public MyWebDbContext(DbContextOptions <MyWebDbContext> options)
: base(options)
{
var conn = (Microsoft.Data.SqlClient.SqlConnection)Database.GetDbConnection();
var prov = new Microsoft.Azure.Services.AppAuthentication.AzureServiceTokenProvider();
conn.AccessToken = prov.GetAccessTokenAsync("https://database.windows.net/").Result;
}
/// <summary>
/// This should be called before any call to <see cref="IRestClient"/>,
/// it sets up the auth token and default headers per the AMS V2 API specification.
/// </summary>
private void ConfigureRestClient()
{
if (!isConfigured)
{
Exception exceptionInLock = null;
lock (configLock)
{
if (!isConfigured)
{
try
{
string amsRestApiEndpoint = GetAmsRestApiEndpoint();
_restClient = new RestClient(amsRestApiEndpoint);
// Acquire a token for AMS.
// Ref: https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity?tabs=dotnet#asal
var azureServiceTokenProvider = new Microsoft.Azure.Services.AppAuthentication.AzureServiceTokenProvider();
string amsAccessToken = azureServiceTokenProvider.GetAccessTokenAsync(AmsRestApiResource).Result;
_restClient.Authenticator = new JwtAuthenticator(amsAccessToken);
_restClient.UseNewtonsoftJson(
new Newtonsoft.Json.JsonSerializerSettings()
{
ContractResolver = new DefaultContractResolver(),
});
_restClient.AddDefaultHeader("Content-Type", $"{ContentType.Json};odata=verbose");
_restClient.AddDefaultHeader("Accept", $"{ContentType.Json};odata=verbose");
_restClient.AddDefaultHeader("DataServiceVersion", "3.0");
_restClient.AddDefaultHeader("MaxDataServiceVersion", "3.0");
_restClient.AddDefaultHeader("x-ms-version", "2.19");
}
catch (Exception e)
{
exceptionInLock = e;
_log.LogError(e, $"Failed in {nameof(ConfigureRestClient)}.\nException.Message:\n{e.Message}\nInnerException.Message:\n{e.InnerException?.Message}");
}
finally
{
isConfigured = true;
}
}
}
if (exceptionInLock != null)
{
throw exceptionInLock;
}
}
return;
}
/// <summary>
/// Gets the AMS V2 API endpoint.
/// </summary>
/// <returns>The AMS V2 API endpoint.</returns>
private string GetAmsRestApiEndpoint()
{
string amsRestApiEndpoint;
try
{
// Create a rest client for access the Azure Resource Management API Endpoint:
var restManagementClient = new RestClient(_armManagementUrl);
// Acquire a token for arm.
// Ref: https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity?tabs=dotnet#asal
var azureServiceTokenProvider = new Microsoft.Azure.Services.AppAuthentication.AzureServiceTokenProvider();
string armAccessToken = azureServiceTokenProvider.GetAccessTokenAsync(_armManagementUrl).Result;
// Add the bearer authentication token to all requests:
restManagementClient.Authenticator = new JwtAuthenticator(armAccessToken);
// Enforce a known serializer:
restManagementClient.UseNewtonsoftJson(
new Newtonsoft.Json.JsonSerializerSettings()
{
ContractResolver = new DefaultContractResolver(),
});
// Add default headers
restManagementClient.AddDefaultHeader("Accept", $"{ContentType.Json};odata=verbose");
restManagementClient.AddDefaultHeader("Content-Type", ContentType.Json);
// GET ams account details:
var request = new RestRequest(_armAmsAccoutGetPath, Method.GET);
var restResponse = restManagementClient.Execute <JObject>(request);
if (!restResponse.IsSuccessful)
{
string expMsg = "Failed to get ams account details.";
throw new Exception(expMsg);
}
// Parse endpoint information from arm response.
amsRestApiEndpoint = (string)restResponse.Data.SelectToken("properties.apiEndpoints[0].endpoint");
}
catch (Exception e)
{
// Just log, let the caller catch the original exception:
_log.LogError(e, $"Failed in {nameof(GetAmsRestApiEndpoint)}.\nException.Message:\n{e.Message}\nInnerException.Message:\n{e.InnerException?.Message}");
throw;
}
return(amsRestApiEndpoint);
}
public string GetAzureRestApiToken(string ServiceURI, bool UseMSI, string ApplicationId, string AuthenticationKey)
{
if (UseMSI == true)
{
Microsoft.Azure.Services.AppAuthentication.AzureServiceTokenProvider tokenProvider = new Microsoft.Azure.Services.AppAuthentication.AzureServiceTokenProvider();
//https://management.azure.com/
return(tokenProvider.GetAccessTokenAsync(ServiceURI).Result);
}
else
{
AuthenticationContext context = new AuthenticationContext("https://login.windows.net/" + _authOptions.Value.TenantId);
ClientCredential cc = new ClientCredential(ApplicationId, AuthenticationKey);
AuthenticationResult result = context.AcquireTokenAsync(ServiceURI, cc).Result;
return(result.AccessToken);
}
}
private string ValidateConnectionStringWithoutPassword(string connection, string clientId, string tenantId, string appSecret, string resourceName)
{
if (string.IsNullOrEmpty(connection))
{
return("Connection string is empty");
}
if (string.IsNullOrEmpty(clientId) || !Guid.TryParse(clientId, out _))
{
return("Invalid client/app id.");
}
if (string.IsNullOrEmpty(tenantId) || !Guid.TryParse(tenantId, out _))
{
return("Invalid tenant id.");
}
if (string.IsNullOrEmpty(appSecret))
{
return("App secret is empty");
}
if (string.IsNullOrEmpty(resourceName))
{
return("Resource name is empty");
}
SqlConnection con = new SqlConnection(connection);
try
{
var tokenProv = new Microsoft.Azure.Services.AppAuthentication.AzureServiceTokenProvider($"RunAs=App;AppId={clientId};TenantId={tenantId};AppKey={appSecret}");
con.AccessToken = tokenProv.GetAccessTokenAsync(resourceName).Result;
con.Open();
return("Connection success.");
}
catch (Exception e)
{
return(e.Message);
}
finally
{
con.Close();
con.Dispose();
}
}
public MentorDbContext(DbContextOptions <MentorDbContext> options, IHttpContextAccessor httpContextAccessor, ILogger <MentorDbContext> logger)
: base(options)
{
this.httpContextAccessor = httpContextAccessor;
this.logger = logger;
var conn = (Microsoft.Data.SqlClient.SqlConnection)Database.GetDbConnection();
if (conn.ConnectionString.Contains("database.usgovcloudapi.net", StringComparison.OrdinalIgnoreCase))
{
var provider = new Microsoft.Azure.Services.AppAuthentication.AzureServiceTokenProvider();
conn.AccessToken = provider.GetAccessTokenAsync("https://database.usgovcloudapi.net/").ConfigureAwait(true).GetAwaiter().GetResult();
}
if (conn.ConnectionString.Contains("database.windows.net", StringComparison.OrdinalIgnoreCase))
{
var provider = new Microsoft.Azure.Services.AppAuthentication.AzureServiceTokenProvider();
conn.AccessToken = provider.GetAccessTokenAsync("https://database.windows.net/").ConfigureAwait(true).GetAwaiter().GetResult();
}
}
