AAD: Handling Azure.Core.TokenCredential

BASE/Microsoft.ApplicationInsights.sln

@@ -42,6 +42,8 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.ApplicationInsigh
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "TelemetryChannel.Tests", "Test\ServerTelemetryChannel.Test\TelemetryChannel.Tests\TelemetryChannel.Tests.csproj", "{7AB3D817-9CAC-45A7-BA4D-25FA4D690DA4}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Microsoft.ApplicationInsights.Authentication.Tests", "Test\Microsoft.ApplicationInsights.Test\Microsoft.ApplicationInsights.Authentication.Tests\Microsoft.ApplicationInsights.Authentication.Tests.csproj", "{AADBCDDC-3BD4-434E-B474-B832133AFC84}"
+EndProject
 Global
 	GlobalSection(SharedMSBuildProjectFiles) = preSolution
 		src\Common\Common\Common.projitems*{3273d899-d9b3-44fe-b3ab-578e18b2ef90}*SharedItemsImports = 5
@@ -202,6 +204,26 @@ Global
 		{7AB3D817-9CAC-45A7-BA4D-25FA4D690DA4}.Release|x64.Build.0 = Release|Any CPU
 		{7AB3D817-9CAC-45A7-BA4D-25FA4D690DA4}.Release|x86.ActiveCfg = Release|Any CPU
 		{7AB3D817-9CAC-45A7-BA4D-25FA4D690DA4}.Release|x86.Build.0 = Release|Any CPU
+		{AADBCDDC-3BD4-434E-B474-B832133AFC84}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{AADBCDDC-3BD4-434E-B474-B832133AFC84}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{AADBCDDC-3BD4-434E-B474-B832133AFC84}.Debug|ARM.ActiveCfg = Debug|Any CPU
+		{AADBCDDC-3BD4-434E-B474-B832133AFC84}.Debug|ARM.Build.0 = Debug|Any CPU
+		{AADBCDDC-3BD4-434E-B474-B832133AFC84}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{AADBCDDC-3BD4-434E-B474-B832133AFC84}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{AADBCDDC-3BD4-434E-B474-B832133AFC84}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{AADBCDDC-3BD4-434E-B474-B832133AFC84}.Debug|x64.Build.0 = Debug|Any CPU
+		{AADBCDDC-3BD4-434E-B474-B832133AFC84}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{AADBCDDC-3BD4-434E-B474-B832133AFC84}.Debug|x86.Build.0 = Debug|Any CPU
+		{AADBCDDC-3BD4-434E-B474-B832133AFC84}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{AADBCDDC-3BD4-434E-B474-B832133AFC84}.Release|Any CPU.Build.0 = Release|Any CPU
+		{AADBCDDC-3BD4-434E-B474-B832133AFC84}.Release|ARM.ActiveCfg = Release|Any CPU
+		{AADBCDDC-3BD4-434E-B474-B832133AFC84}.Release|ARM.Build.0 = Release|Any CPU
+		{AADBCDDC-3BD4-434E-B474-B832133AFC84}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{AADBCDDC-3BD4-434E-B474-B832133AFC84}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{AADBCDDC-3BD4-434E-B474-B832133AFC84}.Release|x64.ActiveCfg = Release|Any CPU
+		{AADBCDDC-3BD4-434E-B474-B832133AFC84}.Release|x64.Build.0 = Release|Any CPU
+		{AADBCDDC-3BD4-434E-B474-B832133AFC84}.Release|x86.ActiveCfg = Release|Any CPU
+		{AADBCDDC-3BD4-434E-B474-B832133AFC84}.Release|x86.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -215,6 +237,7 @@ Global
 		{3273D899-D9B3-44FE-B3AB-578E18B2EF90} = {E7B0521E-DA4D-40EA-B55D-ADCBDA69027C}
 		{EF007559-EA01-4D4A-9BEB-8CC661797BE5} = {C2FEEDE5-8CAE-41A4-8932-42D284A86EA7}
 		{7AB3D817-9CAC-45A7-BA4D-25FA4D690DA4} = {A61B048F-ECEA-4BED-A2ED-22834E7D4DFB}
+		{AADBCDDC-3BD4-434E-B474-B832133AFC84} = {C2FEEDE5-8CAE-41A4-8932-42D284A86EA7}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {F70D4C7C-02FB-4EE9-875A-A2F95EC90EAC}

BASE/Test/Microsoft.ApplicationInsights.Test/Microsoft.ApplicationInsights.Authentication.Tests/CredentialEnvelopeTests.cs

@@ -0,0 +1,102 @@
+namespace Microsoft.ApplicationInsights.Authentication.Tests
+{
+    using System;
+    using System.Threading;
+    using System.Threading.Tasks;
+
+    using Azure.Core;
+    using Azure.Core.Pipeline;
+    using Azure.Identity;
+
+    using Microsoft.ApplicationInsights.Extensibility;
+    using Microsoft.ApplicationInsights.Extensibility.Implementation.Authentication;
+    using Microsoft.VisualStudio.TestTools.UnitTesting;
+
+    [TestClass]
+    public class CredentialEnvelopeTests
+    {
+        [TestMethod]
+        public void VerifyCanSetCredential()
+        {
+            var defaultTokenCredential = new MockCredential();
+
+            var telemetryConfiguration = new TelemetryConfiguration();
+            telemetryConfiguration.SetCredential(defaultTokenCredential);
+
+
+            var credentialEnvelope = telemetryConfiguration.CredentialEnvelope;
+#if NET461
+            Assert.IsInstanceOfType(credentialEnvelope, typeof(ReflectionCredentialEnvelope));
+#elif NET5_0
+            Assert.IsInstanceOfType(credentialEnvelope, typeof(TokenCredentialEnvelope));
+#else
+            throw new System.Exception("this is a testing gap.");
+#endif
+
+            Assert.AreEqual(defaultTokenCredential, telemetryConfiguration.CredentialEnvelope.Credential);
+        }
+
+#if NET461
+        /// <summary>
+        /// For older frameworks, TelemetryConfiguration accepts an <see cref="Object"/> parameter.
+        /// This test is to verify that we cannot set invalid types.
+        /// </summary>
+        [TestMethod]
+        [ExpectedException(typeof(ArgumentException))]
+        public void VerifyCannotSetInvalidObjectOnTelemetryConfiguration()
+        {
+            var telemetryConfiguration = new TelemetryConfiguration();
+            telemetryConfiguration.SetCredential(Guid.Empty);
+        }
+#endif
+
+#if NET5_0
+        [TestMethod]
+        public void VerifyCanGetTokenString()
+        {
+            var mockCredential = new MockCredential();
+
+            var tokenCredentialEnvelope = new TokenCredentialEnvelope(mockCredential);
+            var token = tokenCredentialEnvelope.GetToken();
+            Assert.IsNotNull(token);
+
+            var reflectionCredentialEnvelope = new ReflectionCredentialEnvelope(mockCredential);
+            var tokenFromReflection = reflectionCredentialEnvelope.GetToken();
+            Assert.IsNotNull(tokenFromReflection);
+
+            Assert.AreEqual(token, tokenFromReflection);
+        }
+
+        [TestMethod]
+        public async Task VerifyCanGetTokenStringAsync()
+        {
+            var mockCredential = new MockCredential();
+
+            var tokenCredentialEnvelope = new TokenCredentialEnvelope(mockCredential);
+            var token = await tokenCredentialEnvelope.GetTokenAsync();
+            Assert.IsNotNull(token);
+
+            var reflectionCredentialEnvelope = new ReflectionCredentialEnvelope(mockCredential);
+            var tokenFromReflection = await reflectionCredentialEnvelope.GetTokenAsync();
+            Assert.IsNotNull(tokenFromReflection);
+
+            Assert.AreEqual(token, tokenFromReflection);
+        }
+#endif
+        /// <remarks>
+        /// Copied from (https://github.com/Azure/azure-sdk-for-net/blob/master/sdk/core/Azure.Core.TestFramework/src/MockCredential.cs).
+        /// </remarks>
+        private class MockCredential : TokenCredential
+        {
+            public override ValueTask<AccessToken> GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken)
+            {
+                return new ValueTask<AccessToken>(GetToken(requestContext, cancellationToken));
+            }
+
+            public override AccessToken GetToken(TokenRequestContext requestContext, CancellationToken cancellationToken)
+            {
+                return new AccessToken("TEST TOKEN " + string.Join(" ", requestContext.Scopes), DateTimeOffset.MaxValue);
+            }
+        }
+    }
+}

BASE/Test/Microsoft.ApplicationInsights.Test/Microsoft.ApplicationInsights.Authentication.Tests/Microsoft.ApplicationInsights.Authentication.Tests.csproj

@@ -0,0 +1,24 @@
+<Project Sdk="Microsoft.NET.Sdk">
+  <Import Project="$(PropsRoot)\Test.props" />
+
+  <PropertyGroup>
+    <TargetFrameworks>net461;net5.0</TargetFrameworks>
+
+    <IsPackable>false</IsPackable>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="16.7.1" />
+    <PackageReference Include="MSTest.TestAdapter" Version="2.1.1" />
+    <PackageReference Include="MSTest.TestFramework" Version="2.1.1" />
+    <PackageReference Include="coverlet.collector" Version="1.3.0" />
+
+    <PackageReference Include="Azure.Identity" Version="1.3.0" /> <!-- Supports: netstandard2.0 -->
+    <PackageReference Include="Azure.Core" Version="1.10.0" /> <!-- Supports: net4.6.1, netstandard2.0, net5.0 -->
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\..\..\src\Microsoft.ApplicationInsights\Microsoft.ApplicationInsights.csproj" /> <!-- Supports: net4.5.2, net4.6, netstandard2.0-->
+  </ItemGroup>
+
+</Project>

BASE/Test/Microsoft.ApplicationInsights.Test/Microsoft.ApplicationInsights.Authentication.Tests/ReflectionCredentialEnvelopeTests.cs

@@ -0,0 +1,81 @@
+namespace Microsoft.ApplicationInsights.Authentication.Tests
+{
+    using System;
+    using System.Threading;
+    using System.Threading.Tasks;
+
+    using Azure.Core;
+
+    using Microsoft.ApplicationInsights.Extensibility.Implementation.Authentication;
+    using Microsoft.VisualStudio.TestTools.UnitTesting;
+
+    /// <summary>
+    /// The <see cref="ReflectionCredentialEnvelope"/> cannot take a dependency on <see cref="Azure.Core.TokenCredential"/>.
+    /// We must use reflection to interact with this class.
+    /// These tests are to confirm that we can correctly identity classes that implement TokenCredential and address it's methods.
+    /// </summary>
+    [TestClass]
+    public class ReflectionCredentialEnvelopeTests
+    {
+        [TestMethod]
+        public void VerifyCanIdentifyValidClass()
+        {
+            var testClass2 = new TestClass2();
+            _ = new ReflectionCredentialEnvelope(testClass2);
+        }
+
+        [TestMethod]
+        [ExpectedException(typeof(ArgumentException))]
+        public void VerifyCanIdentityInvalidClass()
+        {
+            var notTokenCredential2 = new NotTokenCredential2();
+            _ = new ReflectionCredentialEnvelope(notTokenCredential2);
+        }
+
+        [TestMethod]
+        [ExpectedException(typeof(ArgumentException))]
+        public void VerifyCannotSetInvalidType()
+        {
+            _ = new ReflectionCredentialEnvelope(Guid.Empty);
+        }
+
+        #region TestClasses
+        private class TestClass1 : Azure.Core.TokenCredential
+        {
+            public override AccessToken GetToken(TokenRequestContext requestContext, CancellationToken cancellationToken)
+            {
+                throw new NotImplementedException();
+            }
+
+            public override ValueTask<AccessToken> GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken)
+            {
+                throw new NotImplementedException();
+            }
+        }
+
+        private class TestClass2 : TestClass1 { }
+
+        private abstract class NotTokenCredential 
+        {
+            public abstract AccessToken GetToken(TokenRequestContext requestContext, CancellationToken cancellationToken);
+
+            public abstract ValueTask<AccessToken> GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken);
+        }
+
+        private class NotTokenCredential1 : NotTokenCredential
+        {
+            public override AccessToken GetToken(TokenRequestContext requestContext, CancellationToken cancellationToken)
+            {
+                throw new NotImplementedException();
+            }
+
+            public override ValueTask<AccessToken> GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken)
+            {
+                throw new NotImplementedException();
+            }
+        }
+
+        private class NotTokenCredential2 : NotTokenCredential1 { }
+        #endregion
+    }
+}

BASE/src/Microsoft.ApplicationInsights/Extensibility/Implementation/Authentication/AuthConstants.cs

@@ -0,0 +1,20 @@
+namespace Microsoft.ApplicationInsights.Extensibility.Implementation.Authentication
+{
+    using System;
+    using System.Collections.Generic;
+    using System.Linq;
+    using System.Text;
+    using System.Threading.Tasks;
+
+    internal static class AuthConstants
+    {
+        /// <summary>
+        /// https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-acquire-cache-tokens#scopes-when-acquiring-tokens
+        /// 
+        /// Other APIs might require that no scheme or host is included in the scope value, and expect only the app ID (a GUID) and the scope name, for example: 11111111-1111-1111-1111-111111111111/api.read
+        /// </summary>
+        public const string Scope = "https://storage.azure.com/.default"; // example from Blob Storage. TODO: NEED OUR OWN SCOPE
+
+        public static string[] GetScopes() => new string[] { Scope };
+    }
+}

BASE/src/Microsoft.ApplicationInsights/Extensibility/Implementation/Authentication/ICredentialEnvelope.cs

@@ -0,0 +1,14 @@
+namespace Microsoft.ApplicationInsights.Extensibility.Implementation.Authentication
+{
+    using System.Threading;
+    using System.Threading.Tasks;
+
+    public interface ICredentialEnvelope
+    {
+        object Credential { get; }
+
+        string GetToken(CancellationToken cancellationToken);
+
+        Task<string> GetTokenAsync(CancellationToken cancellationToken);
+    }
+}

BASE/src/Microsoft.ApplicationInsights/Extensibility/Implementation/Authentication/ReflectionCredentialEnvelope.cs

@@ -0,0 +1,84 @@
+namespace Microsoft.ApplicationInsights.Extensibility.Implementation.Authentication
+{
+    using System;
+    using System.Reflection;
+    using System.Threading;
+    using System.Threading.Tasks;
+
+    /// <summary>
+    /// 
+    /// </summary>
+    /// <remarks>
+    /// Our SDK currently targets net452, net46, and netstandard2.0.
+    /// Azure.Core.TokenCredential is only available for netstandard2.0.
+    /// I'm introducing this class as a wrapper so we can receive an instance of this class and pass it around within our SDK.
+    /// </remarks>
+    internal class ReflectionCredentialEnvelope : ICredentialEnvelope
+    {
+        private readonly object tokenRequestContext;
+        private readonly MethodInfo getTokenAsyncMethod;
+        private readonly MethodInfo getTokenMethod;
+        //private readonly Type accessTokenType;
+
+        /// <summary>
+        /// 
+        /// </summary>
+        /// <remarks>
+        /// Must use reflection to verify that this object is an instance of Azure.Core.TokenCredential.
+        /// </remarks>
+        /// <param name="tokenCredential"></param>
+        public ReflectionCredentialEnvelope(object tokenCredential)
+        {
+            if (this.IsTokenCredential(tokenCredential.GetType()))
+            {
+                this.Credential = tokenCredential;
+
+                // (https://docs.microsoft.com/en-us/dotnet/api/azure.core.tokenrequestcontext.-ctor?view=azure-dotnet).
+                // Invoking this constructor: Azure.Core.TokenRequestContext(String[], String, String).
+                var tokenRequestContextType = Type.GetType("Azure.Core.TokenRequestContext, Azure.Core");
+                var paramArray = new object[] { AuthConstants.GetScopes(), null, null };
+                this.tokenRequestContext = Activator.CreateInstance(tokenRequestContextType, args: paramArray);
+
+                // (https://docs.microsoft.com/en-us/dotnet/api/azure.core.tokencredential.gettokenasync?view=azure-dotnet).
+                // Getting a handle for this method: Azure.Core.TokenCredential.GetTokenAsync().
+                this.getTokenAsyncMethod = this.Credential.GetType().GetMethod("GetTokenAsync");
+                this.getTokenMethod = this.Credential.GetType().GetMethod("GetToken");
+
+                // this.accessTokenType = Type.GetType("Azure.Core.AccessToken, Azure.Core");
+            }
+            else
+            {
+                throw new ArgumentException($"The provided {nameof(tokenCredential)} must inherit Azure.Core.TokenCredential", nameof(tokenCredential));
+            }
+        }
+
+        public object Credential { get; private set; }
+
+        public string GetToken(CancellationToken cancellationToken = default(CancellationToken))
+        {
+            var accessToken = this.getTokenMethod.Invoke(this.Credential, new object[] { this.tokenRequestContext, cancellationToken });
+            var tokenProperty = accessToken.GetType().GetProperty("Token");
+            return (string)tokenProperty.GetValue(accessToken);
+        }
+
+        public async Task<string> GetTokenAsync(CancellationToken cancellationToken = default(CancellationToken))
+        {
+            return await Task.Run(() => this.GetToken(cancellationToken));
+
+            // TODO: THIS DOESN'T WORK. CAN CIRCLE BACK AND INVESTIGATE THIS LATER.
+            // 'Unable to cast object of type 'System.Threading.Tasks.ValueTask`1[Azure.Core.AccessToken]' to type 'System.Threading.Tasks.Task'.'
+            // (https://stackoverflow.com/questions/39674988/how-to-call-a-generic-async-method-using-reflection/39679855).
+            //var task = (Task)this.getTokenAsyncMethod.Invoke(this.Credential, new object[] { this.tokenRequestContext, cancellationToken });
+            //await task.ConfigureAwait(false);
+            //var resultProperty = task.GetType().GetProperty("Result");
+            //var accessToken = resultProperty.GetValue(task);
+            //var tokenProperty = accessToken.GetType().GetProperty("Token");
+            //return (string)tokenProperty.GetValue(accessToken);
+        }
+
+        /// <summary>
+        /// Checks if the input inherits <see cref="Azure.Core.TokenCredential"/>
+        /// </summary>
+        private bool IsTokenCredential(Type inputType) => inputType.IsSubclassOf(Type.GetType("Azure.Core.TokenCredential, Azure.Core"));
+    }
+}