[POC] AAD: Configuring ServerTelemetryChannel and QuickPulseServiceClient

BASE/src/Microsoft.ApplicationInsights/Channel/InMemoryChannel.cs

@@ -1,7 +1,6 @@
 namespace Microsoft.ApplicationInsights.Channel
 {
     using System;
-    using System.ComponentModel;
     using System.Diagnostics;
     using System.Threading;
     using System.Threading.Tasks;
@@ -15,7 +14,7 @@
     /// Represents a communication channel for sending telemetry to Application Insights via HTTPS. There will be a buffer that will not be persisted, to enforce the 
     /// queued telemetry items to be sent, <see cref="ITelemetryChannel.Flush"/> should be called.    
     /// </summary>
-    public class InMemoryChannel : ITelemetryChannel, IAsyncFlushable
+    public class InMemoryChannel : ITelemetryChannel, IAsyncFlushable, ISupportCredentialEnvelope
     {
         private readonly TelemetryBuffer buffer;
         private readonly InMemoryTransmitter transmitter;
@@ -96,6 +95,20 @@ public TimeSpan SendingInterval
             }
         }
 
+        /// <summary>
+        /// Gets or sets the <see cref="CredentialEnvelope"/> which is used for AAD.
+        /// FOR INTERNAL USE. Customers should use <see cref="TelemetryConfiguration.SetAzureTokenCredential"/> instead.
+        /// </summary>
+        /// <remarks>
+        /// <see cref="ISupportCredentialEnvelope.CredentialEnvelope"/> on <see cref="InMemoryChannel"/> sets <see cref="InMemoryTransmitter.CredentialEnvelope"/> 
+        /// which is used to set <see cref="Transmission.CredentialEnvelope"/> just before calling <see cref="Transmission.SendAsync"/>.
+        /// </remarks>
+        CredentialEnvelope ISupportCredentialEnvelope.CredentialEnvelope 
+        { 
+            get => this.transmitter.CredentialEnvelope;
+            set => this.transmitter.CredentialEnvelope = value;
+        }
+
         /// <summary>
         /// Gets or sets the HTTP address where the telemetry is sent.
         /// </summary>
@@ -126,20 +139,6 @@ public int BacklogSize
             set { this.buffer.BacklogSize = value; }
         }
 
-        /// <summary>
-        /// Gets or sets the <see cref="CredentialEnvelope"/> which is used for AAD.
-        /// FOR INTERNAL USE. Customers should use <see cref="TelemetryConfiguration.SetAzureTokenCredential"/> instead.
-        /// </summary>
-        /// <remarks>
-        /// <see cref="InMemoryChannel.CredentialEnvelope"/> sets <see cref="InMemoryTransmitter.CredentialEnvelope"/> 
-        /// which is used to set <see cref="Transmission.CredentialEnvelope"/> just before calling <see cref="Transmission.SendAsync"/>.
-        /// </remarks>
-        internal CredentialEnvelope CredentialEnvelope
-        {
-            get => this.transmitter.CredentialEnvelope;
-            set => this.transmitter.CredentialEnvelope = value;
-        }
-
         internal bool IsDisposed => this.isDisposed;
 
         /// <summary>

BASE/src/Microsoft.ApplicationInsights/Channel/InMemoryTransmitter.cs

@@ -69,7 +69,7 @@ internal TimeSpan SendingInterval
         /// Gets or sets the <see cref="CredentialEnvelope"/> which is used for AAD.
         /// </summary>
         /// <remarks>
-        /// <see cref="InMemoryChannel.CredentialEnvelope"/> sets <see cref="InMemoryTransmitter.CredentialEnvelope"/> 
+        /// <see cref="ISupportCredentialEnvelope.CredentialEnvelope"/> on <see cref="InMemoryChannel"/> sets <see cref="InMemoryTransmitter.CredentialEnvelope"/> 
         /// which is used to set <see cref="Transmission.CredentialEnvelope"/> just before calling <see cref="Transmission.SendAsync"/>.
         /// </remarks>
         internal CredentialEnvelope CredentialEnvelope { get; set; }

BASE/src/Microsoft.ApplicationInsights/Extensibility/Implementation/Authentication/ISupportCredentialEnvelope.cs

@@ -0,0 +1,13 @@
+namespace Microsoft.ApplicationInsights.Extensibility.Implementation.Authentication
+{
+    /// <summary>
+    /// This interface defines a class that accepts the <see cref="Authentication.CredentialEnvelope"/> as a property.
+    /// </summary>
+    internal interface ISupportCredentialEnvelope
+    {
+        /// <summary>
+        /// Gets or sets the <see cref="Authentication.CredentialEnvelope"/>.
+        /// </summary>
+        CredentialEnvelope CredentialEnvelope { get; set; }
+    }
+}

BASE/src/Microsoft.ApplicationInsights/Extensibility/TelemetryConfiguration.cs

@@ -339,7 +339,9 @@ public string ConnectionString
 
         /// <summary>
         /// Gets an envelope for Azure.Core.TokenCredential which provides an AAD Authenticated token.
+        /// FOR INTERNAL USE ONLY. To set the Credential use <see cref="SetAzureTokenCredential"/>.
         /// </summary>
+        [EditorBrowsable(EditorBrowsableState.Never)]
         public CredentialEnvelope CredentialEnvelope { get; private set; }
 
         /// <summary>
@@ -504,9 +506,9 @@ private static void SetTelemetryChannelEndpoint(ITelemetryChannel channel, strin
 
         private static void SetTelemetryChannelCredentialEnvelope(ITelemetryChannel telemetryChannel, CredentialEnvelope credentialEnvelope)
         {
-            if (telemetryChannel is InMemoryChannel inMemoryChannel)
+            if (telemetryChannel is ISupportCredentialEnvelope tc)
             {
-                inMemoryChannel.CredentialEnvelope = credentialEnvelope;
+                tc.CredentialEnvelope = credentialEnvelope;
             }
         }
 

BASE/src/ServerTelemetryChannel/Implementation/ResponseStatusCodes.cs

@@ -12,5 +12,7 @@ internal class ResponseStatusCodes
         public const int BadGateway = 502;
         public const int ServiceUnavailable = 503;
         public const int GatewayTimeout = 504;
+        public const int Unauthorized = 401; // AAD
+        public const int Forbidden = 403; // AAD
     }
 }

BASE/src/ServerTelemetryChannel/Implementation/TransmissionSender.cs

@@ -13,6 +13,7 @@
     using Microsoft.ApplicationInsights.Common.Extensions;
     using Microsoft.ApplicationInsights.Extensibility;
     using Microsoft.ApplicationInsights.Extensibility.Implementation;
+    using Microsoft.ApplicationInsights.Extensibility.Implementation.Authentication;
 
     internal class TransmissionSender
     {      
@@ -107,6 +108,15 @@ public virtual int ThrottleWindow
             }
         }
 
+        /// <summary>
+        /// Gets or sets the <see cref="CredentialEnvelope"/> which is used for AAD.
+        /// </summary>
+        /// <remarks>
+        /// <see cref="ISupportCredentialEnvelope.CredentialEnvelope"/> on <see cref="ServerTelemetryChannel"/> sets <see cref="Transmitter.CredentialEnvelope"/> and then sets <see cref="TransmissionSender.CredentialEnvelope"/> 
+        /// which is used to set <see cref="Transmission.CredentialEnvelope"/> just before calling <see cref="Transmission.SendAsync"/>.
+        /// </remarks>
+        internal CredentialEnvelope CredentialEnvelope { get; set; }
+
         public virtual bool Enqueue(Func<Transmission> transmissionGetter)
         {
             bool enqueueSucceded = false;
@@ -197,9 +207,11 @@ private async Task StartSending(Transmission transmission)
                 try
                 {
                     TelemetryChannelEventSource.Log.TransmissionSendStarted(acceptedTransmission.Id);
+                    acceptedTransmission.CredentialEnvelope = this.CredentialEnvelope;
+
                     transmissionTask = acceptedTransmission.SendAsync();
                     this.inFlightTransmissions.TryAdd(transmission.FlushAsyncId, transmissionTask);
-                    responseContent = await transmissionTask.ConfigureAwait(false); 
+                    responseContent = await transmissionTask.ConfigureAwait(false);
                 }
                 catch (Exception e)
                 {

BASE/src/ServerTelemetryChannel/Implementation/Transmitter.cs

@@ -8,6 +8,7 @@
     using System.Threading.Tasks;
     using Microsoft.ApplicationInsights.Channel;
     using Microsoft.ApplicationInsights.Channel.Implementation;
+    using Microsoft.ApplicationInsights.Extensibility.Implementation.Authentication;
 
     /// <summary>
     /// Implements throttled and persisted transmission of telemetry to Application Insights. 
@@ -59,7 +60,7 @@ internal Transmitter(
 
         public event EventHandler<TransmissionProcessedEventArgs> TransmissionSent;
 
-        public string StorageFolder { get; set; }        
+        public string StorageFolder { get; set; }
 
         public int MaxBufferCapacity
         {
@@ -126,6 +127,19 @@ public BackoffLogicManager BackoffLogicManager
             get { return this.backoffLogicManager; }
         }
 
+        /// <summary>
+        /// Gets or sets the <see cref="CredentialEnvelope"/> which is used for AAD.
+        /// </summary>
+        /// <remarks>
+        /// <see cref="ISupportCredentialEnvelope.CredentialEnvelope"/> on <see cref="ServerTelemetryChannel"/> sets <see cref="Transmitter.CredentialEnvelope"/> and then sets <see cref="TransmissionSender.CredentialEnvelope"/> 
+        /// which is used to set <see cref="Transmission.CredentialEnvelope"/> just before calling <see cref="Transmission.SendAsync"/>.
+        /// </remarks>
+        internal CredentialEnvelope CredentialEnvelope
+        {
+            get => this.Sender.CredentialEnvelope;
+            set => this.Sender.CredentialEnvelope = value;
+        }
+
         /// <summary>
         /// Releases resources used by this <see cref="Transmitter"/> instance.
         /// </summary>

BASE/src/ServerTelemetryChannel/ServerTelemetryChannel.cs

@@ -9,13 +9,14 @@
     using Microsoft.ApplicationInsights.Channel;
     using Microsoft.ApplicationInsights.Common;
     using Microsoft.ApplicationInsights.Extensibility;
+    using Microsoft.ApplicationInsights.Extensibility.Implementation.Authentication;
     using Microsoft.ApplicationInsights.WindowsServer.TelemetryChannel.Implementation;
     using TelemetryBuffer = Microsoft.ApplicationInsights.WindowsServer.TelemetryChannel.Implementation.TelemetryBuffer;
 
     /// <summary>
     /// Represents a communication channel for sending telemetry to Application Insights via HTTP/S.
     /// </summary>
-    public sealed class ServerTelemetryChannel : ITelemetryChannel, IAsyncFlushable, ITelemetryModule
+    public sealed class ServerTelemetryChannel : ITelemetryChannel, IAsyncFlushable, ITelemetryModule, ISupportCredentialEnvelope
     {
         internal TelemetrySerializer TelemetrySerializer;
         internal TelemetryBuffer TelemetryBuffer;
@@ -243,6 +244,20 @@ public int LocalThrottleWindow
             set { this.Transmitter.ThrottleWindow = value; }
         }
 
+        /// <summary>
+        /// Gets or sets the <see cref="CredentialEnvelope"/> which is used for AAD.
+        /// DO NOT SET DIRECTLY. Use <see cref="TelemetryConfiguration.SetAzureTokenCredential"/> instead.
+        /// </summary>
+        /// <remarks>
+        /// <see cref="ISupportCredentialEnvelope.CredentialEnvelope"/> on <see cref="ServerTelemetryChannel"/> sets <see cref="Transmitter.CredentialEnvelope"/> and then sets <see cref="TransmissionSender.CredentialEnvelope"/> 
+        /// which is used to set <see cref="Transmission.CredentialEnvelope"/> just before calling <see cref="Transmission.SendAsync"/>.
+        /// </remarks>
+        CredentialEnvelope ISupportCredentialEnvelope.CredentialEnvelope
+        {
+            get => this.Transmitter.CredentialEnvelope;
+            set => this.Transmitter.CredentialEnvelope = value;
+        }
+
         /// <summary>
         /// Gets or sets first TelemetryProcessor in processor call chain.
         /// </summary>
@@ -357,6 +372,8 @@ public void Initialize(TelemetryConfiguration configuration)
                 throw new ArgumentNullException(nameof(configuration));
             }
 
+            ((ISupportCredentialEnvelope)this).CredentialEnvelope = configuration.CredentialEnvelope;
+
             this.Transmitter.Initialize();
 
             if (this.EndpointAddress == null)

examples/WebApp.AspNetCore/WebApp.AspNetCore.csproj

@@ -4,6 +4,10 @@
     <TargetFramework>net5.0</TargetFramework>
   </PropertyGroup>
 
+  <ItemGroup>
+    <PackageReference Include="Azure.Identity" Version="1.4.0-beta.1" />
+  </ItemGroup>
+
   <ItemGroup>
     <ProjectReference Include="..\..\NETCORE\src\Microsoft.ApplicationInsights.AspNetCore\Microsoft.ApplicationInsights.AspNetCore.csproj" />
   </ItemGroup>