minor doc updates

2021-08-22 13:22:45 -04:00 · 2021-08-22 13:22:45 -04:00 · d4397f656d
--- a/docs/configuration.md
+++ b/docs/configuration.md
@ -176,7 +176,7 @@ To use a default configuration file without having to specify on the command lin
    [convert]::ToBase64String([io.file]::ReadAllBytes("C:\path\to\certificate.pfx"))
    ```

- **AzureClientSecret** - required if AzureClientId is specified and not using AzureClientCertificate. string.
+- **AzureClientSecret** - required if AzureClientId is specified and not using AzureClientCertificate. string. Can also be used to pass certificate password.
 - **AzureKeyVault** - optional. can be used to store AzureClientCertificate if being used.
  - 'https://{{key vault name}}.vault.azure.net/'
 - **AzureResourceGroup** - required if using Log Analytics and creating a workspace. string. if populated, value is used for creation of Log Analytics workspace.
@ -227,6 +227,19 @@ user managed identity: 3080722d-0cf6-4552-8e45-c5ccbc3d091f
 }
 ```

+#### **app registration and client certificate and password**
+
+```json
+{
+  "AzureClientId": "f4289be6-a77a-4554-b5d7-13a5d0ef66c7",
+  "AzureClientCertificate": "MIIXDAIBAzCCFsgGCSqGSIb3D...",
+  "AzureClientSecret": "plaintextpassword",
+  "AzureKeyVault": null,
+  "AzureSubscriptionId": "3ddc104f-35a1-4e5a-8122-b18c15a486bf",
+  "AzureTenantId": "b4be3bd5-1e7f-4c0c-a9b4-97d1d1bb0290",
+}
+```
+
 #### **app registration and client secret**

 ```json
--- a/docs/contributing.md
+++ b/docs/contributing.md
@ -87,18 +87,18 @@ This client is used for creating resources in azure for testing collectsfdata.

 ```powershell
 .\scripts\azure-az-create-aad-application-spn.ps1 `
-  -aadDisplayName CollectSFDataDllTestclient `
-  -uri http://CollectSFDataDllTestclient `
+  -aadDisplayName collectSFDataDllTestClient `
+  -uri http://collectSFDataDllTestClient `
  -logontype cert `
  -password {{cert password}}

 ...
 application id: 59c41f0c-fb6c-43e7-a070-480e2af83838
 tenant id: 1a4b5850-4150-4da6-9d0e-4cfcc078292b
-application identifier Uri: http://CollectSFDataDllTestclient
+application identifier Uri: http://collectSFDataDllTestClient
 cert and key base64: MIIDHjCCAgagAwIBAgIQFgKT81w9vapAjxN...
 thumbprint: C124CE6208B0547CB576019104FDDF97B01A37A8
-pfx path: C:\Users\user\AppData\Local\Temp\CollectSFDataDllTestclient.pfx
+pfx path: C:\Users\user\AppData\Local\Temp\collectSFDataDllTestClient.pfx
 clientid / applicationid saved in $global:applicationId
 clientsecret / base64 thumb saved in $global:clientSecret

@ -110,7 +110,7 @@ collectSfDataDllTestProperties.json diff:
 {
 +  "testAzClientId": "59c41f0c-fb6c-43e7-a070-480e2af83838",
 +  "testAzClientCertificate": "MIIDHjCCAgagAwIBAgIQFgKT81w9vapAjxN...",
-+  "testAzClientName": "CollectSFDataDllTestclient",
+  "testAzClientName": "collectSFDataDllTestClient",
 }
 ```

@ -122,8 +122,8 @@ this client is used for testing azure client authentication in collectsfdata.

 ```powershell
 .\scripts\azure-az-create-aad-application-spn.ps1 `
-  -aadDisplayName collectsfdataapp `
-  -uri http://collectsfdataapp `
+  -aadDisplayName collectsfdataApp `
+  -uri http://collectsfdataApp `
  -logontype cert `
  -password {{cert password}}

@ -133,7 +133,7 @@ tenant id: 1a4b5850-4150-4da6-9d0e-4cfcc078292b
 application identifier Uri: http://collectsfdata
 cert and key base64: MIIDEjCCAfqgAwIBAgIQPnmXz4qmKIpHlu...
 thumbprint: 8C1AD1A0DBA04F78F7EE86FBDBC6E9CF06DB79E3
-pfx path: C:\Users\user\AppData\Local\Temp\collectsfdataapp.pfx
+pfx path: C:\Users\user\AppData\Local\Temp\collectsfdataApp.pfx
 clientid / applicationid saved in $global:applicationId
 clientsecret / base64 thumb saved in $global:clientSecret

@ -171,7 +171,7 @@ example using values from above:
  "testAzClientId": "59c41f0c-fb6c-43e7-a070-480e2af83838",
  "testAzClientCertificate": "MIIDHjCCAgagAwIBAgIQFgKT81w9vapAjxN...",
  "testAzStorageAccount": "CollectSFDataDllTests",
-  "testAzClientName": "CollectSFDataDllTestclient",
+  "testAzClientName": "collectSFDataDllTestClient",
  "testCertificateNoPasswordBase64": "",
  "testCertificateWithPasswordBase64": "",
  "testCertificatePassword": "",
@ -179,6 +179,7 @@ example using values from above:
  "testAdminPassword": null,
  "AzureClientId": "14b3dd02-66ec-46b4-b7aa-b65abc9bbb4d",
  "AzureClientCertificate": "MIIDEjCCAfqgAwIBAgIQPnmXz4qmKIpHlu...",
+  "AzureClientName": "collectsfdataDllTestApp",
  "AzureClientSecret": "{{private key}}",
  "AzureResourceGroup": "collectsfdataunittest",
  "AzureResourceGroupLocation": "eastus",
@ -196,7 +197,7 @@ clean example:
  "testAzClientId": "{{test client app registration}}",
  "testAzClientCertificate": "{{test client base64 certificate}}",
  "testAzStorageAccount": "{{test storage account name}}",
-  "testAzClientName": "collectsfdataapp",
+  "testAzClientName": "collectSFDataDllTestClient",
  "testCertificateNoPasswordBase64": "",
  "testCertificateWithPasswordBase64": "",
  "testCertificatePassword": "",
@ -204,6 +205,7 @@ clean example:
  "testAdminPassword": null,
  "AzureClientId": "{{collectsfdata app registration}}",
  "AzureClientCertificate": "{{collectsfdata client base64 certificate}}",
+  "AzureClientName": "collectsfdataDllTestApp",
  "AzureClientSecret": "{{private key}}",
  "AzureResourceGroup": "{{azure resource group name}}",
  "AzureResourceGroupLocation": "{{azure resource group location}}",
--- a/docs/dllConfiguration.md
+++ b/docs/dllConfiguration.md
@ -17,7 +17,7 @@ The 'Instance' class is a singleton that contains information and configuration
 If Collect() succeeds, 0 is returned, if fails return is > 0.
 After Collect() has been called, both Instance and ConfigurationOptions can be used to review results.

-## Supported Configurations
+## Supported .net Configurations

 The below configurations are currently supported.

@ -33,58 +33,6 @@ Use one of the provided commands [Microsoft.ServiceFabric.CollectSFData](https:/

 In Visual Studio, use 'NuGet Package Manager' to install package.  

-
-
-#### **Configuration of X509Certificate2 directly**
-
-example setting ConfigurationOptions.ClientCertificate with private key password using CertificateUtilities.  
-
-```c#
-private static int Main(string[] args)
-{
-    string unsafePassword = args[0];
-    string base64String = args[1];
-
-    Collector collector = new Collector(true);
-    ConfigurationOptions config = new ConfigurationOptions();
-    CertificateUtilities utils = new CertificateUtilities();
-    utils.SetSecurePassword(unsafePassword);
-    config.ClientCertificate = utils.GetClientCertificate(base64String);
-
-    if (!config.Validate())
-    {
-        collector.Close();
-        return 1;
-    }
-
-    int retval = collector.Collect(config);
-    return retval;
-}
-```
-
-example setting ConfigurationOptions.ClientCertificate with private key password using X509Certificate.  
-
-```c#
-private static int Main(string[] args)
-{
-    string unsafePassword = args[0];
-    string fileName = args[1];
-
-    Collector collector = new Collector(true);
-    ConfigurationOptions config = new ConfigurationOptions();
-    config.ClientCertificate = new X509Certificate2(fileName, unsafePassword);
-
-    if (!config.Validate())
-    {
-        collector.Close();
-        return 1;
-    }
-
-    int retval = collector.Collect(config);
-    return retval;
-}
-```
-
 ## Implementing Collector

 After CollectSFData nuget package has been added to project, use the following information to implement.  
@ -115,7 +63,7 @@ ConfigurationOptions config = new ConfigurationOptions();

 #### **Example to use ConfigurationOptions constructor passing command line arguments from Main(string[] args)**

-To use commandline arguments, pass as argument to ConfigurationOptions constructor. Command line arguments can only be parsed once. These options will be applied to the default configuration for any new instances on top of any settings specified in collectsfdata.options.json. 
+To use commandline arguments, pass as argument to ConfigurationOptions constructor. Command line arguments can only be parsed once. These options will be applied to the default configuration for any new instances on top of any settings specified in collectsfdata.options.json.  

 ```c#
 ConfigurationOptions config = new ConfigurationOptions(args);
@ -229,6 +177,80 @@ private static int Main(string[] args)
 }
 ```

+### **Authorization**
+
+Authorization to Azure storage accounts, Kusto, and Log Analytics uses [MSAL](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet) and supports the 'desktop app' code flows below: 
+
+- authorization (interactive)
+- client credentials (app registration)
+- device
+
+Authorization methods supported:
+- password
+- certificate
+- secret
+
+Default authorization is interactive and requires no additional configuration.  
+Token is cached and auto-renewed.  
+See [configuration](./configuration.md) for authorization configuration examples and [MSAL Authentication Flows](https://docs.microsoft.com/en-us/azure/active-directory/develop/authentication-flows-app-scenarios#scenarios-and-supported-authentication-flows) for additional information about authentication / authorization.
+
+#### **Token cache**
+
+Token is requested at start of execution during configuration validation and is auto renewed at half-life interval (typically 30 minutes).
+Authorization token is cached in %localappdata%\CollectSFData\CollectSFData.msalcache.bin3.
+Ensure permissions are correct (writable) if having authentication issues or continual prompts there may be scenarios where this file needs to be deleted.
+File and path will be autogenerated.
+
+#### **Configuration of X509Certificate2 directly**
+
+example setting ConfigurationOptions.ClientCertificate with private key password using CertificateUtilities.  
+
+```c#
+private static int Main(string[] args)
+{
+    string unsafePassword = args[0];
+    string base64String = args[1];
+
+    Collector collector = new Collector(true);
+    ConfigurationOptions config = new ConfigurationOptions();
+    CertificateUtilities utils = new CertificateUtilities();
+    utils.SetSecurePassword(unsafePassword);
+    config.ClientCertificate = utils.GetClientCertificate(base64String);
+
+    if (!config.Validate())
+    {
+        collector.Close();
+        return 1;
+    }
+
+    int retval = collector.Collect(config);
+    return retval;
+}
+```
+
+example setting ConfigurationOptions.ClientCertificate with private key password using X509Certificate.  
+
+```c#
+private static int Main(string[] args)
+{
+    string unsafePassword = args[0];
+    string fileName = args[1];
+
+    Collector collector = new Collector(true);
+    ConfigurationOptions config = new ConfigurationOptions();
+    config.ClientCertificate = new X509Certificate2(fileName, unsafePassword);
+
+    if (!config.Validate())
+    {
+        collector.Close();
+        return 1;
+    }
+
+    int retval = collector.Collect(config);
+    return retval;
+}
+```
+
 ## Instance Results

 After Collect() is called, all instance information is in Collector.Instance class.