diff --git a/edge-hub/src/Microsoft.Azure.Devices.Edge.Hub.Amqp/EdgeSaslPlainAuthenticator.cs b/edge-hub/src/Microsoft.Azure.Devices.Edge.Hub.Amqp/EdgeSaslPlainAuthenticator.cs index d94a31c6bbd..6d640a0dc43 100644 --- a/edge-hub/src/Microsoft.Azure.Devices.Edge.Hub.Amqp/EdgeSaslPlainAuthenticator.cs +++ b/edge-hub/src/Microsoft.Azure.Devices.Edge.Hub.Amqp/EdgeSaslPlainAuthenticator.cs @@ -38,9 +38,13 @@ public async Task AuthenticateAsync(string identity, string password throw new EdgeHubConnectionException("Identity does not contain device ID."); } - if (!this.iotHubHostName.Equals(iotHubName)) + // iotHubName can be a segment of the full iotHubHostName. + // For example, if iotHubHostName = testhub1.azure-devices.net, + // then iotHubName = testhub1 is valid. + if (!this.iotHubHostName.StartsWith(iotHubName, StringComparison.OrdinalIgnoreCase) || + this.iotHubHostName[iotHubName.Length] != '.') { - throw new EdgeHubConnectionException($"Identity contains an invalid IotHubHostName {iotHubName}, expected value {this.iotHubHostName}."); + throw new EdgeHubConnectionException($"Identity contains an invalid IotHubHostName {iotHubName}."); } // TODO: Figure out where the device client type parameter value should come from. diff --git a/edge-hub/test/Microsoft.Azure.Devices.Edge.Hub.Amqp.Test/EdgeSaslPlainAuthenticatorTest.cs b/edge-hub/test/Microsoft.Azure.Devices.Edge.Hub.Amqp.Test/EdgeSaslPlainAuthenticatorTest.cs index 93d2d1d88f5..0a88463f6bd 100644 --- a/edge-hub/test/Microsoft.Azure.Devices.Edge.Hub.Amqp.Test/EdgeSaslPlainAuthenticatorTest.cs +++ b/edge-hub/test/Microsoft.Azure.Devices.Edge.Hub.Amqp.Test/EdgeSaslPlainAuthenticatorTest.cs @@ -85,11 +85,11 @@ public async void TestAuthFailed() [Fact] [Unit] - public async void TestAuthSucceeds() + public async void TestAuthSucceeds_Module() { var authenticator = Mock.Of(); var clientCredentialsFactory = Mock.Of(); - var saslAuthenticator = new EdgeSaslPlainAuthenticator(authenticator, clientCredentialsFactory, "hub1"); + var saslAuthenticator = new EdgeSaslPlainAuthenticator(authenticator, clientCredentialsFactory, "hub1.azure-devices.net"); var identity = new ModuleIdentity("hub1", "dev1", "mod1"); var clientCredentials = Mock.Of(c => c.Identity == identity); const string UserId = "dev1/modules/mod1@sas.hub1"; @@ -109,5 +109,32 @@ public async void TestAuthSucceeds() bool isAuthenticated = await amqpAuthenticator.AuthenticateAsync("dev1/mod1"); Assert.True(isAuthenticated); } + + [Fact] + [Unit] + public async void TestAuthSucceeds_Device() + { + var authenticator = Mock.Of(); + var clientCredentialsFactory = Mock.Of(); + var saslAuthenticator = new EdgeSaslPlainAuthenticator(authenticator, clientCredentialsFactory, "hub1.azure-devices.net"); + var identity = new DeviceIdentity("hub1", "dev1"); + var clientCredentials = Mock.Of(c => c.Identity == identity); + const string UserId = "dev1@sas.hub1"; + const string Password = "pwd"; + + Mock.Get(clientCredentialsFactory).Setup(f => f.GetWithSasToken("dev1", string.Empty, string.Empty, Password, false)) + .Returns(clientCredentials); + Mock.Get(authenticator).Setup(a => a.AuthenticateAsync(clientCredentials)) + .ReturnsAsync(true); + + IPrincipal principal = await saslAuthenticator.AuthenticateAsync(UserId, Password); + Assert.NotNull(principal); + + var amqpAuthenticator = principal as IAmqpAuthenticator; + Assert.NotNull(amqpAuthenticator); + + bool isAuthenticated = await amqpAuthenticator.AuthenticateAsync("dev1"); + Assert.True(isAuthenticated); + } } }