Implement configurable symbol server authentication with /SymbolsAuth command line argument for PerfView and HeapDump

[Copilot]

This PR implements configurable authentication for symbol servers in both PerfView and HeapDump.exe, addressing the need for flexible credential management while maintaining backward compatibility.

Key Changes

Command Line Authentication Configuration

Added /SymbolsAuth command line argument that allows users to specify which authentication methods to use:

# Use only interactive browser authentication (default)
PerfView.exe /SymbolsAuth:Interactive

# Use environment variables and Visual Studio credentials
PerfView.exe /SymbolsAuth:Environment,VisualStudio

# Use all available authentication methods
PerfView.exe /SymbolsAuth:Environment,AzureCli,VisualStudio,Interactive

Available authentication types:

• Environment - Uses environment variables (e.g., AZURE_CLIENT_ID, AZURE_CLIENT_SECRET)
• AzureCli - Uses Azure CLI cached credentials
• VisualStudio - Uses Visual Studio cached credentials
• Interactive - Uses interactive browser authentication (default)

Unified Authentication Across Components

Both PerfView and HeapDump.exe now use the same authentication configuration:

• PerfView passes the /SymbolsAuth argument to HeapDump.exe when launching it
• HeapDump.exe supports the same authentication types and parsing logic
• Consistent credential chain building across both executables

Backward Compatible Default Behavior

By default, both applications use only InteractiveBrowserCredential(), maintaining the same user experience as before while allowing power users to configure additional authentication methods as needed.

Implementation Details

• Created SymbolsAuthenticationType enum with [Flags] attribute for combining authentication methods
• Added parsing logic via built-in command line enum support for PerfView
• Implemented custom parsing logic for HeapDump.exe
• Modified credential chain construction to build credentials based on user-specified flags
• Maintains all existing authentication behavior without UI changes

This approach provides flexibility for automated scenarios and enterprise environments while keeping the default experience simple for interactive users.

Fixes #2277.

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[Copilot]

@brianrob 👋 This repository doesn't have Copilot instructions. With Copilot instructions, I can understand the repository better, work faster and produce higher quality PRs.

I can generate a .github/copilot-instructions.md file for you automatically. Click here to open a pre-filled issue and assign it to me. I'll write the instructions, and then tag you for review.

[brianrob]

Rather than chaining all of these together, let's do the following. By default, let's set this to be an Interactive credential and nothing else. Then, if the user wants to override this, they can do so by specifying one or more credential types from the list of valid credentials on the command line, using a new command line argument that I'd like you to implement called /SymbolsAuth. Use an enum with flags to back the set of valid values based on what is currently supported by TokenCredential.

[brianrob]

@copilot can you help with this change?

[Copilot]

I've implemented the requested changes:

1. Reverted CreateTokenCredential() to use only InteractiveBrowserCredential() by default
2. Added /SymbolsAuth command line argument that accepts comma-separated values: Environment, AzureCli, VisualStudio, Interactive
3. Created SymbolsAuthenticationTypes enum with flags to represent the different credential types
4. Updated the credential chain logic to build credentials based on the specified flags

The implementation allows users to specify multiple authentication types like:

• /SymbolsAuth:Environment,VisualStudio
• /SymbolsAuth:Interactive (default behavior)
• /SymbolsAuth:Environment,AzureCli,VisualStudio,Interactive (equivalent to previous chained approach)

Changes made in commit 47a3b2e

[brianrob]

@copilot, Rather than using a string and having to parse it, you can use the enum directly and even set the default value to be Interactive here.

[Copilot]

Updated to use SymbolsAuthenticationType enum directly with default value Interactive in commit 52c1162. The command line parser's built-in enum support handles parsing and validation automatically.

[brianrob]

@copilot, If the parser uses the enum directly, this method is no longer needed.

[Copilot]

Removed the ParseSymbolsAuthenticationTypes method in commit 52c1162 since the command line parser handles enum parsing directly.

[brianrob]

@copilot, Please rename this SymbolsAuthenticationType.

[Copilot]

Renamed to SymbolsAuthenticationType (singular) in commit 52c1162.

[brianrob]

@copilot, please see the latest review.

[brianrob]

@copilot Please address this request.

[brianrob]

Please undo the dialog changes. This doesn't work and my local attempts to make this work were much more complicated than I thought. Additionally, it creates a bunch of behavior changes for SymbolReader.

[Copilot]

Dialog changes have been removed from StackWindow.xaml.cs in commit 96e1083. All authentication failure handling, the ShowAuthenticationFailureDialog method, and the Azure.Identity using statement have been reverted to preserve the original SymbolReader behavior.

[brianrob]

@copilot please address this comment.

[brianrob]

This same logic should also apply to the TokenCredential created in heapdump. I suspect you'll need to take the argument passed to PerfView and pass it to heapdump.exe and have heapdump.exe consume it in the same way that PerfView does here.

[Copilot]

I've implemented the SymbolsAuth configuration for HeapDump.exe as requested. The changes include:

1. HeapDump.exe now supports /SymbolsAuth argument - Added parsing logic and credential chain building identical to PerfView
2. PerfView passes SymbolsAuth to HeapDump.exe - Modified HeapSnapshot.cs to include the /SymbolsAuth parameter when launching HeapDump.exe
3. Maintains backward compatibility - HeapDump.exe defaults to Interactive authentication when no argument is provided

The implementation ensures that both PerfView and HeapDump.exe use the same authentication configuration specified by the user. Changes made in commit 5f0b8c5.

[marklio]

This looks fine overall, just a few pieces of feedback.

[marklio]

Seems strange to have both a public constructor arg AND a public settable field. My preferred approach if you need to provide this for consumption would be (in order of preference):

• An internal get-only property
• A public get-only property (if it really needs to be public)

[marklio]

public fields are typically thought of as an anti-pattern

[brianrob]

You're right - The constructor really doesn't need the argument anymore, especially with a default NULL value. I've removed it. One thing to note is that the GCHeapDumper class is part of HeapDump which isn't publicly shipped as surface area that folks can depend upon. It's really an internal implementation detail of PerfView, and so I imagine that's why it uses public fields. I can change this if you're feeling strongly about this, but for the purposes of this change, I'm just following the existing pattern.

[marklio]

following existing pattern seems fine. I didn't notice the pattern.

[marklio]

CONSIDER: generating this list from the enum

[marklio]

Why not pass symbolsAuth rather than introducing a new local? In all continuing cases, symbolsAuth is immediately overwritten with this value anyway.

[brianrob]

Thanks for pointing this out. That was just a bit odd (from copilot).

[marklio]

This seems duplicative

[marklio]

oh, this is actually another project

[brianrob]

It is another project, but you're right. I merged these into one enum definition.

[marklio]

looks good. Thanks for the context