Microsoft.IdentityModel.Clients.ActiveDirectory not loading on Azure DevOps PowerShell Release Pipeline

1
votes

Recently I experienced some issue with Azure DevOps PowerShell when attempting to create a ClientCredential and or ClientAssertion. I have the following code which was working on the past for creating a ClientCredential based on the following variables:

  1. TenantId

  2. ClientID (SPN)

  3. Password (SPN Password)

    $ResourceUrl = "https://database.windows.net/"

    $AuthorityUrl = "https://login.microsoftonline.com/$($TenantId)"

    $objClientCredential = [Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential]::new($ClientId, $Password) $objAuthenticationContext = [Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext]::new($AuthorityUrl) $objAuthenticationResult = $objAuthenticationContext.AcquireTokenAsync($ResourceUrl, $objClientCredential)

but recently this code stop working. It seems that the AzureAD module is not loading correctly. This only happens on Azure DevOps Powershell, on my machine it works fine (I am using PowerShell 7.1) So far so now I attempted the following:

  1. Run the code as shown above **Breaks on: **$objClientCredential = [Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential]::new($ClientId, $Password) Error: Unable to find type [Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential]
  2. Install AzureAD before running the code Install-Module -Name AzureAD -Force Import-Module -Name AzureAD **Breaks on: **$objClientCredential = [Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential]::new($ClientId, $Password) Error: Unable to find type [Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential]
  3. Import the dll Microsoft.IdentityModel.Clients.ActiveDirectory.dll from my machine Add-Type -Path ".\libraries\Microsoft.IdentityModel.Clients.ActiveDirectory.dll Doesn't break, however ClientCredential is not created it is returned as null

Have anyone experienced a similar issue? Do you know how should I drive this?

1
azure-devopsazure-powershell

1 Answers

0
votes

If you run the scripts on local machine. You can check where the assembly is installed and manually import the .dll file. I tested on my local machine. It works fine when i just import the azureAd module:

Install-Module AzureAD -Force 
Import-Module -Name AzureAD

If you are run the script in azure pipeline. When you install AzureAD module using Install-Module -Name AzureAD -Force in azure powershell task . You can see from the build log that AzureAD module is installed in folder C:\Program Files\WindowsPowerShell\Modules\AzureAD\2.0.2.128:

enter image description here

And from the log, we can see assembly Microsoft.IdentityModel.Clients.ActiveDirectory.dll doesnot get loaded automatically.

So you can manually load it from module Azure AD installation folder: See below:

Install-Module AzureAD -Force 
Import-Module -Name AzureAD
Add-Type -Path "C:\Program Files\WindowsPowerShell\Modules\AzureAD\2.0.2.128\Microsoft.IdentityModel.Clients.ActiveDirectory.dll"
    
$TenantId= "..."

$ClientID ="..."

$Password = "..."
$ResourceUrl = "https://database.windows.net/"

$AuthorityUrl = "https://login.microsoftonline.com/$($TenantId)"
...
$objAuthenticationResult = $objAuthenticationContext.AcquireTokenAsync($ResourceUrl, $objClientCredential).Result

See below result.

enter image description here