Пример #1
0
        public async static Task <ClientContext> GetClientContextAsync(string siteUrl)
        {
            string tenantName = new Uri(siteUrl).Host.Replace(".sharepoint.com", "");
            string authority  = $"https://login.microsoftonline.com/{tenantName}.onmicrosoft.com/oaut/token2";
            string resource   = $"https://{tenantName}.sharepoint.com/";

            string           clientId    = string.Empty;
            X509Certificate2 certificate = null;

            using (KeyVaultService keyVault = new KeyVaultService())
            {
                clientId = await keyVault.GetSecretAsync(Constants.SharePointClientId);

                var certPfx = await keyVault.GetSecretAsync(Constants.SharePointCert);

                certificate = new X509Certificate2(
                    Convert.FromBase64String(certPfx),
                    (string)null,
                    X509KeyStorageFlags.MachineKeySet);
            }

            var authenticationContext       = new AuthenticationContext(authority, false);
            AuthenticationResult authResult = await authenticationContext.AcquireTokenAsync(
                resource,
                new ClientAssertionCertificate(clientId, certificate));

            var ctx = new ClientContext(siteUrl);

            ctx.ExecutingWebRequest += (s, e) =>
            {
                e.WebRequestExecutor.RequestHeaders["Authorization"] = $"Bearer {authResult.AccessToken}";
            };

            return(ctx);
        }
Пример #2
0
        private static async Task <IDocumentRepository <TEntity> > GetRepoAsync <TEntity>(
            string collectionId,
            string cosmosDbEndpoint,
            string keyVaultEndpoint) where TEntity : class
        {
            DocumentRepository <TEntity> repo;
            KeyVaultService keyVault;
            string          authKey;

            try
            {
                if (!repos.ContainsKey(collectionId))
                {
                    keyVault = new KeyVaultService(keyVaultEndpoint);
                    authKey  = await keyVault.GetSecretAsync(CosmsosDbAccessKey).ConfigureAwait(false);

                    repo = new DocumentRepository <TEntity>(
                        cosmosDbEndpoint,
                        authKey,
                        DatabaseId,
                        collectionId);

                    await repo.InitializeAsync().ConfigureAwait(false);

                    repos[collectionId] = repo;
                }

                return(repos[collectionId] as IDocumentRepository <TEntity>);
            }
            finally
            {
                keyVault = null;
            }
        }
Пример #3
0
        public async Task <List <Alert> > ConvertAsync(SecurityAlertsAttribute input, CancellationToken cancellationToken)
        {
            GraphService  graphService;
            IVaultService vaultService;
            List <Alert>  alerts;

            try
            {
                vaultService = new KeyVaultService(input.KeyVaultEndpoint);

                graphService = new GraphService(new Uri(input.Resource),
                                                new ServiceCredentials(
                                                    input.ApplicationId,
                                                    await vaultService.GetSecretAsync(input.SecretName).ConfigureAwait(false),
                                                    input.Resource,
                                                    input.CustomerId));

                alerts = await graphService.GetAlertsAsync().ConfigureAwait(false);

                return(alerts);
            }
            catch (ServiceClientException ex)
            {
                log.LogError(ex, $"Encountered {ex.Message} when processing {input.CustomerId}");
                return(null);
            }
            finally
            {
                graphService = null;
                vaultService = null;
            }
        }
Пример #4
0
        public async Task <List <SecureScore> > ConvertAsync(SecureScoreAttribute input, CancellationToken cancellationToken)
        {
            GraphService       graphService;
            IVaultService      vaultService;
            List <SecureScore> secureScore;
            string             keyVaultEndpoint;

            try
            {
                keyVaultEndpoint = nameResolver.Resolve("KeyVaultEndpoint");
                vaultService     = new KeyVaultService(keyVaultEndpoint);

                graphService = new GraphService(
                    new Uri(input.Resource),
                    new ServiceCredentials(
                        input.ApplicationId,
                        await vaultService.GetSecretAsync(input.SecretName).ConfigureAwait(false),
                        input.Resource,
                        input.CustomerId));

                secureScore = await graphService.GetSecureScoreAsync(int.Parse(input.Period, CultureInfo.CurrentCulture), cancellationToken).ConfigureAwait(false);

                return(secureScore);
            }
            catch (ServiceClientException ex)
            {
                log.LogError(ex, $"Encountered {ex} when processing {input.CustomerId}");
                return(null);
            }
            finally
            {
                graphService = null;
                vaultService = null;
            }
        }
Пример #5
0
        public async Task <PartnerServiceClient> ConvertAsync(PartnerServiceAttribute input, CancellationToken cancellationToken)
        {
            IVaultService vaultService;
            string        keyVaultEndpoint;

            try
            {
                keyVaultEndpoint = nameResolver.Resolve("KeyVaultEndpoint");
                vaultService     = new KeyVaultService(keyVaultEndpoint);


                return(new PartnerServiceClient(
                           new Uri(input.Endpoint),
                           new ServiceCredentials(
                               input.ApplicationId,
                               await vaultService.GetSecretAsync(input.SecretName).ConfigureAwait(false),
                               input.Resource,
                               input.ApplicationTenantId),
                           await GetPartnerHttpClientAsync(input.ApplicationTenantId).ConfigureAwait(false)));
            }
            finally
            {
                vaultService = null;
            }
        }
Пример #6
0
        public void Configure(IWebHostBuilder builder)
        {
            builder.ConfigureServices((context, services) => {
                services.AddIdentity <TokketUser, FirebaseIdentityRole>(options =>
                {
                    options.Password.RequireDigit           = false;
                    options.Password.RequiredLength         = 4;
                    options.Password.RequireNonAlphanumeric = false;
                    options.Password.RequireUppercase       = false;
                    options.Password.RequireLowercase       = false;
                })
                .AddDefaultTokenProviders();

                // Identity Services
                services.AddTransient <IUserStore <TokketUser>, FirebaseUserStore <TokketUser> >();
                services.AddTransient <IRoleStore <FirebaseIdentityRole>, FirebaseRoleStore <FirebaseIdentityRole> >();
                services.AddScoped <IPasswordHasher <TokketUser>, CustomPasswordHasher>();

                var fbsecret     = KeyVaultService.GetSecretAsync("FacebookSecretKey", context.Configuration["FacebookSettings:SecretKey"]).GetAwaiter().GetResult();
                var googlesecret = KeyVaultService.GetSecretAsync("GoogleSecretKey", context.Configuration["GoogleSettings:SecretKey"]).GetAwaiter().GetResult();

                services.AddAuthentication()
                .AddFacebook(facebookOptions =>
                {
                    facebookOptions.AppId      = context.Configuration["FacebookSettings:AppId"];
                    facebookOptions.AppSecret  = fbsecret;
                    facebookOptions.SaveTokens = true;
                    facebookOptions.Scope.Add("public_profile");
                })
                .AddGoogle(googleOptions =>
                {
                    googleOptions.ClientId     = context.Configuration["GoogleSettings:ClientId"];
                    googleOptions.ClientSecret = googlesecret;
                    googleOptions.SaveTokens   = true;
                    googleOptions.Events       = new OAuthEvents
                    {
                        OnCreatingTicket = gContext =>
                        {
                            var identity   = (ClaimsIdentity)gContext.Principal.Identity;
                            var profileImg = gContext.User["image"].Value <string>("url");
                            identity.AddClaim(new Claim("profileImg", profileImg));
                            return(Task.FromResult(0));
                        }
                    };
                });
            });
        }
Пример #7
0
        public async Task GetSecretTestAsync()
        {
            KeyVaultService service;
            string          actual;

            try
            {
                service = new KeyVaultService(keyVaultClient, KeyVaultEndpoint);

                actual = await service.GetSecretAsync("UnitTest").ConfigureAwait(false);

                Assert.AreEqual("AmazingSecret", actual);
            }
            finally
            {
                service = null;
            }
        }
Пример #8
0
        private async Task <IDocumentRepository <TEntity> > GetRepoAsync <TEntity>(
            string collectionId,
            string partitionKey = null) where TEntity : class
        {
            DocumentRepository <TEntity> repo;
            IVaultService keyVault;
            string        authKey;
            string        cosmosDbEndpoint;
            string        keyVaultEndpoint;

            try
            {
                await Semaphore.WaitAsync().ConfigureAwait(false);

                if (!repos.ContainsKey(collectionId))
                {
                    cosmosDbEndpoint = nameResolver.Resolve("CosmosDbEndpoint");
                    keyVaultEndpoint = nameResolver.Resolve("KeyVaultEndpoint");

                    keyVault = new KeyVaultService(keyVaultEndpoint);
                    authKey  = await keyVault.GetSecretAsync(CosmsosDbAccessKey).ConfigureAwait(false);

                    repo = new DocumentRepository <TEntity>(
                        cosmosDbEndpoint,
                        authKey,
                        DatabaseId,
                        collectionId,
                        partitionKey);

                    await repo.InitializeAsync().ConfigureAwait(false);

                    repos[collectionId] = repo;
                }

                return(repos[collectionId] as IDocumentRepository <TEntity>);
            }
            finally
            {
                keyVault = null;

                Semaphore.Release();
            }
        }
Пример #9
0
        /// <summary>
        /// Initializes an instance of the <see cref="StorageService" /> class.
        /// </summary>
        /// <param name="keyVaultEndpoint">The Azure Key Vault endpoint address.</param>
        /// <returns>An instance of the <see cref="Task" /> class that represents the asynchronous operation.</returns>
        public async Task InitializeAsync(string keyVaultEndpoint)
        {
            IVaultService vaultSerivce;

            try
            {
                vaultSerivce = new KeyVaultService(keyVaultEndpoint);

                if (storageAccount == null)
                {
                    if (!CloudStorageAccount.TryParse(
                            await vaultSerivce.GetSecretAsync(StorageAccountConnectionStringName).ConfigureAwait(false),
                            out storageAccount))
                    {
                        throw new Exception("Unable to intialize the storage account. Please check the connection string setting.");
                    }
                }
            }
            finally
            {
                vaultSerivce = null;
            }
        }