Comments (19)
Looks like this isn't going to work with ADAL 2.x. Proxy support, was introduced fairly recently (ADAL 3.x).
I remember attempting to port this over to ADAL 3.x last year but gave up due to the way refresh tokens are currently being used. It's probably a good idea to look at that again, it's also relatively straight forward to go to .NET Core after that hurdle.
See if this works:
armclient azlogin
You'll need the az cli installed. That one uses Python ADAL, so it should work by reading HTTPS_PROXY
. You still need your current proxy setup in place since the rest of ARMClient uses it.
Example:
set HTTPS_PROXY=http://10.9.8.7:8080
armclient azlogin
from armclient.
Hmm, it should obey whatever gets specified in ARMClient.exe.config
since it's a .NET console app.
Can you try the <defaultProxy>
trick? - https://docs.microsoft.com/en-us/dotnet/framework/configure-apps/file-schema/network/defaultproxy-element-network-settings
from armclient.
Hi @snobu I tried that out this morning but had no luck.
I placed the ARMClient.exe.config
file in the directory C:\ProgramData\chocolatey\lib\ARMClient\tools\
but that didn't work.
Here is the configuration I used
<configuration>
<system.net>
<defaultProxy enabled="true">
<proxy proxyaddress="http://proxyaddress:3128"/>
</defaultProxy>
</system.net>
</configuration>
I tried other variations of the config file as well.
At last I downloaded armclient directly and saved the file in the armclient folder in my download directory.
C:\Users\USERNAME\Downloads\ARMCLient\ARMClient.exe.config
I then used Process Monitor to check if armclient.exe uses the file. And for all I can tell it at least tries to use the data provided.
Do you have any idea what could be wrong? Is there any setting for debug logging?
from armclient.
@davidebbo @ahmelsayed Any code changes lately that could result in proxy bypass?
@f-bader If you run ARMClient with the verbose flag, what's the output, connection timeout or something else?
from armclient.
@snobu I try to login interactively with armclient login
. So no verbose flag there. The UI is just plain white and I can see that the connection attempt (netstat -an | findstr SYN
) is directly and not using the proxy.
If I use armclient spn [tenantid] [appid] [appkey]
everything works as expected.
Seems the proxy settings are only not working for the generated login UI.
from armclient.
Hmm that might call into the other binary the AADClient one, not sure. Try to add a .config for that one as well.
from armclient.
I check with Process Monitor and found that the following ".config" files are checked
C:\Users\USERNAME\Downloads\ARMCLient\ARMClient.exe.config
C:\Users\USERNAME\Downloads\ARMCLient\ARMClient.exe.mda.config
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
I also added the proxy configuration to the machine.config, this should work for any .NET Application on the client. But sadly it still won't work.
I also created .exe.config file for every executable in the directory, also without success.
The .mda.config file should not do anything regarding proxy settings, as far as I understood "Managed Debugging Assistants".
from armclient.
You can see the code here, and the whole UI logic is inside Microsoft.IdentityModel.Clients.ActiveDirectory. You should be able to repro the same outside of ARMClient by making a similar call.
It may be that the library just doesn't support proxies. See this question which hints at that.
from armclient.
Checkout my snobu-proxy
branch and build it or just download [this test build] for a quick run.
Usage:
set ARMCLIENT_PROXY=10.9.8.7:8080
armclient.exe login
I'll send a PR if @davidebbo greenlights this approach.
from armclient.
Scratch that. ADAL.NET still bypasses the proxy for the UI requests. Looking into it.
from armclient.
Correction, looks like the env var is called HTTPS_PROXY, now fixed in my previous post.
from armclient.
armclient azlogin
worked even without the environment variable set on my Windows machine.
Most likely because it is using the default browser.
But the currently released version 1.2.0.0 (zip and chocolatey) has no support for this option. I used the snobu-proxy
branch build you had uploaded.
from armclient.
The master branch has armclient azlogin
so it must be an older binary up on choco.
@davidebbo Can you push a release to choco at current HEAD?
from armclient.
Ok, just pushed a 1.3, but it can take time for Choco approval. I also uploaded it to https://github.com/projectkudu/ARMClient/releases/tag/v1.3. Can you verify that?
from armclient.
Hi @davidebbo there is still no option for azlogin
. I receive the error message Parameter 'azlogin' is invalid!
. I checked the source code that you published and there is the option for azlogin
in the Program.cs
.
from armclient.
Not sure what's going on there, maybe your environment is mixing up assemblies, try to remove all older copies from your choco bin directory and start over. Release 1.3.0 does have azlogin
in -
from armclient.
Sorry my bad. I started the AADClient.exe
instead of ARMClient.exe
from armclient.
All good, ok with closing this one now?
from armclient.
Yes, thank you all very much.
from armclient.
Related Issues (20)
- Getting an error during installing Arm client HOT 1
- Issue getting token in Government Environment - Fairfax HOT 1
- Unhandled case: renewal fails because the token is too old
- ADAL v3 HOT 2
- Parameters in Resources#List does not work HOT 2
- Add maintainers to the Chocolatey package HOT 4
- Environment names
- Armclient Dogfood login and request is not working HOT 10
- Azure login fail with azlogin HOT 1
- Setting audience while retrieving token
- Feature idea: option to wait for provisioningState Succeeded
- misposted, please ignore
- What is the latest version? HOT 6
- Unable to login in dogfood environment HOT 1
- 403 Forbidden HOT 1
- How to replicate the armclient token generation in REST?
- Where is ArmClientGui Src?
- Support for device code login in ARM client
- Migrate from ADAL to MSAL or Azure.Identity
- How do you set the `ARMCLIENT_TENANT` environment variable correctly? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from armclient.