (token.IsCancellationRequested)
{
throw new OperationCanceledException("Cancellation was requested while awaiting TCP client connection.", ex);
}
}
private async Task ExtractUriAndRespondAsync(
TcpClient tcpClient,
Func<Uri, string> responseProducer,
CancellationToken cancellationToken)
{
cancellationToken.ThrowIfCancellationRequested();
string httpRequest = await GetTcpResponseAsync(tcpClient, cancellationToken).ConfigureAwait(false);
Uri uri = ExtractUriFromHttpRequest(httpRequest);
// write an "OK, please close the browser message"
await WriteResponseAsync(responseProducer(uri), tcpClient.GetStream(), cancellationToken)
.ConfigureAwait(false);
}
private Uri ExtractUriFromHttpRequest(string httpRequest)
{
string regexp = @"GET \/\?(.*) HTTP";
string getQuery = null;
Regex r1 = new Regex(regexp);
Match match = r1.Match(httpRequest);
if (!match.Success)
{
throw new InvalidOperationException("Not a GET query");
}
getQuery = match.Groups[1].Value;
UriBuilder uriBuilder = new UriBuilder();
uriBuilder.Query = getQuery;
uriBuilder.Port = _port;
return uriBuilder.Uri;
}
private static async Task<string> GetTcpResponseAsync(TcpClient client, CancellationToken cancellationToken)
{
NetworkStream networkStream = client.GetStream();
byte[] readBuffer = new byte[1024];
StringBuilder stringBuilder = new StringBuilder();
int numberOfBytesRead = 0;
// Incoming message may be larger than the buffer size.
do
{
numberOfBytesRead = await networkStream.ReadAsync(readBuffer, 0, readBuffer.Length, cancellationToken)
.ConfigureAwait(false);
string s = Encoding.ASCII.GetString(readBuffer, 0, numberOfBytesRead);
stringBuilder.Append(s);
}
while (networkStream.DataAvailable);
return stringBuilder.ToString();
}
private async Task WriteResponseAsync(
string message,
NetworkStream stream,
CancellationToken cancellationToken)
{
string fullResponse = $"HTTP/1.1 200 OK\r\n\r\n{message}";
var response = Encoding.ASCII.GetBytes(fullResponse);
await stream.WriteAsync(response, 0, response.Length, cancellationToken).ConfigureAwait(false);
await stream.FlushAsync(cancellationToken).ConfigureAwait(false);
}
public void Dispose()
{
_tcpListener?.Stop();
}
}
public class ActiveDirectoryAuthProvider : SqlAuthenticationProvider
{
private readonly string _clientId = "MyClientID";
private Uri _redirectURL { get; set; } = new Uri("http://localhost:8089");
private AD.AuthenticationContext AuthContext { get; set; }
private TokenCache Cache { get; set; }
public ActiveDirectoryAuthProvider()
{
Cache = new TokenCache();
}
public override async TT.Task<SC.SqlAuthenticationToken> AcquireTokenAsync(SC.SqlAuthenticationParameters parameters)
{
var authContext = AuthContext ?? new AD.AuthenticationContext(parameters.Authority, Cache);
authContext.CorrelationId = parameters.ConnectionId;
AD.AuthenticationResult result;
try
{
result = await authContext.AcquireTokenSilentAsync(
parameters.Resource,
_clientId);
}
catch (AdalSilentTokenAcquisitionException)
{
result = await authContext.AcquireTokenAsync(
parameters.Resource,
_clientId,
_redirectURL,
new AD.PlatformParameters(PromptBehavior.Auto, new CustomWebUi()),
new UserIdentifier(parameters.UserId, UserIdentifierType.RequiredDisplayableId));
}
var token = new SC.SqlAuthenticationToken(result.AccessToken, result.ExpiresOn);
return token;
}
public override bool IsSupported(SC.SqlAuthenticationMethod authenticationMethod)
{
return authenticationMethod == SC.SqlAuthenticationMethod.ActiveDirectoryInteractive;
}
}
/// <summary>
/// This object is responsible for listening to a single TCP request, on localhost:port,
/// extracting the uri, parsing
/// </summary>
/// <remarks>
/// The underlying TCP listener might capture multiple requests, but only the first one is handled.
///
/// Cribbed this class from https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/blob/9e0f57b53edfdcf027cbff401d3ca6c02e95ef1b/tests/devapps/NetCoreTestApp/Experimental/SingleMessageTcpListener.cs
/// </remarks>
internal class SingleMessageTcpListener : IDisposable
{
private readonly int _port;
private readonly System.Net.Sockets.TcpListener _tcpListener;
public SingleMessageTcpListener(int port)
{
if (port < 1 || port == 80)
{
throw new ArgumentOutOfRangeException("Expected a valid port number, > 0, not 80");
}
_port = port;
_tcpListener = new System.Net.Sockets.TcpListener(IPAddress.Loopback, _port);
}
public async Task ListenToSingleRequestAndRespondAsync(
Func<Uri, string> responseProducer,
CancellationToken cancellationToken)
{
cancellationToken.Register(() => _tcpListener.Stop());
_tcpListener.Start();
TcpClient tcpClient = null;
try
{
tcpClient =
await AcceptTcpClientAsync(cancellationToken)
.ConfigureAwait(false);
await ExtractUriAndRespondAsync(tcpClient, responseProducer, cancellationToken).ConfigureAwait(false);
}
finally
{
tcpClient?.Close();
}
}
/// <summary>
/// AcceptTcpClientAsync does not natively support cancellation, so use this wrapper. Make sure
/// the cancellation token is registered to stop the listener.
/// </summary>
/// <remarks>See https://stackoverflow.com/questions/19220957/tcplistener-how-to-stop-listening-while-awaiting-accepttcpclientasync</remarks>
private async Task<TcpClient> AcceptTcpClientAsync(CancellationToken token)
{
try
{
return await _tcpListener.AcceptTcpClientAsync().ConfigureAwait(false);
}
catch (Exception ex) when (token.IsCancellationRequested)
{
throw new OperationCanceledException("Cancellation was requested while awaiting TCP client connection.", ex);
}
}
private async Task ExtractUriAndRespondAsync(
TcpClient tcpClient,
Func<Uri, string> responseProducer,
CancellationToken cancellationToken)
{
cancellationToken.ThrowIfCancellationRequested();
string httpRequest = await GetTcpResponseAsync(tcpClient, cancellationToken).ConfigureAwait(false);
Uri uri = ExtractUriFromHttpRequest(httpRequest);
// write an "OK, please close the browser message"
await WriteResponseAsync(responseProducer(uri), tcpClient.GetStream(), cancellationToken)
.ConfigureAwait(false);
}
private Uri ExtractUriFromHttpRequest(string httpRequest)
{
string regexp = @"GET \/\?(.*) HTTP";
string getQuery = null;
Regex r1 = new Regex(regexp);
Match match = r1.Match(httpRequest);
if (!match.Success)
{
throw new InvalidOperationException("Not a GET query");
}
getQuery = match.Groups[1].Value;
UriBuilder uriBuilder = new UriBuilder();
uriBuilder.Query = getQuery;
uriBuilder.Port = _port;
return uriBuilder.Uri;
}
private static async Task<string> GetTcpResponseAsync(TcpClient client, CancellationToken cancellationToken)
{
NetworkStream networkStream = client.GetStream();
byte[] readBuffer = new byte[1024];
StringBuilder stringBuilder = new StringBuilder();
int numberOfBytesRead = 0;
// Incoming message may be larger than the buffer size.
do
{
numberOfBytesRead = await networkStream.ReadAsync(readBuffer, 0, readBuffer.Length, cancellationToken)
.ConfigureAwait(false);
string s = Encoding.ASCII.GetString(readBuffer, 0, numberOfBytesRead);
stringBuilder.Append(s);
}
while (networkStream.DataAvailable);
return stringBuilder.ToString();
}
private async Task WriteResponseAsync(
string message,
NetworkStream stream,
CancellationToken cancellationToken)
{
string fullResponse = $"HTTP/1.1 200 OK\r\n\r\n{message}";
var response = Encoding.ASCII.GetBytes(fullResponse);
await stream.WriteAsync(response, 0, response.Length, cancellationToken).ConfigureAwait(false);
await stream.FlushAsync(cancellationToken).ConfigureAwait(false);
}
public void Dispose()
{
_tcpListener?.Stop();
}
}
//
///此对象负责在localhost:port上侦听单个TCP请求,
///提取uri,解析
///
///
///底层TCP侦听器可能捕获多个请求,但只处理第一个请求。
///
///抄袭这门课https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/blob/9e0f57b53edfdcf027cbff401d3ca6c02e95ef1b/tests/devapps/NetCoreTestApp/Experimental/SingleMessageTcpListener.cs
///
内部类SingleMessageTcpListener:IDisposable
{
专用只读int_端口;
私有只读系统.Net.Sockets.TcpListener\u TcpListener;
公共SingleMessageTcpListener(内部端口)
{
如果(端口<1 | |端口==80)
{
抛出新ArgumentOutOfRangeException(“应为有效端口号,大于0,而不是80”);
}
_端口=端口;
_tcpListener=new System.Net.Sockets.tcpListener(IPAddress.Loopback,_port);
}
公共异步任务ListentSingleRequestandRespondAsync(
Func responseProducer,
取消令牌(取消令牌)
{
cancellationToken.Register(()=>\u tcpListener.Stop());
_tcpListener.Start();
TcpClient TcpClient=null;
尝试
{
TCP客户=
等待接受TCPClientAsync(取消令牌)
.配置等待(错误);
等待提取器和响应异步(tcpClient、responseProducer、cancellationToken);
}
最后
{
tcpClient?.Close();
}
}
///
///AcceptTcpClientAsync本机不支持取消,因此请使用此包装。请确保
///已注册取消令牌以停止侦听器。
///
///看https://stackoverflow.com/questions/19220957/tcplistener-how-to-stop-listening-while-awaiting-accepttcpclientasync
专用异步任务AcceptCpclientAsync(CancellationToken令牌)
{
尝试
{
返回await\u tcpListener.AcceptTcpClientAsync().ConfigureAwait(false);
}
当(token.IsCancellationRequested)时捕获(异常ex)
{
抛出新的OperationCanceledException(“在等待TCP客户端连接时请求取消。”,例如);
}
}
专用异步任务提取器和响应异步(
TCP客户端TCP客户端,
Func responseProducer,
取消令牌(取消令牌)
{
cancellationToken.ThrowIfCancellationRequested();
字符串httpRequest=await gettcrpresponseasync(tcpClient,cancellationToken);
Uri=ExtractUriFromHttpRequest(httpRequest);
//写一条“确定,请关闭浏览器消息”
等待WriteResponseAsync(responseProducer(uri)、tcpClient.GetStream()、cancellationToken)
.配置等待(错误);
}
私有Uri ExtractUriFromHttpRequest(字符串httpRequest)
{
字符串regexp=@“GET\/\?(*)HTTP”;
字符串getQuery=null;
Regex r1=新的Regex(regexp);
Match=r1.Match(httpRequest);
如果(!match.Success)
{
抛出新的InvalidOperationException(“不是GET查询”);
}
getQuery=match.Groups[1]。值;
UriBuilder UriBuilder=新的UriBuilder();
uriBuilder.Query=getQuery;
端口=_端口;
返回uriBuilder.Uri;
}
专用静态异步任务GetTcpResponseAsync(TcpClient客户端,CancellationToken CancellationToken)
{
NetworkStream NetworkStream=client.GetStream();
字节[]读缓冲区=新字节[1024];
StringBuilder StringBuilder=新的StringBuilder();
int numberOfBytesRead=0;
//传入消息可能大于缓冲区大小。
做
{
numberOfBytesRead=等待networkStream.ReadAsync(readBuffer,0,readBuffer.Length,cancellationToken)
.配置等待(错误);
字符串s=Encoding.ASCII.GetString(readBuffer,0,numberOfBytesRead);
stringBuilder.Append