public static IWebHostBuilder BuildWebHostBuilder(string[] args)
{
return(WebHost.CreateDefaultBuilder(args)
.UseStartup <Startup>()
.ConfigureAppConfiguration((ctx, builder) =>
{
var config = builder.Build();
var tokenProvider = new AzureServiceTokenProvider();
var kvClient = new KeyVaultClient((authority, resource, scope) => tokenProvider.KeyVaultTokenCallback(authority, resource, scope));
builder.AddAzureKeyVault(config["KeyVault:BaseUrl"], kvClient, new DefaultKeyVaultSecretManager());
})
.UseSerilog((ctx, config) =>
{
config.MinimumLevel.Debug()
.MinimumLevel.Debug()
.MinimumLevel.Override("Microsoft", LogEventLevel.Warning)
.MinimumLevel.Override("System", LogEventLevel.Warning)
.MinimumLevel.Override("Microsoft.AspNetCore.Authentication", LogEventLevel.Information)
.Enrich.FromLogContext();
if (ctx.HostingEnvironment.IsDevelopment())
{
config.WriteTo.Console(outputTemplate: "[{Timestamp:HH:mm:ss} {Level}] {SourceContext}{NewLine}{Message:lj}{NewLine}{Exception}{NewLine}");
}
else if (ctx.HostingEnvironment.IsProduction())
{
config.WriteTo.File(@"D:\home\LogFiles\Application\identityserver.txt",
fileSizeLimitBytes: 1_000_000,
rollOnFileSizeLimit: true,
shared: true,
flushToDiskInterval: TimeSpan.FromSeconds(1));
}
}));
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddMemoryCache();
services.Configure <SwishSettings>(Configuration.GetSection("Swish"));
services.Configure <CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddSingleton <SwishClient>(provider =>
{
var vault = Configuration["KeyVault:BaseUrl"];
var settings = provider.GetService <IOptionsMonitor <SwishSettings> >().CurrentValue;
if (!String.IsNullOrWhiteSpace(vault))
{
var tokenProvider = new AzureServiceTokenProvider();
var kvClient = new KeyVaultClient((authority, resource, scope) =>
tokenProvider.KeyVaultTokenCallback(authority, resource, scope));
var cert = kvClient.GetSecretAsync(vault, settings.CertificateName).Result;
byte[] privateKeyBytes = Convert.FromBase64String(cert.Value);
return(new SwishClient(settings.Environment, privateKeyBytes, String.Empty, settings.MerchantId));
}
return(new SwishClient(settings.Environment, System.IO.File.ReadAllBytes(settings.CertificateFile),
settings.CertificatePassword, settings.MerchantId));
});
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
}
private async Task <string> GetTokenAsync(string authority, string resource, string scope)
{
for (var i = 0; i < 5; i++)
{
try
{
return(await _azureServiceTokenProvider.KeyVaultTokenCallback(authority, resource, scope).ConfigureAwait(false));
}
catch (AzureServiceTokenProviderException)
{
await Task.Delay(TimeSpan.FromSeconds(10)).ConfigureAwait(false);
}
}
return(await _azureServiceTokenProvider.KeyVaultTokenCallback(authority, resource, scope).ConfigureAwait(false));
}
public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
WebHost.CreateDefaultBuilder(args)
.UseStartup <Startup>()
.ConfigureAppConfiguration((ctx, builder) =>
{
var baseUrl = Environment.GetEnvironmentVariable("KeyVault__BaseUrl");
var tokenProvider = new AzureServiceTokenProvider();
var kvClient = new KeyVaultClient((authority, resource, scope) => tokenProvider.KeyVaultTokenCallback(authority, resource, scope));
builder.AddAzureKeyVault(baseUrl, kvClient, new DefaultKeyVaultSecretManager());
});
/// <summary>
/// Requests a Let's Encrypt wild card certificate using DNS challenge.
/// The DNS provider used is Azure DNS.
/// The certificate is saved to Azure Key Vault.
/// The Certificate is finally install to an Azure App Service.
/// Configuration values are stored in Environment Variables.
/// </summary>
/// <param name="log"></param>
/// <returns></returns>
public static async Task InstallOrRenewCertificate(ILogger log)
{
var vaultBaseUrl = $"https://{Environment.GetEnvironmentVariable("Vault")}.vault.azure.net/";
log.LogInformation("C# HTTP trigger function processed a request.");
var configuration = new ConfigurationBuilder()
.AddAzureKeyVault(vaultBaseUrl) //Use MSI to get token
.AddEnvironmentVariables()
.Build();
var tokenProvider = new AzureServiceTokenProvider();
//Create the Key Vault client
var kvClient = new KeyVaultClient((authority, resource, scope) => tokenProvider.KeyVaultTokenCallback(authority, resource, scope), new MessageLoggingHandler(log));
ValidationContext validationContext;
IServiceCollection serviceCollection = new ServiceCollection();
serviceCollection
.AddSingleton <ILogger>(log)
.Configure <LoggerFilterOptions>(options => options.MinLevel = LogLevel.Information);
var certificateConsumer = configuration.GetValue <string>("CertificateConsumer");
if (string.IsNullOrEmpty(certificateConsumer))
{
var webAppSettings = configuration.GetSection("AzureAppService").Get <AzureWebAppSettings>();
validationContext = new ValidationContext(webAppSettings);
Validator.ValidateObject(webAppSettings, validationContext);
serviceCollection.AddAzureAppService(webAppSettings);
}
else if (certificateConsumer.Equals("NullCertificateConsumer"))
{
serviceCollection.AddNullCertificateConsumer();
}
serviceCollection
.AddSingleton <IKeyVaultClient>(kvClient)
.AddKeyVaultCertificateStore(vaultBaseUrl);
var dnsProviderConfig = configuration.GetSection("DnsSettings").Get <AzureDnsSettings>();
validationContext = new ValidationContext(dnsProviderConfig);
Validator.ValidateObject(dnsProviderConfig, validationContext);
serviceCollection
.AddAcmeClient <AzureDnsProvider>(dnsProviderConfig);
var serviceProvider = serviceCollection.BuildServiceProvider();
var app = serviceProvider.GetService <LetsencryptService>();
var dnsRequest = configuration.GetSection("AcmeDnsRequest").Get <AcmeDnsRequest>();
validationContext = new ValidationContext(dnsRequest);
Validator.ValidateObject(dnsRequest, validationContext);
await app.Run(dnsRequest, configuration.GetValue <int?>("RenewXNumberOfDaysBeforeExpiration") ?? 22);
}
public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
WebHost.CreateDefaultBuilder(args)
.UseStartup <Startup>()
.ConfigureAppConfiguration((ctx, builder) =>
{
var config = builder.Build();
var kvURL = config["KEY_VAULT_URI"];
var tokenProvider = new AzureServiceTokenProvider();
var kvClient = new KeyVaultClient((authority, resource, scope) => tokenProvider.KeyVaultTokenCallback(authority, resource, scope));
builder.AddAzureKeyVault(kvURL, kvClient, new DefaultKeyVaultSecretManager());
});
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureAppConfiguration((ctx, builder) =>
{
var baseUrl = "https://aksdemo001-kv.vault.azure.net/";
var tokenProvider = new AzureServiceTokenProvider();
var kvClient = new KeyVaultClient((authority, resource, scope) => tokenProvider.KeyVaultTokenCallback(authority, resource, scope));
builder.AddAzureKeyVault(baseUrl, kvClient, new DefaultKeyVaultSecretManager());
})
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.UseStartup <Startup>();
});
public static IConfigurationBuilder UseAzureKeyVaultConfiguration(this IConfigurationBuilder builder)
{
var config = builder.Build();
string keyVaultUrl = config["KeyVaultUrl"];
if (!string.IsNullOrEmpty(keyVaultUrl))
{
var azureServiceTokenProvider = new AzureServiceTokenProvider();
var kvClient = new KeyVaultClient(
(authority, resource, scope) => azureServiceTokenProvider.KeyVaultTokenCallback(authority, resource, scope));
builder.AddAzureKeyVault(keyVaultUrl, kvClient, new DefaultKeyVaultSecretManager());
}
return(builder);
}
public static IWebHost BuildWebHost(string[] args) =>
WebHost.CreateDefaultBuilder(args)
.UseApplicationInsights()
.ConfigureAppConfiguration((context, builder) =>
{
var config = builder.Build();
// Create Managed Service Identity token provider
var tokenProvider = new AzureServiceTokenProvider();
var kvClient = new KeyVaultClient((authority, resource, scope) => tokenProvider.KeyVaultTokenCallback(authority, resource, scope));
builder.AddAzureKeyVault(config["App:KeyVault:Url"], kvClient, new DefaultKeyVaultSecretManager());
})
.UseStartup <Startup>()
.Build();
public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
WebHost.CreateDefaultBuilder(args)
.UseStartup <Startup>().ConfigureAppConfiguration((ctx, builder) =>
{
var config = builder.Build();
var vault = config["KeyVault:BaseUrl"];
if (!string.IsNullOrWhiteSpace(vault))
{
var tokenProvider = new AzureServiceTokenProvider();
var kvClient = new KeyVaultClient((authority, resource, scope) =>
tokenProvider.KeyVaultTokenCallback(authority, resource, scope));
builder.AddAzureKeyVault(vault, kvClient, new DefaultKeyVaultSecretManager());
}
});
public static IWebHost BuildWebHost(string[] args) =>
WebHost.CreateDefaultBuilder(args)
.UseStartup <Startup>()
.ConfigureAppConfiguration((ctx, builder) =>
{
//Build the config from sources we have
var config = builder.Build();
//Create Managed Service Identity token provider
var tokenProvider = new AzureServiceTokenProvider();
//Create the Key Vault client
var kvClient = new KeyVaultClient((authority, resource, scope) => tokenProvider.KeyVaultTokenCallback(authority, resource, scope));
//Add Key Vault to configuration pipeline
builder.AddAzureKeyVault(config["KeyVault:BaseUrl"], kvClient, new DefaultKeyVaultSecretManager());
})
.Build();
public static IWebHostBuilder UseAzureKeyVaultConfiguration(this IWebHostBuilder webHostBuilder)
{
return(webHostBuilder.ConfigureAppConfiguration(builder =>
{
var config = builder.Build();
string keyVaultUrl = $"https://{config["KeyVault"]}.vault.azure.net/";
if (!string.IsNullOrEmpty(keyVaultUrl))
{
var azureServiceTokenProvider = new AzureServiceTokenProvider();
var kvClient = new KeyVaultClient(
(authority, resource, scope) => azureServiceTokenProvider.KeyVaultTokenCallback(authority, resource, scope));
builder.AddAzureKeyVault(keyVaultUrl, kvClient, new DefaultKeyVaultSecretManager());
}
}));
}
public async Task <string> GetSecret(string secretName)
{
// Useful if working locally and want to bypass the Azure Key Vault - just define secrets with same name in appSettings
var appSetting = ConfigurationManager.AppSettings.Get(secretName);
if (appSetting != null)
{
return(appSetting);
}
var tokenProvider = new AzureServiceTokenProvider();
var kv = new KeyVaultClient((authority, resource, scope) => tokenProvider.KeyVaultTokenCallback(authority, resource, scope));
var secretBundle = await kv.GetSecretAsync($"https://{_vaultName}.vault.azure.net/", secretName);
return(secretBundle.Value);
}
public static IHostBuilder CreateHostBuilder(string[] args)
{
return(Host.CreateDefaultBuilder(args)
.ConfigureAppConfiguration((ctx, builder) =>
{
var baseUrl = "https://messagingdemo001-kv.vault.azure.net/";
var tokenProvider = new AzureServiceTokenProvider();
var kvClient = new KeyVaultClient((authority, resource, scope) => tokenProvider.KeyVaultTokenCallback(authority, resource, scope));
builder.AddAzureKeyVault(baseUrl, kvClient, new DefaultKeyVaultSecretManager());
})
.ConfigureServices((hostContext, services) =>
{
services.Configure <Secrets>(s => ConfigurationBinder.Bind(hostContext.Configuration, (string)"Secrets", (object)s));
services.AddNServiceBus(hostContext.Configuration, typeof(Program).Assembly.GetName().Name);
}));
}
public Startup(IWebHostEnvironment env)
{
var configBuilder = new ConfigurationBuilder()
.SetBasePath(env.ContentRootPath)
.AddJsonFile("appSettings.json", optional: false, reloadOnChange: true)
.AddJsonFile($"appSettings.{env.EnvironmentName}.json", optional: true, reloadOnChange: true)
.AddEnvironmentVariables();
Configuration = configBuilder.Build();
var tokenProvider = new AzureServiceTokenProvider();
var keyVaultClient = new KeyVaultClient((authority, resource, scope)
=> tokenProvider.KeyVaultTokenCallback(authority, resource, scope));
configBuilder.AddAzureKeyVault(Configuration["KeyVault"], keyVaultClient, new DefaultKeyVaultSecretManager());
Configuration = configBuilder.Build();
}
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.UseSerilog((ctx, config) =>
{
config.MinimumLevel.Debug()
.MinimumLevel.Debug()
.MinimumLevel.Override("Microsoft", LogEventLevel.Warning)
.MinimumLevel.Override("System", LogEventLevel.Warning)
.MinimumLevel.Override("Microsoft.AspNetCore.Authentication", LogEventLevel.Information)
.Enrich.FromLogContext();
if (ctx.HostingEnvironment.IsDevelopment())
{
config.WriteTo.Console(outputTemplate: "[{Timestamp:HH:mm:ss} {Level}] {SourceContext}{NewLine}{Message:lj}{NewLine}{Exception}{NewLine}");
}
})
.ConfigureAppConfiguration((ctx, builder) =>
{
var environmentName = ctx.HostingEnvironment.EnvironmentName;
LoadConfigurations(builder, environmentName);
builder.AddUserSecrets <Startup>();
builder.AddEnvironmentVariables();
var config = builder.Build();
var tokenProvider = new AzureServiceTokenProvider();
var kvClient = new KeyVaultClient((authority, resource, scope) => tokenProvider.KeyVaultTokenCallback(authority, resource, scope));
var clientId = config["Identity:AzureAd:ClientId"];
var clientSecret = config["Identity:AzureAd:ClientSecret"];
builder.AddAzureKeyVault(
$"https://{config["Identity:KeyVault"]}.vault.azure.net/",
clientId,
clientSecret);
// builder.AddAzureKeyVault(config["KeyVault:BaseUrl"], kvClient, new DefaultKeyVaultSecretManager());
})
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.UseStartup <Startup>().UseSerilog();
});
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.UseStartup <Startup>();
})
.ConfigureAppConfiguration((ctx, builder) =>
{
if (!ctx.HostingEnvironment.IsDevelopment())
{
var config = builder.Build();
var tokenProvider = new AzureServiceTokenProvider();
var kvClient = new KeyVaultClient((authority, resource, scope) =>
tokenProvider.KeyVaultTokenCallback(authority, resource, scope));
builder.AddAzureKeyVault(config["AzureKeyVault:BaseUrl"], kvClient,
new DefaultKeyVaultSecretManager());
}
});
public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
WebHost.CreateDefaultBuilder(args)
.UseApplicationInsights()
.UseStartup <Startup>()
.ConfigureAppConfiguration((ctx, builder) =>
{
var config = builder.Build();
var keyVaultBaseUrl = config["KeyVault:BaseUrl"];
if (string.IsNullOrWhiteSpace(keyVaultBaseUrl))
{
return;
}
Console.WriteLine("Using keyvault");
var tokenProvider = new AzureServiceTokenProvider();
var kvClient = new KeyVaultClient((authority, resource, scope) => tokenProvider.KeyVaultTokenCallback(authority, resource, scope));
builder.AddAzureKeyVault(keyVaultBaseUrl, kvClient, new DefaultKeyVaultSecretManager());
})
.ConfigureLogging(logging =>
{
logging.AddApplicationInsights();
});
public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
WebHost.CreateDefaultBuilder(args)
.ConfigureAppConfiguration((context, builder) =>
{
// only run in "production" mode, so you don't override
// config values when running locally for development
if (context.HostingEnvironment.IsProduction())
{
var config = builder.Build();
// get MSI token from running web app
var tokenProvider = new AzureServiceTokenProvider();
// create kv client, passing MSI token for authorization
var keyvaultClient = new KeyVaultClient((authority, resource, scope)
=> tokenProvider.KeyVaultTokenCallback(authority, resource, scope));
// add the Key Vault "provider" that scans the KV, loading secrets into configuration
builder.AddAzureKeyVault(config["KeyVault:BaseUrl"], keyvaultClient, new PrefixKeyVaultSecretManager());
}
})
.UseStartup <Startup>();
/// <summary>
/// Helper that loads the config values from file, environment variables and keyvault.
/// </summary>
private static IConfiguration LoadConfig(string workingDirectory, ILogger log)
{
var tokenProvider = new AzureServiceTokenProvider();
var kvClient = new KeyVaultClient((authority, resource, scope)
=> tokenProvider.KeyVaultTokenCallback(authority, resource, scope));
var keyVaultName = new ConfigurationBuilder()
.SetBasePath(workingDirectory)
.AddJsonFile("local.settings.json", optional: true)
.AddEnvironmentVariables()
.Build()["KeyVaultName"];
if (string.IsNullOrEmpty(keyVaultName))
{
throw new NotSupportedException("KeyVaultName is not configured!");
}
var builder = new ConfigurationBuilder()
.AddJsonFile("local.settings.json", optional: true)
.AddAzureKeyVault($"https://{keyVaultName}.vault.azure.net", kvClient, new DefaultKeyVaultSecretManager())
.AddEnvironmentVariables();
return(builder.Build());
}
private static async Task <string> AuthenicateKeyVault(string authority, string resource, string scope)
{
System.Diagnostics.Trace.TraceInformation("Callback: AuthenicateKeyVault");
System.Diagnostics.Trace.TraceInformation($"Params: authority={authority}, resource={resource}, scope={scope}");
string result = string.Empty;
try
{
AzureServiceTokenProvider TokenProvider = new AzureServiceTokenProvider();
result = await TokenProvider.KeyVaultTokenCallback(authority, resource, scope);
if (TokenProvider.PrincipalUsed != null)
{
string MSIName = TokenProvider.PrincipalUsed.ToString();
System.Diagnostics.Trace.TraceInformation($"MSIName = {MSIName}");
}
}
catch (Exception e)
{
System.Diagnostics.Trace.TraceInformation($"Exception: Cannot access keyvault ({e.Message})");
}
return(result);
}
public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
WebHost.CreateDefaultBuilder(args)
.ConfigureAppConfiguration((ctx, builder) =>
{
var config = builder.Build();
var mode = (KeyVaultUsage)Enum.Parse(typeof(KeyVaultUsage), (config["Secrets:Mode"]));
if (mode != KeyVaultUsage.UseLocalSecretStore)
{
KeyVaultOptions kvc = config.GetSection("Secrets").Get <KeyVaultOptions>();
if (mode == KeyVaultUsage.UseClientSecret)
{
builder.AddAzureKeyVault(kvc.KeyVaultUri, kvc.ClientId, kvc.ClientSecret);
}
else //UseMsi
{
var tokenProvider = new AzureServiceTokenProvider();
//Create the Key Vault client
var kvClient = new KeyVaultClient((authority, resource, scope) => tokenProvider.KeyVaultTokenCallback(authority, resource, scope));
//Add Key Vault to configuration pipeline
builder.AddAzureKeyVault(kvc.KeyVaultUri, kvClient, new DefaultKeyVaultSecretManager());
}
}
})
.UseHealthChecks("/")
.UseApplicationInsights()
.UseStartup <Startup>();
//https://joonasw.net/view/azure-ad-managed-service-identity
//https://joonasw.net/view/aspnet-core-azure-keyvault-msi
/// <summary>
/// Uses the azure key vault. Looks for AppSettings.Json KeyVaultSettings > Name. Each environment should have a seperate vaultName. See https://joonasw.net/view/azure-ad-managed-service-identity for enabling MSI.
/// </summary>
public static IWebHostBuilder UseAzureKeyVault(this IWebHostBuilder webHostBuilder, string vaultName = null, bool useOnlyInProduction = true)
{
return(webHostBuilder.ConfigureAppConfiguration((ctx, builder) =>
{
var config = builder.Build();
if (vaultName == null)
{
var keyVaultSettings = GetKeyVaultSettings(config);
if (keyVaultSettings != null)
{
vaultName = keyVaultSettings.Name;
}
}
//If used outside Azure, it will authenticate as the developer's user. It will try using Azure CLI 2.0 (install from here). The second option is AD Integrated Authentication.
//After installing the CLI, remember to run az login, and login to your Azure account before running the app.Another important thing is that you need to also select the subscription where the Key Vault is.So if you have access to more than one subscription, also run az account set - s "My Azure Subscription name or id"
//Then you need to make sure your user has access to a Key Vault(does not have to be the production vault...).
if (!string.IsNullOrWhiteSpace(vaultName) && (!useOnlyInProduction || ctx.HostingEnvironment.IsProduction()))
{
//Section--Name
var tokenProvider = new AzureServiceTokenProvider();
var kvClient = new KeyVaultClient((authority, resource, scope) => tokenProvider.KeyVaultTokenCallback(authority, resource, scope));
builder.AddAzureKeyVault($"https://{vaultName}.vault.azure.net", kvClient, new DefaultKeyVaultSecretManager());
}
}));
}
public static IWebHostBuilder UseAzureKeyVault(this IWebHostBuilder webHostBuilder, string vaultName = null)
{
return(webHostBuilder.ConfigureAppConfiguration((ctx, builder) =>
{
var config = builder.Build();
if (vaultName == null)
{
var keyVaultSettings = GetKeyVaultSettings(config);
if (keyVaultSettings != null)
{
vaultName = keyVaultSettings.Name;
}
}
if (!string.IsNullOrWhiteSpace(vaultName) && !ctx.HostingEnvironment.IsDevelopment())
{
//Section--Name
var tokenProvider = new AzureServiceTokenProvider();
var kvClient = new KeyVaultClient((authority, resource, scope) => tokenProvider.KeyVaultTokenCallback(authority, resource, scope));
builder.AddAzureKeyVault($"https://{vaultName}.vault.azure.net", kvClient, new DefaultKeyVaultSecretManager());
}
}));
}
public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
WebHost.CreateDefaultBuilder(args)
.ConfigureAppConfiguration((context, config) =>
{
var env = context.HostingEnvironment;
config.SetBasePath(Directory.GetCurrentDirectory());
config.AddJsonFile("appsettings.json", false, true);
config.AddJsonFile($"appsettings.{env.EnvironmentName}.json", true, true);
if (env.IsDevelopment())
{
return;
}
var builtConfig = config.Build();
var azureServiceTokenProvider = new AzureServiceTokenProvider();
var keyVaultClient = new KeyVaultClient((authority, resource, scope) => azureServiceTokenProvider.KeyVaultTokenCallback(authority, resource, scope));
config.AddAzureKeyVault(
builtConfig["KeyVault:BaseUrl"],
keyVaultClient,
new DefaultKeyVaultSecretManager());
}
)
.UseStartup <Startup>();
public static IWebHostBuilder UseAzureKeyVaultConfiguration(this IWebHostBuilder webHostBuilder)
{
return(webHostBuilder.ConfigureAppConfiguration(builder =>
{
IConfigurationRoot config = builder.Build();
string keyVaultUrl = config["Lab:KeyVaultBaseUrl"];
if (!string.IsNullOrEmpty(keyVaultUrl))
{
// Need token provider to use Managed Identity
var azureServiceTokenProvider = new AzureServiceTokenProvider();
var kvClient = new KeyVaultClient((authority, resource, scope) => azureServiceTokenProvider.KeyVaultTokenCallback(authority, resource, scope));
builder.AddAzureKeyVault(keyVaultUrl, kvClient, new DefaultKeyVaultSecretManager());
}
}));
}
private static void GetApplicationInsightsInstrumentationKey(WebHostBuilderContext context, IConfigurationBuilder configurationBuilder)
{
// Read from default configuration providers: config files and environment variables
var builtConfig = configurationBuilder.Build();
var keyVaultName = builtConfig["KeyVault:Name"];
var keyVaultConnectionString = builtConfig["KeyVault:ConnectionString"];
if (string.IsNullOrWhiteSpace(keyVaultName))
{
return;
}
var keyVaultUrl = $"https://{keyVaultName}.vault.azure.net/";
if (string.IsNullOrWhiteSpace(keyVaultConnectionString) ||
string.Compare(keyVaultConnectionString, "none", true) == 0)
{
var azureServiceTokenProvider = new AzureServiceTokenProvider();
var keyVaultClient = new KeyVaultClient((authority, resource, scope) => azureServiceTokenProvider.KeyVaultTokenCallback(authority, resource, scope));
configurationBuilder.AddAzureKeyVault(keyVaultUrl,
keyVaultClient,
new DefaultKeyVaultSecretManager());
}
else
{
var azureServiceTokenProvider = new AzureServiceTokenProvider(keyVaultConnectionString);
var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
configurationBuilder.AddAzureKeyVault(keyVaultUrl,
keyVaultClient,
new DefaultKeyVaultSecretManager());
}
// Read configuration from Key Vault
builtConfig = configurationBuilder.Build();
// Read the Application Insights Instrumentation Key stored in Key Vault
applicationInsightsInstrumentationKey = builtConfig["ApplicationInsights:InstrumentationKey"];
}
public KeyVaultService()
{
tokenProvider = new AzureServiceTokenProvider();
kvClient = new KeyVaultClient((authority, resource, scope) => tokenProvider.KeyVaultTokenCallback(authority, resource, scope));
}
public static IContainer InitCotoso(string keyVaultUrl, string currentDirectory, Assembly mainAssembly, ContainerBuilder builder = null, bool withDBSecrets = false)
{
IConfigurationBuilder configBuilder = new ConfigurationBuilder().SetBasePath(currentDirectory).AddJsonFile("appsettings.json", optional: false, reloadOnChange: true);
if (!string.IsNullOrEmpty(keyVaultUrl))
{
var tokenProvider = new AzureServiceTokenProvider();
var kvClient = new KeyVaultClient((authority, resource, scope) => tokenProvider.KeyVaultTokenCallback(authority, resource, scope));
configBuilder = configBuilder.AddAzureKeyVault(keyVaultUrl, kvClient, new DefaultKeyVaultSecretManager());
}
var config = configBuilder.AddEnvironmentVariables().Build();
ContosoConfiguration contsoConfig = ContosoConfiguration.PopulateFromConfig(config, withDBSecrets);
bool buildHere = false;
IContainer container = null;
if (builder == null)
{
buildHere = true;
builder = new ContainerBuilder();
}
builder.RegisterInstance <ContosoConfiguration>(contsoConfig).AsSelf();
builder.RegisterAssemblyModules(typeof(Application.ContosoConfiguration).Assembly, mainAssembly);
if (buildHere)
{
container = builder.Build();
}
return(container);
}
private KeyVaultClient GetKeyVaultClient()
{
var tokenProvider = new AzureServiceTokenProvider();
return(new KeyVaultClient((authority, resource, scope) => tokenProvider.KeyVaultTokenCallback(authority, resource, scope)));
}