Enable certificate authentication in Az

src/Authentication.Test/Cmdlets/ConnectAccount.cs

@@ -58,6 +58,12 @@ public class ConnectAccount : AzureRMCmdlet
         [Parameter(Mandatory = false)]
         public string Password { get; set; }
 
+        [Parameter(Mandatory = false)]
+        public string ApplicationId { get; set; }
+
+        [Parameter(Mandatory = false)]
+        public string CertificateThumbprint { get; set; }
+
         protected override void BeginProcessing()
         {
             _profile = new AzureRmAutosaveProfile(
@@ -89,6 +95,16 @@ public override void ExecuteCmdlet()
                 password = _credential.Password;
             }
 
+            if (!string.IsNullOrEmpty(ApplicationId))
+            {
+                Account.Id = ApplicationId;
+            }
+
+            if (!string.IsNullOrEmpty(CertificateThumbprint))
+            {
+                Account.SetThumbprint(CertificateThumbprint);
+            }
+
             if (!string.IsNullOrEmpty(TenantId))
             {
                 Account.SetProperty(AzureAccount.Property.Tenants, new[] { TenantId });

src/Authentication.Test/LoginTests.cs

@@ -47,6 +47,8 @@ public class LoginTests
         private string _subscriptionName = null;
         private string _userName = null;
         private string _password = null;
+        private string _applicationId = null;
+        private string _certificateThumbprint = null;
 
         public LoginTests()
         {
@@ -65,6 +67,8 @@ public LoginTests()
             _cmdlet.SubscriptionName = _subscriptionName;
             _cmdlet.UserName = _userName;
             _cmdlet.Password = _password;
+            _cmdlet.ApplicationId = _applicationId;
+            _cmdlet.CertificateThumbprint = _certificateThumbprint;
             _cmdlet.CommandRuntime = new MockCommandRuntime();
         }
 
@@ -96,6 +100,18 @@ public void LoginWithServicePrincipal()
             Login();
         }
 
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.LiveOnly)]
+        public void LoginWithCertificate()
+        {
+            // REQUIRED:
+            // _tenantId --> Id of the tenant that the service principal is registered to
+            // _applicationId --> Application id of the service principal
+            // _certificateThumbprint --> Thumbprint of the certificate used to authenticate the service principal
+            _account = new AzureAccount() { Type = AzureAccount.AccountType.ServicePrincipal };
+            Login();
+        }
+
         private void EnableAutosave(IAzureSession session, bool writeAutoSaveFile, out ContextAutosaveSettings result)
         {
             var store = session.DataStore;

src/Authentication/Authentication/AdalTokenProvider.cs

@@ -126,6 +126,21 @@ public IAccessToken GetAccessToken(
                     throw new ArgumentException(Resources.UnsupportedCredentialType, "credentialType");
             }
         }
+
+        public IAccessToken GetAccessTokenWithCertificate(
+            AdalConfiguration config,
+            string clientId,
+            string certificate,
+            string credentialType)
+        {
+            switch (credentialType)
+            {
+                case AzureAccount.AccountType.ServicePrincipal:
+                    return servicePrincipalTokenProvider.GetAccessTokenWithCertificate(config, clientId, certificate, credentialType);
+                default:
+                    throw new ArgumentException(string.Format(Resources.UnsupportedCredentialType, credentialType), "credentialType");
+            }
+        }
 #endif
 
     }

src/Authentication/Authentication/ITokenProvider.cs

@@ -42,8 +42,7 @@ IAccessToken GetAccessToken(
             string userId,
             SecureString password,
             string credentialType);
-
-#if !NETSTANDARD
+
         /// <summary>
         /// Get a new authentication token for the given environment
         /// </summary>
@@ -57,6 +56,5 @@ IAccessToken GetAccessTokenWithCertificate(
             string principalId,
             string certificateThumbprint,
             string credentialType);
-#endif	
     }
 }

src/Authentication/Authentication/UserTokenProvider.Netcore.cs

@@ -106,13 +106,13 @@ private void Renew(AdalAccessToken token)
 
         private AuthenticationContext CreateContext(AdalConfiguration config)
         {
-            return new AuthenticationContext(config.AdEndpoint + config.AdDomain, 
+            return new AuthenticationContext(config.AdEndpoint + config.AdDomain,
                 config.ValidateAuthority, config.TokenCache);
         }
 
         // We have to run this in a separate thread to guarantee that it's STA. This method
         // handles the threading details.
-        private AuthenticationResult AcquireToken(AdalConfiguration config, Action<string> promptAction, 
+        private AuthenticationResult AcquireToken(AdalConfiguration config, Action<string> promptAction,
             string userId, SecureString password, bool renew = false)
         {
             AuthenticationResult result = null;
@@ -237,6 +237,11 @@ private string GetExceptionMessage(Exception ex)
             return message;
         }
 
+        public IAccessToken GetAccessTokenWithCertificate(AdalConfiguration config, string principalId, string certificateThumbprint, string credentialType)
+        {
+            throw new NotImplementedException();
+        }
+
         /// <summary>
         /// Implementation of <see cref="IRenewableToken"/> using data from ADAL
         /// </summary>

src/Authentication/Factories/AuthenticationFactory.cs

@@ -136,11 +136,7 @@ public IAccessToken Authenticate(
             else if (account.IsPropertySet(AzureAccount.Property.CertificateThumbprint))
             {
                 var thumbprint = account.GetProperty(AzureAccount.Property.CertificateThumbprint);
-#if !NETSTANDARD
                 token = TokenProvider.GetAccessTokenWithCertificate(configuration, account.Id, thumbprint, account.Type);
-#else
-                throw new NotSupportedException("Certificate based authentication is not supported in netcore version.");
-#endif
             }
             else
             {