How to access all tenants and subscriptions with a single login in Azure Management SDK

问题

I'm trying to use https://github.com/Azure/azure-libraries-for-net for authentication to Azure from a command-line application. My goal is to list all storage accounts in all tenants and all subscriptions using fluent libraries with no success.

FromDevice method is actually working well, if I use common as tenant ID:

AzureCredentials credentials = SdkContext.AzureCredentialsFactory.FromDevice(
    AzureCliClientId,
    "common",
    AzureEnvironment.AzureGlobalCloud,
    code =>
    {
        Console.WriteLine(code.Message);
        return true;
    });

IAuthenticated authenticatedAzure = Azure.Authenticate(azureNativeCreds);

however any call to auth.Subscriptions.ListAsync returns empty list of subscriptions for any account that has access to more than one tenant or more than one subscription.

I can list the tenants user belongs to with auth.Tenants.ListAsync() and that returns valid list of tenants, however I can't find a way to now use a particular tenant and subscription to make a subsequent call.

One way to achieve what I want is to create another instance of IAzure but that pops up authentication dialog again, i.e.:

foreach(var tenant in await authenticatedAzure.Tenants.ListAsync())
{
    //create creds for tenant?
    //throws authentication dialog for every tenant

    var tenantCredentials = SdkContext.AzureCredentialsFactory.FromDevice(
        AzureCliClientId,
        tenant.TenantId,
        AzureEnvironment.AzureGlobalCloud,
        code =>
        {
            Console.WriteLine(code.Message);
            return true;
        });

  IAzure tenantAzure = await Azure.Authenticate(tcreds).WithDefaultSubscriptionAsync();

  var storageAccounts = await tenantAzure.StorageAccounts.ListAsync();
}

so the user gets constantly annoyed with popups. Another issue that FromDevice won't remember that the user has already logged in previously, regardless whether I save token cache to disk or not (TokenCache.DefaultShared.BeforeWrite etc).

回答1:

According to my test, the method Subscriptions.ListAsync just can return the subscriptions in the user's default tenant. For example, if you use the account xxx@xxx.onmicrosoft.com to login, it will just return to the subscriptions in the tenant xxx.onmicrosoft.com. For more details, please refer to the document.

The details are as below. 1. Register the Azure AD public client application 2. Configure permissions for the Azure AD applications you use.

3. Code

var cred= SdkContext.AzureCredentialsFactory.FromDevice("731373ea-9249-45aa-a7da-79c083a9d8b0", "common",AzureEnvironment.AzureGlobalCloud, code =>
            {
                Console.WriteLine(code.Message);
                return true;
            });

            var azure = Azure.Authenticate(cred);
            var subs = azure.Subscriptions.List();
            foreach (var sub in subs) {

                Console.WriteLine(sub.DisplayName);
            }

---

Update

来源：https://stackoverflow.com/questions/58607479/how-to-access-all-tenants-and-subscriptions-with-a-single-login-in-azure-managem