async Task ClientCredentialsCertScenario()
{
X509Certificate2 certificate = GetCertificate();
AzureActiveDirectoryTokenProvider.AuthenticationCallback authCallback = async(audience, authority, state) =>
{
IConfidentialClientApplication app = ConfidentialClientApplicationBuilder.Create(ClientId)
.WithAuthority(authority)
.WithCertificate(certificate)
.Build();
var serviceBusAudience = new Uri("https://servicebus.azure.net");
var authResult = await app.AcquireTokenForClient(new string[] { $"{serviceBusAudience}/.default" }).ExecuteAsync();
return(authResult.AccessToken);
};
QueueClient qc = QueueClient.CreateWithAzureActiveDirectory(
new Uri($"sb://{ServiceBusNamespace}/"),
QueueName,
authCallback,
$"https://login.windows.net/{TenantId}");
await SendReceiveAsync(qc);
}
/// <summary>Creates an Azure Active Directory token provider.</summary>
/// <param name="authCallback">The authentication delegate to provide access token.</param>
/// <param name="authority">Address of the authority to issue token.</param>
/// <param name="state">State to be delivered to callback.</param>
/// <returns>The <see cref="TokenProvider" /> for returning Json web token.</returns>
public static TokenProvider CreateAzureActiveDirectoryTokenProvider(
AzureActiveDirectoryTokenProvider.AuthenticationCallback authCallback,
string authority = AzureActiveDirectoryTokenProvider.CommonAuthority,
object state = null)
{
Guard.ArgumentNotNull(nameof(authCallback), authCallback);
Guard.ArgumentNotNullOrWhiteSpace(nameof(authority), authority);
return(new AzureActiveDirectoryTokenProvider(authCallback, authority, state));
}
/// <param name="authCallback">The user defined authentication delegate to provide access token.</param>
/// <param name="authority">URL of the Azure Active Directory instance to issue token.</param>
/// <param name="state">Custom parameters that may be passed into the authentication delegate.</param>
/// <returns>The <see cref="Microsoft.Azure.ServiceBus.Primitives.TokenProvider" /> for returning Json web token.</returns>
public static TokenProvider CreateAzureActiveDirectoryTokenProvider(
AzureActiveDirectoryTokenProvider.AuthenticationCallback authCallback,
string authority,
object state = null)
{
if (authCallback == null)
{
throw new ArgumentNullException(nameof(authCallback));
}
return(new AzureActiveDirectoryTokenProvider(authCallback, authority, state));
}
public async Task UseITokenProviderWithAad()
{
var appAuthority = "";
var aadAppId = "";
var aadAppSecret = "";
AzureActiveDirectoryTokenProvider.AuthenticationCallback authCallback =
async(audience, authority, state) =>
{
var authContext = new AuthenticationContext(authority);
var cc = new ClientCredential(aadAppId, aadAppSecret);
var authResult = await authContext.AcquireTokenAsync(audience, cc);
return(authResult.AccessToken);
};
var tokenProvider = TokenProvider.CreateAzureActiveDirectoryTokenProvider(authCallback, appAuthority);
// Create new client with updated connection string.
await using (var scope = await EventHubScope.CreateAsync(1))
{
var connectionString = TestUtility.BuildEventHubsConnectionString(scope.EventHubName);
var csb = new EventHubsConnectionStringBuilder(connectionString);
var ehClient = EventHubClient.CreateWithTokenProvider(csb.Endpoint, csb.EntityPath, tokenProvider);
// Send one event
TestUtility.Log($"Sending one message.");
var ehSender = ehClient.CreatePartitionSender("0");
var eventData = new EventData(Encoding.UTF8.GetBytes("Hello EventHub!"));
await ehSender.SendAsync(eventData);
// Receive event.
PartitionReceiver ehReceiver = null;
try
{
TestUtility.Log($"Receiving one message.");
ehReceiver = ehClient.CreateReceiver(PartitionReceiver.DefaultConsumerGroupName, "0", EventPosition.FromStart());
var msg = await ehReceiver.ReceiveAsync(1);
Assert.True(msg != null, "Failed to receive message.");
}
finally
{
await ehReceiver?.CloseAsync();
}
}
}
/// <summary>Creates a new instance of the
/// <see cref="EventHubClient" /> by using Azure Active Directory authentication.</summary>
/// <param name="endpointAddress">Fully qualified domain name for Event Hubs. Most likely, {yournamespace}.servicebus.windows.net</param>
/// <param name="path">The path to the Event Hub.</param>
/// <param name="authCallback">The authentication callback.</param>
/// <param name="authority">Address of the authority to issue token.</param>
/// <param name="operationTimeout">Operation timeout for Event Hubs operations.</param>
/// <param name="transportType">Transport type on connection.</param>
/// <returns>The newly created Event Hub client object.</returns>
public static EventHubClient CreateWithAzureActiveDirectory(
Uri endpointAddress,
string path,
AzureActiveDirectoryTokenProvider.AuthenticationCallback authCallback,
string authority = AzureActiveDirectoryTokenProvider.CommonAuthority,
TimeSpan?operationTimeout = null,
TransportType transportType = TransportType.Amqp)
{
TokenProvider tokenProvider = TokenProvider.CreateAzureActiveDirectoryTokenProvider(authCallback, authority);
return(CreateWithTokenProvider(
endpointAddress,
path,
tokenProvider,
operationTimeout,
transportType));
}
/// <summary>
/// Creates an <see cref="AzureActiveDirectoryTokenProvider"/> using interactive login. If no redirect url is provided <see cref="DefaultAzureCredential"/> is used.
/// </summary>
/// <param name="redirectUri">The uri to redirect to after interactive login</param>
/// <returns><see cref="AzureActiveDirectoryTokenProvider"/></returns>
public AzureActiveDirectoryTokenProvider WithInteractive(string redirectUri, Action <DefaultAzureCredentialOptions> optBuilder = null)
{
AzureActiveDirectoryTokenProvider.AuthenticationCallback authCallback = async(audience, authority, state) =>
{
if (string.IsNullOrWhiteSpace(redirectUri))
{
return((await GetTokenFromDefaultAzureCredential(optBuilder)).Token);
}
IConfidentialClientApplication app = ConfidentialClientApplicationBuilder.Create(_clientId)
.WithRedirectUri(redirectUri)
.Build();
var authResult = await app.AcquireTokenForClient(_requestContext.Scopes).ExecuteAsync();
return(authResult.AccessToken);
};
return(new AzureActiveDirectoryTokenProvider(authCallback, "", null));
}
public async Task CreateWithAzureActiveDirectory()
{
await using var scope = await EventHubScope.CreateAsync(1);
#region Snippet:EventHubs_Migrate_T1_CreateWithAzureActiveDirectory
#if SNIPPET
var fullyQualifiedNamespace = "<< NAMESPACE (likely similar to {your-namespace}.servicebus.windows.net) >>";
var eventHubName = "<< NAME OF THE EVENT HUB >>";
var authority = "<< NAME OF THE AUTHORITY TO ASSOCIATE WITH THE TOKEN >>";
var aadAppId = "<< THE AZURE ACTIVE DIRECTORY APPLICATION ID TO REQUEST A TOKEN FOR >>";
var aadAppSecret = "<< THE AZURE ACTIVE DIRECTORY SECRET TO USE FOR THE TOKEN >>";
#else
var fullyQualifiedNamespace = new EventHubsConnectionStringBuilder(TestUtility.EventHubsConnectionString).Endpoint.ToString();
var eventHubName = scope.EventHubName;
var authority = ""; // Needed for manual run
var aadAppId = ""; // Needed for manual run
var aadAppSecret = ""; // Needed for manual run
#endif
AzureActiveDirectoryTokenProvider.AuthenticationCallback authCallback =
async(audience, authority, state) =>
{
var authContext = new AuthenticationContext(authority);
var clientCredential = new ClientCredential(aadAppId, aadAppSecret);
AuthenticationResult authResult = await authContext.AcquireTokenAsync(audience, clientCredential);
return(authResult.AccessToken);
};
EventHubClient client = EventHubClient.CreateWithAzureActiveDirectory(
new Uri(fullyQualifiedNamespace),
eventHubName,
authCallback,
authority);
#endregion
client.Close();
}
/// <summary>
/// Creates an <see cref="AzureActiveDirectoryTokenProvider"/> using a certificate. If no thumbprint is provided <see cref="DefaultAzureCredential"/> is used.
/// </summary>
/// <param name="thumbPrint">The thumbprint of the certificate to use for authentication</param>
/// <param name="authority">A URL that indicates a directory that MSAL can request tokens from. For example, https://login.microsoftonline.com/{AzureADTenantID}/
/// <param name="validCertsOnly">Indicates if only valid certificates are can be found and used from the X509 cert store. If using self-signed certs, this value should be false.</param>
/// <returns><see cref="AzureActiveDirectoryTokenProvider"/></returns>
public AzureActiveDirectoryTokenProvider WithCert(string thumbPrint, string authority, bool validCertsOnly, Action <DefaultAzureCredentialOptions> optBuilder = null)
{
AzureActiveDirectoryTokenProvider.AuthenticationCallback authCallback = async(audience, authority, state) =>
{
if (string.IsNullOrWhiteSpace(thumbPrint))
{
return((await GetTokenFromDefaultAzureCredential(optBuilder)).Token);
}
var cert = GetCertificate(thumbPrint, validCertsOnly);
IConfidentialClientApplication app = ConfidentialClientApplicationBuilder.Create(_clientId)
.WithAuthority(authority)
.WithCertificate(cert)
.Build();
var authResult = await app.AcquireTokenForClient(_requestContext.Scopes).ExecuteAsync();
return(authResult.AccessToken);
};
return(new AzureActiveDirectoryTokenProvider(authCallback, authority ?? "", null));
}
async Task UserInteractiveLoginScenario()
{
AzureActiveDirectoryTokenProvider.AuthenticationCallback authCallback = async(audience, authority, state) =>
{
var app = PublicClientApplicationBuilder.Create(ClientId)
.WithRedirectUri(ConfigurationManager.AppSettings["redirectURI"])
.Build();
var serviceBusAudience = new Uri("https://servicebus.azure.net");
var authResult = await app.AcquireTokenInteractive(new string[] { $"{serviceBusAudience}/.default" }).ExecuteAsync();
return(authResult.AccessToken);
};
QueueClient qc = QueueClient.CreateWithAzureActiveDirectory(
new Uri($"sb://{ServiceBusNamespace}/"),
QueueName,
authCallback,
$"https://login.windows.net/{TenantId}");
await SendReceiveAsync(qc);
}
