/// <summary> /// Initializes a new instance of the KeyVaultInternalClient class. /// </summary> /// <param name='credentials'> /// Required. Gets or sets the credential /// </param> /// <param name='httpClient'> /// The Http client /// </param> public KeyVaultInternalClient(KeyVaultCredential credentials, HttpClient httpClient) : this(httpClient) { if (credentials == null) { throw new ArgumentNullException("credentials"); } this._credentials = credentials; this._baseUri = null; this.Credentials.InitializeServiceClient(this); }
internal async Task <string> GetValueAsync(KeyVaultAttribute keyVaultAttribute, CancellationToken cancellationToken) { var key = $"{keyVaultAttribute.ConfigurationNodeName}-{keyVaultAttribute.SecretName}"; string value = null; Exception ex1 = null; await semaphoreSlim.WaitAsync(); try { value = valueCacheService.GetObject(key, keyVaultAttribute.CacheMinutes); if (value == null) { (string baseUrl, string clientId, string clientSecret) = KeyVaultAttributeSettingsService.GetSettings(keyVaultAttribute); KeyVaultClient keyVaultClient = keyVaultClientCacheService.GetObject(keyVaultAttribute.ConfigurationNodeName, keyVaultClientCacheMinutes); if (keyVaultClient == null) { KeyVaultCredential credentials = new KeyVaultCredential( new KeyVaultClient.AuthenticationCallback((authority, resource, scope) => GetAccessToken(clientId, clientSecret, authority, resource, scope)) ); keyVaultClient = new KeyVaultClient(credentials); keyVaultClientCacheService.SetObject(keyVaultAttribute.ConfigurationNodeName, keyVaultClient); } var result = await keyVaultClient.GetSecretAsync(baseUrl, keyVaultAttribute.SecretName, cancellationToken); var resultValue = result.Value; valueCacheService.SetObject(key, resultValue); return(resultValue); } } catch (Exception ex) { ex1 = ex; } finally { semaphoreSlim.Release(); } if (ex1 != null) { throw ex1; } return(value); }
/// <summary> /// Initializes a new instance of the KeyVaultInternalClient class. /// </summary> /// <param name='credentials'> /// Required. Gets or sets the credential /// </param> /// <param name='baseUri'> /// Optional. Gets the URI used as the base for all cloud service /// requests. /// </param> public KeyVaultInternalClient(KeyVaultCredential credentials, Uri baseUri) : this() { if (credentials == null) { throw new ArgumentNullException("credentials"); } if (baseUri == null) { throw new ArgumentNullException("baseUri"); } this._credentials = credentials; this._baseUri = baseUri; this.Credentials.InitializeServiceClient(this); }
/// <summary> /// Retrieve Key Vault data using Compound Identity (On-Behalf-Of) /// </summary> /// <returns></returns> private static async Task CompoundAccess(Settings settings) { // When using CompoundAccess, the consent to the Console.WriteLine("Acquire User token"); var clientApp = PublicClientApplicationBuilder.Create(settings.ClientId) .WithAuthority($"{settings.Instance}{settings.TenantId}") .WithRedirectUri("http://localhost") // Make sure the "http://localhost" is added and selected as the app Redirect URI .Build(); var resultUser = clientApp .AcquireTokenInteractive(new[] { settings.AppClientScope }) // Make sure the same scope name is created in "Exposed API" section for this app registration in azure portal .WithExtraScopesToConsent(new [] { KeyVaultUserImScope }) .WithPrompt(Prompt.Consent) .ExecuteAsync().Result; Console.WriteLine("Acquire Client token"); var clientApp2 = ConfidentialClientApplicationBuilder.Create(settings.ClientId) .WithAuthority($"{settings.Instance}{settings.TenantId}") .WithClientSecret(settings.ClientSecret) .Build(); var resultObo = clientApp2 .AcquireTokenOnBehalfOf( new[] { KeyVaultScope }, new UserAssertion(resultUser.AccessToken)) .ExecuteAsync().Result; Console.WriteLine("Access Key Vault"); var kc = new KeyVaultCredential( (authority, resource, scope) => { Console.WriteLine($"Authority: {authority}, Resource: {resource}, Scope: {scope}"); return(Task.FromResult(resultObo.AccessToken)); }); var kvClient = new KeyVaultClient(kc); var secretBundle = await kvClient.GetSecretAsync(settings.KeyVaultBaseUri, settings.SecretName); Console.WriteLine("Secret:" + secretBundle.Value); }
public CachedKeyVaultClient(KeyVaultCredential credential, System.Net.Http.HttpClient httpClient) : base(credential, httpClient) { }