Authentication with DataLake clients

Damir Dobric Posts

Next talks:



Follow me on Twitter: #ddobric




When working with DataLake client libraries You will notice strong dependency to the new assembly ‘Microsoft.IdentityModel.Clients.ActiveDirectory’.
This is a great ADL (Azure Data Lake) feature, which provides a security on top of AAD (Azure Active directory). However, Security is always costly in some way.
Because AuthenticationFactory.Authenticate requires full installment of identity foundation, Your project setup might be more complex then without security :).

In other words You might get following error:

Additional information: Could not load file or assembly 'Microsoft.IdentityModel.Clients.ActiveDirectory

This error is thrown when Identity Foundation is not installed on the machine, which execute AuthenticationFactory.Authenticate . This is not a big deal, as long you don’t have to run Your code in cloud.
Because Identity Foundation is a part of SDK, it must be previously installed on the box as a part of a platform and not as a part of your application. This can dramatically complicate things, when running in cloud.

To understand this, you have to be aware of fact that every application in cloud runs in some container. If you deploy your application on VM ((Virtual Machine) then you will most likely previously install Identity Foundation SDK or any other required SDK.
After that you will install your application. If you work with WorkerRoles, you will have to start SDK installer during deployment of application.

All Azure Data lake samples follow exactly this scenario, which is compatible working process with developing classic desktop applications.

But, what if you deploy your application as webapp or similar? In that case, you are running in a platform specific container and installing of SDK is theoretically no-go. I mean theoretically, because SDK typically requires admin permission etc. All this not allowed in such kind of containers. But there are some SDKs, which are lightweight and might be installable on application startup.

For this reason SDK vendors must change strategy and provide installation of SDK in context of application and not in context of machine. Identity Foundation was originally designed for machine. But for cloud applications, Microsoft provides Windows Identity Foundation as NUGET package called ‘Microsoft.IdentityModel’



At the end, in ADL specific case you will have to add a reference Microsoft.IdentityModel.Clients.ActiveDirectory to directly from application.

<?xml version="1.0" encoding="utf-8"?>

  <package id="Microsoft.IdentityModel.Clients.ActiveDirectory"
   version="2.19.208020213" targetFramework="net452" />

However, if you are running in containers like Test-Container (UnitTests in VS), you will also need to add a reference to


<?xml version="1.0" encoding="utf-8"?>

  <package id="Microsoft.IdentityModel.Clients.ActiveDirectory"
version="2.19.208020213" targetFramework="net452" />

  <package id="Microsoft.Rest.ClientRuntime" version="1.9.0" targetFramework="net452" />
  <package id="Microsoft.Rest.ClientRuntime.Azure" version="2.6.0" targetFramework="net452" />
  <package id="Newtonsoft.Json" version="6.0.8" targetFramework="net452" />


And, finally this is the peace of code, which will typically fail if references are not correctly tweaked. This code uses new preview authentication assembly
Microsoft.Azure.Common.Authentication" version="1.5.0-preview"

private static SubscriptionCloudCredentials getAccessToken(string username = null
SecureString password = null)

            var authFactory = new AuthenticationFactory();


            var account = new AzureAccount { Type = AzureAccount.AccountType.User };


            if (username != null && password != null)
                account.Id = username;


            var env = AzureEnvironment.PublicEnvironments[EnvironmentName.AzureCloud];

            var accTkn = authFactory.Authenticate(account, env,
AuthenticationFactory.CommonAdTenant, password, ShowDialog.Auto).AccessToken;

            return new TokenCloudCredentials(accTkn);

Posted Dec 23 2015, 10:48 AM by Damir Dobric is a .Net Community Blog powered by daenet GmbH.