Fix that RemoveUser doesn't work when create Public Client with broker

Lei jin · Lei jin · commit b517d9f60812 · 2025-04-25T17:43:54.000+08:00
diff --git a/src/Accounts/Accounts/Account/DisconnectAzureRmAccount.cs b/src/Accounts/Accounts/Account/DisconnectAzureRmAccount.cs
@@ -124,21 +124,20 @@ public override void ExecuteCmdlet()
 
                 if (ShouldProcess(string.Format("Log out principal '{0}'", azureAccount.Id), "log out"))
                 {
-                    if (GetContextModificationScope() == ContextModificationScope.CurrentUser)
-                    {
-                        AzureSession.Instance.AuthenticationFactory.RemoveUser(azureAccount, null);
-                    }
-
                     if (AzureRmProfileProvider.Instance.Profile != null)
                     {
                         ModifyContext((localProfile, profileClient) =>
-                       {
-                           var matchingContexts = localProfile.Contexts?.Values?.Where((c) => c != null && c.Account != null && string.Equals(c.Account.Id, azureAccount.Id, StringComparison.CurrentCultureIgnoreCase));
-                           foreach (var context in matchingContexts)
-                           {
-                               profileClient.TryRemoveContext(context);
-                           }
-                       });
+                        {
+                            var matchingContexts = localProfile.Contexts?.Values?.Where((c) => c != null && c.Account != null && string.Equals(c.Account.Id, azureAccount.Id, StringComparison.CurrentCultureIgnoreCase));
+                            foreach (var context in matchingContexts)
+                            {
+                                if (GetContextModificationScope() == ContextModificationScope.CurrentUser)
+                                {
+                                    AzureSession.Instance.AuthenticationFactory.RemoveUser(azureAccount, context.Environment.ActiveDirectoryAuthority);
+                                }
+                                profileClient.TryRemoveContext(context);
+                            }
+                        });
                     }
 
                     WriteObject(new PSAzureRmAccount(azureAccount));
diff --git a/src/Accounts/Accounts/Context/ClearAzureRmContext.cs b/src/Accounts/Accounts/Context/ClearAzureRmContext.cs
@@ -65,29 +65,29 @@ void ClearContext(AzureRmProfile profile, RMProfileClient client)
             bool result = false;
             if (profile != null)
             {
+                PowerShellTokenCacheProvider tokenCacheProvider = null;
+                if (!AzureSession.Instance.TryGetComponent(PowerShellTokenCacheProvider.PowerShellTokenCacheProviderKey, out tokenCacheProvider))
+                {
+                    WriteWarning(Resources.ClientFactoryNotRegisteredClear);
+                }
+
                 var contexts = profile.Contexts.Values;
                 foreach (var context in contexts)
                 {
+                    tokenCacheProvider?.ClearCache(context.Environment.ActiveDirectoryAuthority);
                     client.TryRemoveContext(context);
                 }
 
-                PowerShellTokenCacheProvider tokenCacheProvider;
-                if (!AzureSession.Instance.TryGetComponent(PowerShellTokenCacheProvider.PowerShellTokenCacheProviderKey, out tokenCacheProvider))
+                if (tokenCacheProvider != null)
                 {
-                    WriteWarning(Resources.ClientFactoryNotRegisteredClear);
-                }
-                else
-                {
-                    tokenCacheProvider.ClearCache();
-                    var defaultContext = new AzureContext();
-                    profile.TrySetDefaultContext(defaultContext);
+                    profile.TrySetDefaultContext(new AzureContext());
                     result = true;
                 }
+
                 if (AzureSession.Instance.TryGetComponent(AzKeyStore.Name, out AzKeyStore keyStore))
                 {
                     keyStore?.Clear();
                 }
-
             }
 
             AzureSession.Instance.RaiseContextClearedEvent();
diff --git a/src/Accounts/Accounts/Context/GetAzureRMContext.cs b/src/Accounts/Accounts/Context/GetAzureRMContext.cs
@@ -84,6 +84,7 @@ public override void ExecuteCmdlet()
                     var defaultProfile = DefaultProfile as AzureRmProfile;
                     if (defaultProfile != null && string.Equals(AzureSession.Instance?.ARMContextSaveMode, "CurrentUser"))
                     {
+                        AzureSession.Instance.SetProperty(AzureSession.Property.Environment, DefaultContext.Environment.Name);
                         defaultProfile.RefreshContextsFromCache(_cmdletContext);
                     }
                 }
diff --git a/src/Accounts/Accounts/Context/RemoveAzureRmContext.cs b/src/Accounts/Accounts/Context/RemoveAzureRmContext.cs
@@ -12,17 +12,16 @@
 // limitations under the License.
 // ----------------------------------------------------------------------------------
 
-using System;
-using System.Linq;
-using System.Management.Automation;
-
 using Microsoft.Azure.Commands.Common.Authentication;
 using Microsoft.Azure.Commands.Common.Authentication.Abstractions;
 using Microsoft.Azure.Commands.Common.Authentication.Models;
 using Microsoft.Azure.Commands.Profile.Common;
 using Microsoft.Azure.Commands.Profile.Models.Core;
 using Microsoft.Azure.Commands.Profile.Properties;
-using Microsoft.WindowsAzure.Commands.Utilities.Common;
+
+using System;
+using System.Linq;
+using System.Management.Automation;
 
 namespace Microsoft.Azure.Commands.Profile.Context
 {
@@ -91,7 +90,7 @@ public override void ExecuteCmdlet()
                                         }
                                         else
                                         {
-                                            if (!tokenCacheProvider.TryRemoveAccount(removedContext.Account.Id))
+                                            if (!tokenCacheProvider.TryRemoveAccount(removedContext.Account.Id, removedContext.Environment.ActiveDirectoryAuthority))
                                             {
                                                 WriteWarning(string.Format(Resources.NoContextsRemain, removedContext.Account.Id));
                                             }
diff --git a/src/Accounts/Authentication.ResourceManager/AzureRmProfile.cs b/src/Accounts/Authentication.ResourceManager/AzureRmProfile.cs
@@ -823,8 +823,9 @@ public void RefreshContextsFromCache(ICmdletContext cmdletContext)
             string authority = null;
             if (TryGetEnvironment(AzureSession.Instance.GetProperty(AzureSession.Property.Environment), out IAzureEnvironment sessionEnvironment))
             {
-                authority = $"{sessionEnvironment.ActiveDirectoryAuthority}organizations";
+                authority = $"{sessionEnvironment.ActiveDirectoryAuthority}/organizations";
             }
+            //fixme, if Connect-AzAccount not run, when to get authority
             var accounts = tokenCacheProvider.ListAccounts(authority);
             if (!accounts.Any())
             {
diff --git a/src/Accounts/Authentication/Authentication/TokenCache/InMemoryTokenCacheProvider.cs b/src/Accounts/Authentication/Authentication/TokenCache/InMemoryTokenCacheProvider.cs
@@ -14,6 +14,7 @@
 
 using Azure.Identity;
 
+using Microsoft.Azure.Commands.Common.Authentication.Abstractions;
 using Microsoft.Identity.Client;
 
 namespace Microsoft.Azure.Commands.Common.Authentication
@@ -46,7 +47,7 @@ public override void FlushTokenData()
             }
         }
 
-        public override void ClearCache()
+        public override void ClearCache(string authority)
         {
             InMemoryTokenCacheOptions = new InMemoryTokenCacheOptions();
         }
diff --git a/src/Accounts/Authentication/Authentication/TokenCache/PowerShellTokenCacheProvider.cs b/src/Accounts/Authentication/Authentication/TokenCache/PowerShellTokenCacheProvider.cs
@@ -12,10 +12,6 @@
 // limitations under the License.
 // ----------------------------------------------------------------------------------
 
-using System;
-using System.Collections.Generic;
-using System.Linq;
-
 using Azure.Identity;
 
 using Hyak.Common;
@@ -24,13 +20,15 @@
 using Microsoft.Azure.Commands.Common.Authentication.Abstractions.Extensions;
 using Microsoft.Azure.Commands.Common.Authentication.Abstractions.Interfaces;
 using Microsoft.Azure.Commands.Common.Authentication.Utilities;
-using Microsoft.Azure.Commands.Shared.Config;
 using Microsoft.Azure.Internal.Subscriptions;
 using Microsoft.Azure.Internal.Subscriptions.Models;
-using Microsoft.Azure.PowerShell.Common.Config;
 using Microsoft.Identity.Client;
 using Microsoft.Identity.Client.Broker;
 
+using System;
+using System.Collections.Generic;
+using System.Linq;
+
 namespace Microsoft.Azure.Commands.Common.Authentication
 {
     public abstract class PowerShellTokenCacheProvider
@@ -55,14 +53,14 @@ public virtual void FlushTokenData()
             _tokenCacheDataToFlush = null;
         }
 
-        public virtual void ClearCache()
+        public virtual void ClearCache(string authority = null)
         {
         }
 
-        public bool TryRemoveAccount(string accountId)
+        public bool TryRemoveAccount(string accountId, string authority = null)
         {
             TracingAdapter.Information(string.Format("[AuthenticationClientFactory] Calling GetAccountsAsync"));
-            var client = CreatePublicClient();
+            var client = CreatePublicClient(authority);
             var account = client.GetAccountsAsync()
                             .ConfigureAwait(false).GetAwaiter().GetResult()
                             .FirstOrDefault(a => string.Equals(a.Username, accountId, StringComparison.OrdinalIgnoreCase));
@@ -89,7 +87,7 @@ public IEnumerable<IAccount> ListAccounts(string authority = null)
         {
             TracingAdapter.Information(string.Format("[PowerShellTokenCacheProvider] Calling GetAccountsAsync on {0}", authority ?? "AzureCloud"));
 
-            return CreatePublicClient(authority: authority)
+            return CreatePublicClient(authority)
                     .GetAccountsAsync()
                     .ConfigureAwait(false).GetAwaiter().GetResult();
         }
@@ -195,18 +193,7 @@ public virtual IPublicClientApplication CreatePublicClient(string authority, str
         /// </summary>
         public virtual IPublicClientApplication CreatePublicClient(string authority = null)
         {
-            var builder = PublicClientApplicationBuilder.Create(Constants.PowerShellClientId);
-            if (AzConfigReader.IsWamEnabled(authority))
-            {
-                builder = builder.WithBroker(new BrokerOptions(BrokerOptions.OperatingSystems.Windows));
-            }
-            if (!string.IsNullOrEmpty(authority))
-            {
-                builder.WithAuthority(authority);
-            }
-            var client = builder.Build();
-            RegisterCache(client);
-            return client;
+            return CreatePublicClient(authority, organizationTenant);
         }
 
         public abstract TokenCachePersistenceOptions GetTokenCachePersistenceOptions();
diff --git a/src/Accounts/Authentication/Authentication/TokenCache/SharedTokenCacheProvider.cs b/src/Accounts/Authentication/Authentication/TokenCache/SharedTokenCacheProvider.cs
@@ -12,13 +12,14 @@
 // limitations under the License.
 // ----------------------------------------------------------------------------------
 
-using System;
-
 using Azure.Identity;
 
+using Microsoft.Azure.Commands.Common.Authentication.Abstractions;
 using Microsoft.Identity.Client;
 using Microsoft.Identity.Client.Extensions.Msal;
 
+using System;
+
 namespace Microsoft.Azure.Commands.Common.Authentication
 {
     public class SharedTokenCacheProvider : PowerShellTokenCacheProvider
@@ -103,9 +104,9 @@ protected override void RegisterCache(IPublicClientApplication client)
             }
         }
 
-        public override void ClearCache()
+        public override void ClearCache(string authority)
         {
-            var client = CreatePublicClient();
+            var client = CreatePublicClient(authority);
             var accounts = client.GetAccountsAsync().GetAwaiter().GetResult();
             foreach (var account in accounts)
             {
diff --git a/src/Accounts/Authentication/Factories/AuthenticationFactory.cs b/src/Accounts/Authentication/Factories/AuthenticationFactory.cs
@@ -522,6 +522,47 @@ public void RemoveUser(IAzureAccount account, IAzureTokenCache tokenCache)
             }
         }
 
+        /// <summary>
+        /// Remove any stored credentials for the given user and the Azure environment used.
+        /// </summary>
+        /// <param name="account">The account to remove credentials for</param>
+        /// <param name="authority">The Microsoft Entra authority</param>
+        public void RemoveUser(IAzureAccount account, string authority)
+        {
+            if (account != null && !string.IsNullOrEmpty(account.Id) && !string.IsNullOrWhiteSpace(account.Type))
+            {
+                switch (account.Type)
+                {
+                    case AzureAccount.AccountType.AccessToken:
+                        account.SetProperty(AzureAccount.Property.AccessToken, null);
+                        account.SetProperty(AzureAccount.Property.GraphAccessToken, null);
+                        account.SetProperty(AzureAccount.Property.KeyVaultAccessToken, null);
+                        break;
+                    case AzureAccount.AccountType.ManagedService:
+                        account.SetProperty(AzureAccount.Property.MSILoginUri, null);
+                        break;
+                    case AzureAccount.AccountType.ServicePrincipal:
+                        try
+                        {
+                            KeyStore.RemoveSecureString(new ServicePrincipalKey(AzureAccount.Property.ServicePrincipalSecret,
+                                account.Id, account.GetTenants().FirstOrDefault()));
+                            KeyStore.RemoveSecureString(new ServicePrincipalKey(AzureAccount.Property.CertificatePassword,
+    account.Id, account.GetTenants().FirstOrDefault()));
+                        }
+                        catch
+                        {
+                            // make best effort to remove credentials
+                        }
+
+                        RemoveFromTokenCache(account, authority);
+                        break;
+                    case AzureAccount.AccountType.User:
+                        RemoveFromTokenCache(account, authority);
+                        break;
+                }
+            }
+        }
+
         private string GetResourceId(string resourceIdorEndpointName, IAzureEnvironment environment)
         {
             return environment.GetEndpoint(resourceIdorEndpointName) ?? resourceIdorEndpointName;
@@ -558,20 +599,20 @@ private string GetEndpointToken(IAzureAccount account, string targetEndpoint)
             return account.GetProperty(tokenKey);
         }
 
-        private void RemoveFromTokenCache(IAzureAccount account)
+        private void RemoveFromTokenCache(IAzureAccount account, string authority = null)
         {
             PowerShellTokenCacheProvider tokenCacheProvider;
             if (!AzureSession.Instance.TryGetComponent(PowerShellTokenCacheProvider.PowerShellTokenCacheProviderKey, out tokenCacheProvider))
             {
                 throw new NullReferenceException(Resources.AuthenticationClientFactoryNotRegistered);
             }
 
-            var publicClient = tokenCacheProvider.CreatePublicClient();
+            var publicClient = tokenCacheProvider.CreatePublicClient(authority);
             var accounts = publicClient.GetAccountsAsync()
                             .ConfigureAwait(false).GetAwaiter().GetResult();
             var tokenAccounts = accounts.Where(a => MatchCacheItem(account, a));
             foreach (var tokenAccount in tokenAccounts)
-                {
+            {
                 publicClient.RemoveAsync(tokenAccount)
                                 .ConfigureAwait(false).GetAwaiter().GetResult();
             }
diff --git a/tools/TestFx/Mocks/MockCertificateAuthenticationFactory.cs b/tools/TestFx/Mocks/MockCertificateAuthenticationFactory.cs
@@ -124,5 +124,10 @@ public IAccessToken Authenticate(IAzureAccount account, IAzureEnvironment enviro
         {
             throw new NotImplementedException();
         }
+
+        public void RemoveUser(IAzureAccount account, string authority)
+        {
+            throw new NotImplementedException();
+        }
     }
 }
diff --git a/tools/TestFx/Mocks/MockTokenAuthenticationFactory.cs b/tools/TestFx/Mocks/MockTokenAuthenticationFactory.cs
@@ -148,5 +148,10 @@ public ServiceClientCredentials GetServiceClientCredentials(IAzureContext contex
         {
             return GetServiceClientCredentials(context, targetEndpoint, AzureCmdletContext.CmdletNone);
         }
+
+        public void RemoveUser(IAzureAccount account, string authority)
+        {
+            throw new NotImplementedException();
+        }
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -65,29 +65,29 @@ void ClearContext(AzureRmProfile profile, RMProfileClient client)`
`65`	`65`	`bool result = false;`
`66`	`66`	`if (profile != null)`
`67`	`67`	`{`
	`68`	`+ PowerShellTokenCacheProvider tokenCacheProvider = null;`
	`69`	`+ if (!AzureSession.Instance.TryGetComponent(PowerShellTokenCacheProvider.PowerShellTokenCacheProviderKey, out tokenCacheProvider))`
	`70`	`+ {`
	`71`	`+ WriteWarning(Resources.ClientFactoryNotRegisteredClear);`
	`72`	`+ }`
	`73`	`+`
`68`	`74`	`var contexts = profile.Contexts.Values;`
`69`	`75`	`foreach (var context in contexts)`
`70`	`76`	`{`
	`77`	`+ tokenCacheProvider?.ClearCache(context.Environment.ActiveDirectoryAuthority);`
`71`	`78`	`client.TryRemoveContext(context);`
`72`	`79`	`}`
`73`	`80`
`74`		`- PowerShellTokenCacheProvider tokenCacheProvider;`
`75`		`- if (!AzureSession.Instance.TryGetComponent(PowerShellTokenCacheProvider.PowerShellTokenCacheProviderKey, out tokenCacheProvider))`
	`81`	`+ if (tokenCacheProvider != null)`
`76`	`82`	`{`
`77`		`- WriteWarning(Resources.ClientFactoryNotRegisteredClear);`
`78`		`- }`
`79`		`- else`
`80`		`- {`
`81`		`- tokenCacheProvider.ClearCache();`
`82`		`- var defaultContext = new AzureContext();`
`83`		`- profile.TrySetDefaultContext(defaultContext);`
	`83`	`+ profile.TrySetDefaultContext(new AzureContext());`
`84`	`84`	`result = true;`
`85`	`85`	`}`
	`86`	`+`
`86`	`87`	`if (AzureSession.Instance.TryGetComponent(AzKeyStore.Name, out AzKeyStore keyStore))`
`87`	`88`	`{`
`88`	`89`	`keyStore?.Clear();`
`89`	`90`	`}`
`90`		`-`
`91`	`91`	`}`
`92`	`92`
`93`	`93`	`AzureSession.Instance.RaiseContextClearedEvent();`
Original file line number	Diff line number	Diff line change
`@@ -84,6 +84,7 @@ public override void ExecuteCmdlet()`
`84`	`84`	`var defaultProfile = DefaultProfile as AzureRmProfile;`
`85`	`85`	`if (defaultProfile != null && string.Equals(AzureSession.Instance?.ARMContextSaveMode, "CurrentUser"))`
`86`	`86`	`{`
	`87`	`+ AzureSession.Instance.SetProperty(AzureSession.Property.Environment, DefaultContext.Environment.Name);`
`87`	`88`	`defaultProfile.RefreshContextsFromCache(_cmdletContext);`
`88`	`89`	`}`
`89`	`90`	`}`
Original file line number	Diff line number	Diff line change
`@@ -12,17 +12,16 @@`
`12`	`12`	`// limitations under the License.`
`13`	`13`	`// ----------------------------------------------------------------------------------`
`14`	`14`
`15`		`-using System;`
`16`		`-using System.Linq;`
`17`		`-using System.Management.Automation;`
`18`		`-`
`19`	`15`	`using Microsoft.Azure.Commands.Common.Authentication;`
`20`	`16`	`using Microsoft.Azure.Commands.Common.Authentication.Abstractions;`
`21`	`17`	`using Microsoft.Azure.Commands.Common.Authentication.Models;`
`22`	`18`	`using Microsoft.Azure.Commands.Profile.Common;`
`23`	`19`	`using Microsoft.Azure.Commands.Profile.Models.Core;`
`24`	`20`	`using Microsoft.Azure.Commands.Profile.Properties;`
`25`		`-using Microsoft.WindowsAzure.Commands.Utilities.Common;`
	`21`	`+`
	`22`	`+using System;`
	`23`	`+using System.Linq;`
	`24`	`+using System.Management.Automation;`
`26`	`25`
`27`	`26`	`namespace Microsoft.Azure.Commands.Profile.Context`
`28`	`27`	`{`
`@@ -91,7 +90,7 @@ public override void ExecuteCmdlet()`
`91`	`90`	`}`
`92`	`91`	`else`
`93`	`92`	`{`
`94`		`- if (!tokenCacheProvider.TryRemoveAccount(removedContext.Account.Id))`
	`93`	`+ if (!tokenCacheProvider.TryRemoveAccount(removedContext.Account.Id, removedContext.Environment.ActiveDirectoryAuthority))`
`95`	`94`	`{`
`96`	`95`	`WriteWarning(string.Format(Resources.NoContextsRemain, removedContext.Account.Id));`
`97`	`96`	`}`
Original file line number	Diff line number	Diff line change
`@@ -823,8 +823,9 @@ public void RefreshContextsFromCache(ICmdletContext cmdletContext)`
`823`	`823`	`string authority = null;`
`824`	`824`	`if (TryGetEnvironment(AzureSession.Instance.GetProperty(AzureSession.Property.Environment), out IAzureEnvironment sessionEnvironment))`
`825`	`825`	`{`
`826`		`- authority = $"{sessionEnvironment.ActiveDirectoryAuthority}organizations";`
	`826`	`+ authority = $"{sessionEnvironment.ActiveDirectoryAuthority}/organizations";`
`827`	`827`	`}`
	`828`	`+ //fixme, if Connect-AzAccount not run, when to get authority`
`828`	`829`	`var accounts = tokenCacheProvider.ListAccounts(authority);`
`829`	`830`	`if (!accounts.Any())`
`830`	`831`	`{`
Original file line number	Diff line number	Diff line change
`@@ -14,6 +14,7 @@`
`14`	`14`
`15`	`15`	`using Azure.Identity;`
`16`	`16`
	`17`	`+using Microsoft.Azure.Commands.Common.Authentication.Abstractions;`
`17`	`18`	`using Microsoft.Identity.Client;`
`18`	`19`
`19`	`20`	`namespace Microsoft.Azure.Commands.Common.Authentication`
`@@ -46,7 +47,7 @@ public override void FlushTokenData()`
`46`	`47`	`}`
`47`	`48`	`}`
`48`	`49`
`49`		`- public override void ClearCache()`
	`50`	`+ public override void ClearCache(string authority)`
`50`	`51`	`{`
`51`	`52`	`InMemoryTokenCacheOptions = new InMemoryTokenCacheOptions();`
`52`	`53`	`}`
Original file line number	Diff line number	Diff line change
`@@ -12,13 +12,14 @@`
`12`	`12`	`// limitations under the License.`
`13`	`13`	`// ----------------------------------------------------------------------------------`
`14`	`14`
`15`		`-using System;`
`16`		`-`
`17`	`15`	`using Azure.Identity;`
`18`	`16`
	`17`	`+using Microsoft.Azure.Commands.Common.Authentication.Abstractions;`
`19`	`18`	`using Microsoft.Identity.Client;`
`20`	`19`	`using Microsoft.Identity.Client.Extensions.Msal;`
`21`	`20`
	`21`	`+using System;`
	`22`	`+`
`22`	`23`	`namespace Microsoft.Azure.Commands.Common.Authentication`
`23`	`24`	`{`
`24`	`25`	`public class SharedTokenCacheProvider : PowerShellTokenCacheProvider`
`@@ -103,9 +104,9 @@ protected override void RegisterCache(IPublicClientApplication client)`
`103`	`104`	`}`
`104`	`105`	`}`
`105`	`106`
`106`		`- public override void ClearCache()`
	`107`	`+ public override void ClearCache(string authority)`
`107`	`108`	`{`
`108`		`- var client = CreatePublicClient();`
	`109`	`+ var client = CreatePublicClient(authority);`
`109`	`110`	`var accounts = client.GetAccountsAsync().GetAwaiter().GetResult();`
`110`	`111`	`foreach (var account in accounts)`
`111`	`112`	`{`
Original file line number	Diff line number	Diff line change
`@@ -124,5 +124,10 @@ public IAccessToken Authenticate(IAzureAccount account, IAzureEnvironment enviro`
`124`	`124`	`{`
`125`	`125`	`throw new NotImplementedException();`
`126`	`126`	`}`
	`127`	`+`
	`128`	`+ public void RemoveUser(IAzureAccount account, string authority)`
	`129`	`+ {`
	`130`	`+ throw new NotImplementedException();`
	`131`	`+ }`
`127`	`132`	`}`
`128`	`133`	`}`
Original file line number	Diff line number	Diff line change
`@@ -148,5 +148,10 @@ public ServiceClientCredentials GetServiceClientCredentials(IAzureContext contex`
`148`	`148`	`{`
`149`	`149`	`return GetServiceClientCredentials(context, targetEndpoint, AzureCmdletContext.CmdletNone);`
`150`	`150`	`}`
	`151`	`+`
	`152`	`+ public void RemoveUser(IAzureAccount account, string authority)`
	`153`	`+ {`
	`154`	`+ throw new NotImplementedException();`
	`155`	`+ }`
`151`	`156`	`}`
`152`	`157`	`}`