Improve error message handling (#497)

- Add special handling for token expired errors so they send with a clear flag that'll allow clients to take action on this case
- Send error message instead of callstack for all messages, and ensure all resource manager paths send back inner exceptions so users can understand the true root cause.

test/Microsoft.SqlTools.ServiceLayer.UnitTests/ResourceProvider/Azure/AzureAuthenticationManagerTest.cs

@@ -51,7 +51,7 @@ namespace Microsoft.SqlTools.ServiceLayer.UnitTests.ResourceProvider.Azure
             var currentUserAccount = CreateAccount();
             currentUserAccount.Account.IsStale = true;
             IAzureAuthenticationManager accountManager = await CreateAccountManager(currentUserAccount, null);
-            await Assert.ThrowsAsync<UserNeedsAuthenticationException>(() => accountManager.GetSelectedSubscriptionsAsync());
+            await Assert.ThrowsAsync<ExpiredTokenException>(() => accountManager.GetSelectedSubscriptionsAsync());
         }
 
         [Fact]

test/Microsoft.SqlTools.ServiceLayer.UnitTests/ResourceProvider/ResourceProviderServiceTests.cs

@@ -123,7 +123,7 @@ namespace Microsoft.SqlTools.ServiceLayer.UnitTests.Formatter
             // When I ask whether the service can process an error as a firewall rule request
             await TestUtils.RunAndVerify<HandleFirewallRuleResponse>((context) => ResourceProviderService.ProcessHandleFirewallRuleRequest(handleFirewallParams, context), (response) =>
             {
-                // Then I expect the response to be fakse as we require the known IP address to function
+                // Then I expect the response to be OK as we require the known IP address to function
                 Assert.NotNull(response);
                 Assert.False(response.Result);
                 Assert.Equal(string.Empty, response.IpAddress);
@@ -168,10 +168,42 @@ namespace Microsoft.SqlTools.ServiceLayer.UnitTests.Formatter
                 (context) => ResourceProviderService.HandleCreateFirewallRuleRequest(createFirewallParams, context),
                 (response) =>
             {
-                // Then I expect the response to be fakse as we require the known IP address to function
+                // Then I expect the response to be OK as we require the known IP address to function
                 Assert.NotNull(response);
                 Assert.Null(response.ErrorMessage);
                 Assert.True(response.Result);
+                Assert.False(response.IsTokenExpiredFailure);
+            });
+        }
+
+        [Fact]
+        public async Task TestCreateFirewallRuleHandlesTokenExpiration()
+        {
+            // Given the token has expired
+            string serverName = "myserver.database.windows.net";
+            var sub1Mock = new Mock<IAzureUserAccountSubscriptionContext>();
+            SetupCreateSession();
+            string expectedErrorMsg = "Token is expired";
+            AuthenticationManagerMock.Setup(a => a.GetSubscriptionsAsync()).ThrowsAsync(new ExpiredTokenException(expectedErrorMsg));
+
+            // When I request the firewall be created
+            var createFirewallParams = new CreateFirewallRuleParams()
+            {
+                ServerName = serverName,
+                StartIpAddress = "1.1.1.1",
+                EndIpAddress = "1.1.1.255",
+                Account = CreateAccount(),
+                SecurityTokenMappings = new Dictionary<string, AccountSecurityToken>()
+            };
+            await TestUtils.RunAndVerify<CreateFirewallRuleResponse>(
+                (context) => ResourceProviderService.HandleCreateFirewallRuleRequest(createFirewallParams, context),
+                (response) =>
+            {
+                // Then I expect the response to indicate that we failed due to token expiration
+                Assert.NotNull(response);
+                Assert.Equal(expectedErrorMsg, response.ErrorMessage);
+                Assert.True(response.IsTokenExpiredFailure);
+                Assert.False(response.Result);
             });
         }