public async static Task <ClientContext> GetClientContextAsync(string siteUrl) { string tenantName = new Uri(siteUrl).Host.Replace(".sharepoint.com", ""); string authority = $"https://login.microsoftonline.com/{tenantName}.onmicrosoft.com/oaut/token2"; string resource = $"https://{tenantName}.sharepoint.com/"; string clientId = string.Empty; X509Certificate2 certificate = null; using (KeyVaultService keyVault = new KeyVaultService()) { clientId = await keyVault.GetSecretAsync(Constants.SharePointClientId); var certPfx = await keyVault.GetSecretAsync(Constants.SharePointCert); certificate = new X509Certificate2( Convert.FromBase64String(certPfx), (string)null, X509KeyStorageFlags.MachineKeySet); } var authenticationContext = new AuthenticationContext(authority, false); AuthenticationResult authResult = await authenticationContext.AcquireTokenAsync( resource, new ClientAssertionCertificate(clientId, certificate)); var ctx = new ClientContext(siteUrl); ctx.ExecutingWebRequest += (s, e) => { e.WebRequestExecutor.RequestHeaders["Authorization"] = $"Bearer {authResult.AccessToken}"; }; return(ctx); }
private static async Task <IDocumentRepository <TEntity> > GetRepoAsync <TEntity>( string collectionId, string cosmosDbEndpoint, string keyVaultEndpoint) where TEntity : class { DocumentRepository <TEntity> repo; KeyVaultService keyVault; string authKey; try { if (!repos.ContainsKey(collectionId)) { keyVault = new KeyVaultService(keyVaultEndpoint); authKey = await keyVault.GetSecretAsync(CosmsosDbAccessKey).ConfigureAwait(false); repo = new DocumentRepository <TEntity>( cosmosDbEndpoint, authKey, DatabaseId, collectionId); await repo.InitializeAsync().ConfigureAwait(false); repos[collectionId] = repo; } return(repos[collectionId] as IDocumentRepository <TEntity>); } finally { keyVault = null; } }
public async Task <List <Alert> > ConvertAsync(SecurityAlertsAttribute input, CancellationToken cancellationToken) { GraphService graphService; IVaultService vaultService; List <Alert> alerts; try { vaultService = new KeyVaultService(input.KeyVaultEndpoint); graphService = new GraphService(new Uri(input.Resource), new ServiceCredentials( input.ApplicationId, await vaultService.GetSecretAsync(input.SecretName).ConfigureAwait(false), input.Resource, input.CustomerId)); alerts = await graphService.GetAlertsAsync().ConfigureAwait(false); return(alerts); } catch (ServiceClientException ex) { log.LogError(ex, $"Encountered {ex.Message} when processing {input.CustomerId}"); return(null); } finally { graphService = null; vaultService = null; } }
public async Task <List <SecureScore> > ConvertAsync(SecureScoreAttribute input, CancellationToken cancellationToken) { GraphService graphService; IVaultService vaultService; List <SecureScore> secureScore; string keyVaultEndpoint; try { keyVaultEndpoint = nameResolver.Resolve("KeyVaultEndpoint"); vaultService = new KeyVaultService(keyVaultEndpoint); graphService = new GraphService( new Uri(input.Resource), new ServiceCredentials( input.ApplicationId, await vaultService.GetSecretAsync(input.SecretName).ConfigureAwait(false), input.Resource, input.CustomerId)); secureScore = await graphService.GetSecureScoreAsync(int.Parse(input.Period, CultureInfo.CurrentCulture), cancellationToken).ConfigureAwait(false); return(secureScore); } catch (ServiceClientException ex) { log.LogError(ex, $"Encountered {ex} when processing {input.CustomerId}"); return(null); } finally { graphService = null; vaultService = null; } }
public async Task <PartnerServiceClient> ConvertAsync(PartnerServiceAttribute input, CancellationToken cancellationToken) { IVaultService vaultService; string keyVaultEndpoint; try { keyVaultEndpoint = nameResolver.Resolve("KeyVaultEndpoint"); vaultService = new KeyVaultService(keyVaultEndpoint); return(new PartnerServiceClient( new Uri(input.Endpoint), new ServiceCredentials( input.ApplicationId, await vaultService.GetSecretAsync(input.SecretName).ConfigureAwait(false), input.Resource, input.ApplicationTenantId), await GetPartnerHttpClientAsync(input.ApplicationTenantId).ConfigureAwait(false))); } finally { vaultService = null; } }
public void Configure(IWebHostBuilder builder) { builder.ConfigureServices((context, services) => { services.AddIdentity <TokketUser, FirebaseIdentityRole>(options => { options.Password.RequireDigit = false; options.Password.RequiredLength = 4; options.Password.RequireNonAlphanumeric = false; options.Password.RequireUppercase = false; options.Password.RequireLowercase = false; }) .AddDefaultTokenProviders(); // Identity Services services.AddTransient <IUserStore <TokketUser>, FirebaseUserStore <TokketUser> >(); services.AddTransient <IRoleStore <FirebaseIdentityRole>, FirebaseRoleStore <FirebaseIdentityRole> >(); services.AddScoped <IPasswordHasher <TokketUser>, CustomPasswordHasher>(); var fbsecret = KeyVaultService.GetSecretAsync("FacebookSecretKey", context.Configuration["FacebookSettings:SecretKey"]).GetAwaiter().GetResult(); var googlesecret = KeyVaultService.GetSecretAsync("GoogleSecretKey", context.Configuration["GoogleSettings:SecretKey"]).GetAwaiter().GetResult(); services.AddAuthentication() .AddFacebook(facebookOptions => { facebookOptions.AppId = context.Configuration["FacebookSettings:AppId"]; facebookOptions.AppSecret = fbsecret; facebookOptions.SaveTokens = true; facebookOptions.Scope.Add("public_profile"); }) .AddGoogle(googleOptions => { googleOptions.ClientId = context.Configuration["GoogleSettings:ClientId"]; googleOptions.ClientSecret = googlesecret; googleOptions.SaveTokens = true; googleOptions.Events = new OAuthEvents { OnCreatingTicket = gContext => { var identity = (ClaimsIdentity)gContext.Principal.Identity; var profileImg = gContext.User["image"].Value <string>("url"); identity.AddClaim(new Claim("profileImg", profileImg)); return(Task.FromResult(0)); } }; }); }); }
public async Task GetSecretTestAsync() { KeyVaultService service; string actual; try { service = new KeyVaultService(keyVaultClient, KeyVaultEndpoint); actual = await service.GetSecretAsync("UnitTest").ConfigureAwait(false); Assert.AreEqual("AmazingSecret", actual); } finally { service = null; } }
private async Task <IDocumentRepository <TEntity> > GetRepoAsync <TEntity>( string collectionId, string partitionKey = null) where TEntity : class { DocumentRepository <TEntity> repo; IVaultService keyVault; string authKey; string cosmosDbEndpoint; string keyVaultEndpoint; try { await Semaphore.WaitAsync().ConfigureAwait(false); if (!repos.ContainsKey(collectionId)) { cosmosDbEndpoint = nameResolver.Resolve("CosmosDbEndpoint"); keyVaultEndpoint = nameResolver.Resolve("KeyVaultEndpoint"); keyVault = new KeyVaultService(keyVaultEndpoint); authKey = await keyVault.GetSecretAsync(CosmsosDbAccessKey).ConfigureAwait(false); repo = new DocumentRepository <TEntity>( cosmosDbEndpoint, authKey, DatabaseId, collectionId, partitionKey); await repo.InitializeAsync().ConfigureAwait(false); repos[collectionId] = repo; } return(repos[collectionId] as IDocumentRepository <TEntity>); } finally { keyVault = null; Semaphore.Release(); } }
/// <summary> /// Initializes an instance of the <see cref="StorageService" /> class. /// </summary> /// <param name="keyVaultEndpoint">The Azure Key Vault endpoint address.</param> /// <returns>An instance of the <see cref="Task" /> class that represents the asynchronous operation.</returns> public async Task InitializeAsync(string keyVaultEndpoint) { IVaultService vaultSerivce; try { vaultSerivce = new KeyVaultService(keyVaultEndpoint); if (storageAccount == null) { if (!CloudStorageAccount.TryParse( await vaultSerivce.GetSecretAsync(StorageAccountConnectionStringName).ConfigureAwait(false), out storageAccount)) { throw new Exception("Unable to intialize the storage account. Please check the connection string setting."); } } } finally { vaultSerivce = null; } }