Merge pull request #3255 from cormacpayne/improve-error-message

Improve error message when using MSA with -Credential parameter

Author: markcowl

src/Common/Commands.Common.Authentication/Authentication/UserTokenProvider.cs

@@ -189,7 +189,8 @@ private AuthenticationResult SafeAquireToken(
 
                     ex = new AadAuthenticationFailedWithoutPopupException(message, adalEx);
                 }
-                else if (adalEx.ErrorCode == AdalError.MissingFederationMetadataUrl)
+                else if (adalEx.ErrorCode == AdalError.MissingFederationMetadataUrl ||
+                         adalEx.ErrorCode == AdalError.FederatedServiceReturnedError)
                 {
                     ex = new AadAuthenticationFailedException(Resources.CredentialOrganizationIdMessage, adalEx);
                 }

src/ResourceManager/Profile/Commands.Profile.Test/LoginCmdletTests.cs

@@ -26,6 +26,8 @@
 using System.Collections.Generic;
 using System.Net.Http.Headers;
 using System.Diagnostics;
+using System;
+using System.Security;
 
 namespace Microsoft.Azure.Commands.Profile.Test
 {
@@ -292,6 +294,43 @@ public void LoginWithEnvironementName()
             Assert.Equal("AzureUSGovernment", AzureRmProfileProvider.Instance.Profile.Context.Environment.Name);
         }
 
+        [Fact]
+        [Trait(Category.RunType, Category.LiveOnly)]
+        public void LoginWithCredentialParameterAndMSA()
+        {
+            var cmdlt = new AddAzureRMAccountCommand();
+            // Setup
+            cmdlt.CommandRuntime = commandRuntimeMock;
+
+            // Example of environment variable: TEST_AZURE_CREDENTIALS=<subscription-id-value>;<[email protected]>;<email-password>"
+            string credsEnvironmentVariable = Environment.GetEnvironmentVariable("TEST_AZURE_CREDENTIALS");
+            string[] creds = credsEnvironmentVariable.Split(';');
+
+            string userName = creds[1];
+            string password = creds[2];
+
+            var securePassword = new SecureString();
+            Array.ForEach(password.ToCharArray(), securePassword.AppendChar);
+
+            cmdlt.Credential = new PSCredential(userName, securePassword);
+
+            // Act
+            try
+            {
+                cmdlt.InvokeBeginProcessing();
+                cmdlt.ExecuteCmdlet();
+                cmdlt.InvokeEndProcessing();
+            }
+            catch (AadAuthenticationFailedException ex)
+            {
+                Assert.NotNull(ex);
+                Assert.Equal("-Credential parameter can only be used with Organization ID credentials. " +
+                             "For more information, please refer to http://go.microsoft.com/fwlink/?linkid=331007&clcid=0x409 " +
+                             "for more information about the difference between an organizational account and a Microsoft account.",
+                             ex.Message);
+            }            
+        }
+
         [Fact]
         [Trait(Category.AcceptanceType, Category.CheckIn)]
         public void ThrowOnUnknownEnvironment()