private TokenProvider createTokenProvider()
{
if (_config.IsOnPrem)
{
X509Certificate2 cert = getCertificateBySubject(_config.CertificateSubject);
var auth = string.Format(CultureInfo.InvariantCulture, AAD, _config.TenantName);
var tokenProvider = TokenProvider.CreateAzureActiveDirectoryTokenProvider(async(audience, authority, state) =>
{
IConfidentialClientApplication app = ConfidentialClientApplicationBuilder.Create(_config.AadClientId)
.WithAuthority(authority)
.WithCertificate(cert)
.Build();
var serviceBusAudience = new Uri(ServiceBusAudience);
var authResult = await app.AcquireTokenForClient(new string[] { $"{serviceBusAudience}/.default" }).ExecuteAsync();
return(authResult.AccessToken);
}, auth);
return(tokenProvider);
}
else
{
return(TokenProvider.CreateManagedIdentityTokenProvider());
}
}
private ITokenProvider CreateTokenProvider(string clientId, string clientSecret, string tenantId)
{
return(TokenProvider.CreateAzureActiveDirectoryTokenProvider(async(audience, authority, state) =>
{
IConfidentialClientApplication app = ConfidentialClientApplicationBuilder.Create(clientId)
.WithAuthority(authority)
.WithClientSecret(clientSecret)
.Build();
var serviceBusAudience = new Uri("https://servicebus.azure.net");
var authResult = await app.AcquireTokenForClient(new string[] { $"{serviceBusAudience}/.default" }).ExecuteAsync();
return authResult.AccessToken;
}, $"https://login.windows.net/{tenantId}"));
}
static TokenProvider GetAadTokenProvider(string clientId, string tenantId, string clientSecret)
{
return(TokenProvider.CreateAzureActiveDirectoryTokenProvider(
async(audience, authority, state) =>
{
IConfidentialClientApplication app = ConfidentialClientApplicationBuilder.Create(clientId)
.WithAuthority(authority)
.WithClientSecret(clientSecret)
.Build();
var authResult = await app.AcquireTokenForClient(new [] { $"{audience}/.default" }).ExecuteAsync();
return authResult.AccessToken;
},
$"https://login.microsoftonline.com/{tenantId}"));
}
public async Task UseITokenProviderWithAad()
{
var appAuthority = "";
var aadAppId = "";
var aadAppSecret = "";
AzureActiveDirectoryTokenProvider.AuthenticationCallback authCallback =
async(audience, authority, state) =>
{
var authContext = new AuthenticationContext(authority);
var cc = new ClientCredential(aadAppId, aadAppSecret);
var authResult = await authContext.AcquireTokenAsync(audience, cc);
return(authResult.AccessToken);
};
var tokenProvider = TokenProvider.CreateAzureActiveDirectoryTokenProvider(authCallback, appAuthority);
// Create new client with updated connection string.
await using (var scope = await EventHubScope.CreateAsync(1))
{
var connectionString = TestUtility.BuildEventHubsConnectionString(scope.EventHubName);
var csb = new EventHubsConnectionStringBuilder(connectionString);
var ehClient = EventHubClient.CreateWithTokenProvider(csb.Endpoint, csb.EntityPath, tokenProvider);
// Send one event
TestUtility.Log($"Sending one message.");
var ehSender = ehClient.CreatePartitionSender("0");
var eventData = new EventData(Encoding.UTF8.GetBytes("Hello EventHub!"));
await ehSender.SendAsync(eventData);
// Receive event.
PartitionReceiver ehReceiver = null;
try
{
TestUtility.Log($"Receiving one message.");
ehReceiver = ehClient.CreateReceiver(PartitionReceiver.DefaultConsumerGroupName, "0", EventPosition.FromStart());
var msg = await ehReceiver.ReceiveAsync(1);
Assert.True(msg != null, "Failed to receive message.");
}
finally
{
await ehReceiver?.CloseAsync();
}
}
}
async Task ClientCredentialsScenario()
{
var aadTokenProvider = TokenProvider.CreateAzureActiveDirectoryTokenProvider(async(audience, authority, state) =>
{
IConfidentialClientApplication app = ConfidentialClientApplicationBuilder.Create(ClientId)
.WithAuthority(authority)
.WithClientSecret(ConfigurationManager.AppSettings["clientSecret"])
.Build();
var authResult = await app.AcquireTokenForClient(new string[] { $"{audience}/.default" }).ExecuteAsync();
return(authResult.AccessToken);
});
var qClient = new QueueClient(new Uri($"sb://{ServiceBusNamespace}/").ToString(), QueueName, aadTokenProvider);
await SendReceiveAsync(qClient);
}
async Task UserInteractiveLoginScenario()
{
var aadTokenProvider = TokenProvider.CreateAzureActiveDirectoryTokenProvider(async(audience, authority, state) =>
{
var app = PublicClientApplicationBuilder.Create(ClientId)
.WithRedirectUri(ConfigurationManager.AppSettings["redirectURI"])
.Build();
var authResult = await app.AcquireTokenInteractive(new string[] { $"{audience}/.default" }).ExecuteAsync();
return(authResult.AccessToken);
}, $"https://login.windows.net/{TenantId}");
var qc = new QueueClient(new Uri($"sb://{ServiceBusNamespace}/").ToString(), QueueName, aadTokenProvider);
await SendReceiveAsync(qc);
}
static async Task ClientCredentialsScenarioAsync()
{
TokenProvider tp = TokenProvider.CreateAzureActiveDirectoryTokenProvider(
async(audience, authority, state) =>
{
IConfidentialClientApplication app = ConfidentialClientApplicationBuilder.Create(ClientId)
.WithAuthority(authority)
.WithClientSecret(ConfigurationManager.AppSettings["clientSecret"])
.Build();
var authResult = await app.AcquireTokenForClient(new string[] { $"{audience}/.default" }).ExecuteAsync();
return(authResult.AccessToken);
});
var ehClient = EventHubClient.CreateWithTokenProvider(new Uri($"sb://{EventHubNamespace}/"), EventHubName, tp);
await SendReceiveAsync(ehClient);
}
public async Task AzureActiveDirectoryTokenProviderAuthCallbackTest()
{
string TestToken = @"eyJhbGciOiJIUzI1NiJ9.e30.ZRrHA1JJJW8opsbCGfG_HACGpVUMN_a9IV7pAx_Zmeo";
string ServiceBusAudience = "https://servicebus.azure.net";
var aadTokenProvider = TokenProvider.CreateAzureActiveDirectoryTokenProvider(
(audience, authority, state) =>
{
Assert.Equal(ServiceBusAudience, audience);
return(Task.FromResult(TestToken));
},
"https://servicebus.azure.net/MyTenantId");
var token = await aadTokenProvider.GetTokenAsync(ServiceBusAudience, TimeSpan.FromSeconds(60));
Assert.Equal(TestToken, token.TokenValue);
Assert.Equal(typeof(JsonSecurityToken), token.GetType());
}
public static async Task Main(string[] args)
{
// Create token provider so that we can use it at both management and runtime clients.
TokenProvider tokenProvider = TokenProvider.CreateAzureActiveDirectoryTokenProvider(
async(audience, authority, state) =>
{
IConfidentialClientApplication app = ConfidentialClientApplicationBuilder.Create(ClientId)
.WithAuthority(authority)
.WithClientSecret(ClientSecret)
.Build();
var authResult = await app.AcquireTokenForClient(new string[] { $"{audience}/.default" }).ExecuteAsync();
return(authResult.AccessToken);
},
ServiceAudience.EventHubsAudience,
$"https://login.microsoftonline.com/{TenantId}");
var eventHubName = "testeh-" + Guid.NewGuid().ToString();
// Create NamespaceManger and EventHubClient with Azure Active Directory token provider.
var ehUri = new Uri($"sb://{EventHubNamespace}/");
var namespaceManager = new NamespaceManager(ehUri, tokenProvider);
var messagingFactory = MessagingFactory.Create(ehUri,
new MessagingFactorySettings()
{
TokenProvider = tokenProvider,
TransportType = TransportType.Amqp
});
var ehClient = messagingFactory.CreateEventHubClient(eventHubName);
// Create a new event hub.
Console.WriteLine($"Creating event hub {eventHubName}");
await namespaceManager.CreateEventHubAsync(eventHubName);
// Send and receive a message.
await SendReceiveAsync(ehClient);
// Delete event hub.
Console.WriteLine($"Deleting event hub {eventHubName}");
await namespaceManager.DeleteEventHubAsync(eventHubName);
Console.WriteLine("Press enter to exit");
Console.ReadLine();
}
public async Task AzureActiveDirectoryTokenProviderAuthCallbackTest()
{
var csb = new ServiceBusConnectionStringBuilder(TestUtility.NamespaceConnectionString);
string TestToken = @"eyJhbGciOiJIUzI1NiJ9.e30.ZRrHA1JJJW8opsbCGfG_HACGpVUMN_a9IV7pAx_Zmeo";
var aadTokenProvider = TokenProvider.CreateAzureActiveDirectoryTokenProvider(
(audience, authority, state) =>
{
Assert.Equal(Constants.AadServiceBusAudience, audience);
return(Task.FromResult(TestToken));
},
"https://servicebus.azure.net/MyTenantId");
var token = await aadTokenProvider.GetTokenAsync(csb.Endpoint, TimeSpan.FromSeconds(60));
Assert.Equal(typeof(JsonSecurityToken), token.GetType());
Assert.Equal(TestToken, token.TokenValue);
Assert.Equal(csb.Endpoint, token.Audience);
}
async Task ClientCredentialsScenario()
{
TokenProvider aadTokenProvider = TokenProvider.CreateAzureActiveDirectoryTokenProvider
(async(audience, authority, state) =>
{
IConfidentialClientApplication app = ConfidentialClientApplicationBuilder.Create(ClientId)
.WithAuthority(authority)
.WithClientSecret(ConfigurationManager.AppSettings["clientSecret"])
.Build();
var serviceBusAudience = new Uri("https://servicebus.azure.net");
AuthenticationResult authResult = await app.AcquireTokenForClient(new string[] { $"{serviceBusAudience}/.default" }).ExecuteAsync();
return(authResult.AccessToken);
}, $"https://login.windows.net/{TenantId}");
var qc = new QueueClient(new Uri($"sb://{ServiceBusNamespace}/").ToString(), QueueName, aadTokenProvider);
await SendReceiveAsync(qc);
}
async Task ClientCredentialsCertScenario()
{
X509Certificate2 certificate = GetCertificate();
var aadTokenProvider = TokenProvider.CreateAzureActiveDirectoryTokenProvider(async(audience, authority, state) =>
{
IConfidentialClientApplication app = ConfidentialClientApplicationBuilder.Create(ClientId)
.WithAuthority(authority)
.WithCertificate(certificate)
.Build();
Uri ServiceBusAudience = new Uri("https://servicebus.azure.net");
var authResult = await app.AcquireTokenForClient(new string[] { $"{ServiceBusAudience}/.default" }).ExecuteAsync();
return(authResult.AccessToken);
});
var qc = new QueueClient(new Uri($"sb://{ServiceBusNamespace}/").ToString(), QueueName, aadTokenProvider);
await SendReceiveAsync(qc);
}
static async Task ClientAssertionCertScenarioAsync()
{
X509Certificate2 certificate = GetCertificate();
TokenProvider tp = TokenProvider.CreateAzureActiveDirectoryTokenProvider(
async(audience, authority, state) =>
{
IConfidentialClientApplication app = ConfidentialClientApplicationBuilder.Create(ClientId)
.WithAuthority(authority)
.WithCertificate(certificate)
.Build();
var authResult = await app.AcquireTokenForClient(new string[] { $"{audience}/.default" }).ExecuteAsync();
return(authResult.AccessToken);
});
var ehClient = EventHubClient.CreateWithTokenProvider(new Uri($"sb://{EventHubNamespace}/"), EventHubName, tp);
await SendReceiveAsync(ehClient);
}
public static async Task Main(string[] args)
{
// Use the same identity client for both Event Hubs and Storage
tokenClient = ConfidentialClientApplicationBuilder.Create(ClientId)
.WithAuthority(Authority)
.WithClientSecret(ClientSecret)
.Build();
// Create Storage client with access token provider
var tokenAndFrequency = await TokenRenewerAsync(tokenClient, CancellationToken.None);
var tokenCredential = new TokenCredential(tokenAndFrequency.Token,
TokenRenewerAsync,
tokenClient,
tokenAndFrequency.Frequency.Value);
var storageCredentials = new StorageCredentials(tokenCredential);
CloudStorageAccount cloudStorageAccount = new CloudStorageAccount(storageCredentials, StorageAccountName, string.Empty, true);
// Create Event Hubs access token provider and processor host
TokenProvider tp = TokenProvider.CreateAzureActiveDirectoryTokenProvider(
new AzureActiveDirectoryTokenProvider.AuthenticationCallback(GetAccessTokenAsync), Authority, tokenClient);
var eventProcessorHost = new EventProcessorHost(
new Uri(EventHubNamespace),
EventHubName,
PartitionReceiver.DefaultConsumerGroupName,
tp,
cloudStorageAccount,
StorageContainerName);
// Registers the Event Processor Host and starts receiving messages
Console.WriteLine("Registering EventProcessor...");
await eventProcessorHost.RegisterEventProcessorAsync <SimpleEventProcessor>();
Console.WriteLine("Receiving. Press enter key to stop worker.");
Console.ReadLine();
// Disposes of the Event Processor Host
await eventProcessorHost.UnregisterEventProcessorAsync();
}
