// Get MSI access token
public string getToken(string endpoint = "management", string identity = null, bool JWTformat = false)
{
var Cred = new ManagedIdentityCredential(identity);
if (string.IsNullOrEmpty(endpoint))
{
endpoint = "management";
}
;
var Scope = new String[] { $"https://{endpoint}.azure.com" };
var Request = new TokenRequestContext(Scope);
try
{
var Token = Cred.GetToken(Request);
if (JWTformat)
{
var stream = Token.Token;
var handler = new JwtSecurityTokenHandler();
var jsonToken = handler.ReadToken(stream);
var tokenS = handler.ReadToken(stream) as JwtSecurityToken;
return(tokenS.ToString()); // decoded JSON Web Token
}
else
{
return(Token.Token); // encoded JWT token
}
} catch (Exception ex)
{
throw IdentityError(identity, ex);
}
}
public string GetAuthToken(Uri connectedUri)
{
var properScope = connectedUri.GetComponents(UriComponents.SchemeAndServer, UriFormat.UriEscaped);
var acessToken = managedIdentityCredential.GetToken(new TokenRequestContext(new[] { properScope }));
return(acessToken.Token);
}
public DbConnection GetConnection()
{
var sqlConnection = new SqlConnection(_connectionString);
var credential = new ManagedIdentityCredential();
var accessToken = credential.GetToken(new TokenRequestContext(_authenticationTokenScopes)).Token;
sqlConnection.AccessToken = accessToken;
return(sqlConnection);
}
//
//
// **** Cmdlet start ****
//
//
protected override void ProcessRecord()
{
var Cred = new ManagedIdentityCredential(identity);
var Scope = new String[] { $"https://{endpoint}.azure.com" };
var Request = new TokenRequestContext(Scope);
var Token = Cred.GetToken(Request);
if (jwtformat)
{
//WriteObject(Decode_JWT(Token.Token));
Array.ForEach(Decode_JWT(Token.Token), a => WriteObject(a));
}
else
{
WriteObject(Token.Token);
}
}
/// <summary>
/// Probe the specified secret using ManagedIdentityCredential, displaying metadata on success.
/// </summary>
/// <param name="vault">vault name</param>
/// <param name="secret">secret name</param>
/// <returns></returns>
public async Task <string> ProbeSecretWithManagedIdentityCredentialAsync(string vaultUri, string secretName)
{
string response;
try
{
ManagedIdentityCredential creds;
KeyVaultSecret secret;
try
{
// Get a credential representing the service's SF Application Identity
creds = new ManagedIdentityCredential();
// Throw away token to allow early failures
creds.GetToken(new TokenRequestContext(new[] { "https://vault.azure.net" }));
}
catch (CredentialUnavailableException e)
{
response = $"0x{e.HResult:X}: {e.Message} Encountered an exception accessing the service's managed identity. Was it deployed to Azure with an identity?";
Log(LogLevel.Info, response);
return(response);
}
try
{
SecretClient client = new SecretClient(new Uri(vaultUri), creds);
secret = (await client.GetSecretAsync(secretName)).Value;
response = PrintKeyVaultSecretMetadata(secret);
}
catch (RequestFailedException e)
{
response = $"0x{e.HResult:X}: Status={e.Status} {e.Message} Encountered an exception fetching secret {secretName} from vault {vaultUri}";
Log(LogLevel.Info, response);
}
}
catch (Exception e)
{
// handle generic errors here
response = $"0x{e.HResult:X}: {e.Message} Encountered an exception fetching secret {secretName} from vault {vaultUri}";
}
Log(LogLevel.Info, response);
return(response);
}
//
// Execute GetToken
//
public string Execute(string endpoint = "management", string identity = null, bool JWTformat = false)
{
// method start
var Cred = new ManagedIdentityCredential(identity);
if (String.IsNullOrEmpty(endpoint))
{
endpoint = "management";
}
var Scope = new String[] { $"https://{endpoint}.azure.com" };
var Request = new TokenRequestContext(Scope);
try
{
var Token = Cred.GetToken(Request);
return((JWTformat) ? Decode_JWT(Token.Token) : Token.Token);
} catch (Exception ex)
{
throw AzmiException.IDCheck(identity, ex, false);
}
}