/// <summary>
/// Initializes a new instance of the KeyVaultInternalClient class.
/// </summary>
/// <param name='credentials'>
/// Required. Gets or sets the credential
/// </param>
/// <param name='httpClient'>
/// The Http client
/// </param>
public KeyVaultInternalClient(KeyVaultCredential credentials, HttpClient httpClient)
: this(httpClient)
{
if (credentials == null)
{
throw new ArgumentNullException("credentials");
}
this._credentials = credentials;
this._baseUri = null;
this.Credentials.InitializeServiceClient(this);
}
internal async Task <string> GetValueAsync(KeyVaultAttribute keyVaultAttribute, CancellationToken cancellationToken)
{
var key = $"{keyVaultAttribute.ConfigurationNodeName}-{keyVaultAttribute.SecretName}";
string value = null;
Exception ex1 = null;
await semaphoreSlim.WaitAsync();
try
{
value = valueCacheService.GetObject(key, keyVaultAttribute.CacheMinutes);
if (value == null)
{
(string baseUrl, string clientId, string clientSecret) = KeyVaultAttributeSettingsService.GetSettings(keyVaultAttribute);
KeyVaultClient keyVaultClient = keyVaultClientCacheService.GetObject(keyVaultAttribute.ConfigurationNodeName, keyVaultClientCacheMinutes);
if (keyVaultClient == null)
{
KeyVaultCredential credentials = new KeyVaultCredential(
new KeyVaultClient.AuthenticationCallback((authority, resource, scope) => GetAccessToken(clientId, clientSecret, authority, resource, scope))
);
keyVaultClient = new KeyVaultClient(credentials);
keyVaultClientCacheService.SetObject(keyVaultAttribute.ConfigurationNodeName, keyVaultClient);
}
var result = await keyVaultClient.GetSecretAsync(baseUrl, keyVaultAttribute.SecretName, cancellationToken);
var resultValue = result.Value;
valueCacheService.SetObject(key, resultValue);
return(resultValue);
}
}
catch (Exception ex)
{
ex1 = ex;
}
finally
{
semaphoreSlim.Release();
}
if (ex1 != null)
{
throw ex1;
}
return(value);
}
/// <summary>
/// Initializes a new instance of the KeyVaultInternalClient class.
/// </summary>
/// <param name='credentials'>
/// Required. Gets or sets the credential
/// </param>
/// <param name='baseUri'>
/// Optional. Gets the URI used as the base for all cloud service
/// requests.
/// </param>
public KeyVaultInternalClient(KeyVaultCredential credentials, Uri baseUri)
: this()
{
if (credentials == null)
{
throw new ArgumentNullException("credentials");
}
if (baseUri == null)
{
throw new ArgumentNullException("baseUri");
}
this._credentials = credentials;
this._baseUri = baseUri;
this.Credentials.InitializeServiceClient(this);
}
/// <summary>
/// Retrieve Key Vault data using Compound Identity (On-Behalf-Of)
/// </summary>
/// <returns></returns>
private static async Task CompoundAccess(Settings settings)
{
// When using CompoundAccess, the consent to the
Console.WriteLine("Acquire User token");
var clientApp = PublicClientApplicationBuilder.Create(settings.ClientId)
.WithAuthority($"{settings.Instance}{settings.TenantId}")
.WithRedirectUri("http://localhost") // Make sure the "http://localhost" is added and selected as the app Redirect URI
.Build();
var resultUser = clientApp
.AcquireTokenInteractive(new[] { settings.AppClientScope }) // Make sure the same scope name is created in "Exposed API" section for this app registration in azure portal
.WithExtraScopesToConsent(new [] { KeyVaultUserImScope })
.WithPrompt(Prompt.Consent)
.ExecuteAsync().Result;
Console.WriteLine("Acquire Client token");
var clientApp2 = ConfidentialClientApplicationBuilder.Create(settings.ClientId)
.WithAuthority($"{settings.Instance}{settings.TenantId}")
.WithClientSecret(settings.ClientSecret)
.Build();
var resultObo = clientApp2
.AcquireTokenOnBehalfOf(
new[] { KeyVaultScope },
new UserAssertion(resultUser.AccessToken))
.ExecuteAsync().Result;
Console.WriteLine("Access Key Vault");
var kc = new KeyVaultCredential(
(authority, resource, scope) =>
{
Console.WriteLine($"Authority: {authority}, Resource: {resource}, Scope: {scope}");
return(Task.FromResult(resultObo.AccessToken));
});
var kvClient = new KeyVaultClient(kc);
var secretBundle = await kvClient.GetSecretAsync(settings.KeyVaultBaseUri, settings.SecretName);
Console.WriteLine("Secret:" + secretBundle.Value);
}
public CachedKeyVaultClient(KeyVaultCredential credential, System.Net.Http.HttpClient httpClient)
: base(credential, httpClient)
{
}
