public async Task <ActionResult> GetAsync() { var client = new SecretClient(new Uri(kvUri), new DefaultAzureCredential()); KeyVaultSecret secret = null; string returnValue = string.Empty; string input = null; // If not data came in, then return if (this.Request.Body == null) { return(StatusCode((int)HttpStatusCode.Conflict, new B2CResponseModel("Request content is null", HttpStatusCode.Conflict))); } // Read the input claims from the request body using (StreamReader reader = new StreamReader(Request.Body, Encoding.UTF8)) { input = await reader.ReadToEndAsync(); } // Check input content value if (string.IsNullOrEmpty(input)) { return(StatusCode((int)HttpStatusCode.Conflict, new B2CResponseModel("Request content is empty", HttpStatusCode.Conflict))); } // Convert the input string into InputClaimsModel object InputClaimsModel inputClaims = InputClaimsModel.Parse(input); if (string.IsNullOrEmpty(inputClaims.userId)) { return(StatusCode((int)HttpStatusCode.Conflict, new B2CResponseModel("The 'userId' parameter is null or empty", HttpStatusCode.Conflict))); } if (string.IsNullOrEmpty(inputClaims.password)) { return(StatusCode((int)HttpStatusCode.Conflict, new B2CResponseModel("The 'password' parameter is null or empty", HttpStatusCode.Conflict))); } try { // Try to get the secret List <Passwords> passwords = new List <Passwords>(); await foreach (SecretProperties secretVersion in client.GetPropertiesOfSecretVersionsAsync(inputClaims.userId)) { passwords.Add(new Passwords() { Version = secretVersion.Version, CreatedOn = secretVersion.CreatedOn }); } // Sort the history by date decsending passwords = passwords.OrderByDescending(x => x.CreatedOn).ToList(); int i = 0; foreach (var item in passwords) { i++; if (i <= 4) { secret = await client.GetSecretAsync(inputClaims.userId, item.Version); // Check if the password already in used if (secret.Value == inputClaims.password) { _logger.LogInformation("Secret {userId} found, returning error message ot the user."); return(StatusCode((int)HttpStatusCode.Conflict, new B2CResponseModel("Please make sure the password you enter have never been used before.", HttpStatusCode.Conflict))); } } else { break; } } } catch (RequestFailedException) { _logger.LogInformation($"Secret {inputClaims.userId} not found."); } catch (Exception ex) { _logger.LogInformation(ex.Message); } try { // Try to update the secret KeyVaultSecret persistedSecret = await client.SetSecretAsync(inputClaims.userId, inputClaims.password); } catch (Exception ex) { _logger.LogError(ex.ToString()); return(StatusCode((int)HttpStatusCode.Conflict, new B2CResponseModel("Error (649): " + ex.Message, HttpStatusCode.Conflict))); } return(Ok()); }