public KeyVaultClient(HttpClient httpClient = null, NonInteractiveAzureServiceTokenProviderBase tokenProvider = null)
{
_httpClient = httpClient ?? new HttpClient();
_tokenProvider = tokenProvider;
}
/// <summary>
/// This method is for testing only
/// </summary>
internal AzureServiceTokenProvider(NonInteractiveAzureServiceTokenProviderBase accessTokenProvider)
{
_selectedAccessTokenProvider = accessTokenProvider;
}
/// <summary>
/// This is the core method to get a token. It checks if the token is in cache, and if so, returns it.
/// If not in cache, asks one or more token providers to get the token.
/// </summary>
/// <param name="authority"></param>
/// <param name="resource"></param>
/// <param name="scope"></param>
/// <returns></returns>
private async Task <AppAuthenticationResult> GetAuthResultAsyncImpl(string resource, string authority,
CancellationToken cancellationToken = default(CancellationToken))
{
// Check if the auth result is present in cache, for the given connection string, authority, and resource
// This is an in-memory global cache, that will be used across instances of this class.
string cacheKey = $"ConnectionString:{_connectionString};Authority:{authority};Resource:{resource}";
Tuple <AppAuthenticationResult, Principal> cachedAuthResult = AppAuthResultCache.Get(cacheKey);
if (cachedAuthResult != null)
{
_principalUsed = cachedAuthResult.Item2;
return(cachedAuthResult.Item1);
}
// If not in cache, lock. One of multiple threads that reach here will be allowed to get the token.
// When the first thread gets the token, another thread will be let in the lock.
await Semaphore.WaitAsync().ConfigureAwait(false);
// This is to store the list of exceptions while trying to get the token.
List <Exception> exceptions = new List <Exception>();
try
{
// Check again if the auth result is in the cache now, the first thread may have gotten it.
cachedAuthResult = AppAuthResultCache.Get(cacheKey);
if (cachedAuthResult != null)
{
_principalUsed = cachedAuthResult.Item2;
return(cachedAuthResult.Item1);
}
// If the auth result was not in cache, try to get it
List <NonInteractiveAzureServiceTokenProviderBase> tokenProviders = GetTokenProviders();
// Try to get the token using the selected providers
foreach (var tokenProvider in tokenProviders)
{
try
{
// Get the auth result, add to the cache, and return the auth result.
var authResult = await tokenProvider.GetAuthResultAsync(resource, authority, cancellationToken)
.ConfigureAwait(false);
// Set the token provider to the one that worked.
// Future calls to get token in this instance will directly use this provider.
_selectedAccessTokenProvider = tokenProvider;
_principalUsed = tokenProvider.PrincipalUsed;
AppAuthResultCache.AddOrUpdate(cacheKey,
new Tuple <AppAuthenticationResult, Principal>(authResult, tokenProvider.PrincipalUsed));
return(authResult);
}
catch (AzureServiceTokenProviderException exp)
{
exceptions.Add(exp);
}
}
}
finally
{
// Whichever way the try block exits, the semaphore must be released.
Semaphore.Release();
}
// Throw exception so that the caller knows why the token could not be acquired.
if (exceptions.Count == 1)
{
throw exceptions.First();
}
string message = $"Tried the following {exceptions.Count} methods to get an access token, but none of them worked.{Environment.NewLine}";
foreach (var exception in exceptions)
{
message += $"{exception.Message}{Environment.NewLine}";
}
throw new AzureServiceTokenProviderException(null, resource, authority, message);
}
internal KeyVaultClient(HttpClient httpClient, NonInteractiveAzureServiceTokenProviderBase tokenProvider = null) : this(0, httpClient, tokenProvider)
{
}
internal KeyVaultClient(int msiRetryTimeoutInSeconds = 0, HttpClient httpClient = null, NonInteractiveAzureServiceTokenProviderBase tokenProvider = null)
{
_msiRetryTimeoutInSeconds = msiRetryTimeoutInSeconds;
_httpClient = httpClient ?? new HttpClient();
_tokenProvider = tokenProvider;
}
internal KeyVaultClient(HttpClient httpClient, NonInteractiveAzureServiceTokenProviderBase tokenProvider = null, string managedIdentityClientId = null) : this(0, managedIdentityClientId, httpClient, tokenProvider)
{
}
internal KeyVaultClient(int msiRetryTimeoutInSeconds = 0, string managedIdentityClientId = null, HttpClient httpClient = null, NonInteractiveAzureServiceTokenProviderBase tokenProvider = null)
{
_msiRetryTimeoutInSeconds = msiRetryTimeoutInSeconds;
#if NETSTANDARD1_4 || net452 || net461
_httpClient = httpClient ?? new HttpClient();
#else
_httpClient = httpClient ?? new HttpClient(new HttpClientHandler()
{
CheckCertificateRevocationList = true
});
#endif
_tokenProvider = tokenProvider;
_managedIdentityClientId = managedIdentityClientId;
}
