public async Task <IActionResult> OnPostAsync()
{
if (!ModelState.IsValid)
{
return(Page());
}
// Azure key vault password retrieval happens here, it did not work with OnGetAsync(), the global variable did not hold the password
string password = "";
try {
AzureServiceTokenProvider azureServiceTokenProvider = new AzureServiceTokenProvider();
KeyVaultClient keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
SecretBundle secret = await keyVaultClient.GetSecretAsync("https://Key-Vault-11223344.vault.azure.net/secrets/GmailPassword").ConfigureAwait(false);
password = secret.Value;
} catch (KeyVaultErrorException e) {
Message = e.Message;
}
if (string.IsNullOrEmpty(password))
{
Message = "Website is experiencing technical difficulties.";
return(Page());
}
// Initiating the mail and sending it
MailAddress fromAddress = new MailAddress(Emails.fromEmailAddress, "No Reply");
MailAddress toAddress = new MailAddress(Emails.toEmailAddress);
SmtpClient smtp = new SmtpClient {
Host = "smtp.gmail.com",
Port = 587,
EnableSsl = true,
DeliveryMethod = SmtpDeliveryMethod.Network,
UseDefaultCredentials = false,
Credentials = new NetworkCredential(fromAddress.Address, password)
};
using MailMessage msg = new MailMessage(fromAddress, toAddress)
{
Subject = $"Message from {Contact.Name} with subject: {Contact.Subject}",
Body = Contact.Message
};
await smtp.SendMailAsync(msg);
msg.Dispose(); // Probably isn't necessary
smtp.Dispose();
return(RedirectToPage("Index"));
}
/// <summary>
/// Retrieves secrets from keyvault
/// </summary>
/// <param name="secretIdentifier">Secret Identifier (e.g. http://kvname.valut.azure.net/secrets/secretname..... )</param>
/// <returns></returns>
public string GetSecret(string secretIdentifier)
{
if (IsTokenExpired)
{
AuthToken = null;
}
Task <SecretBundle> GHUserName = Task.Run(async() => await KVClient.GetSecretAsync(secretIdentifier).ConfigureAwait(false));
SecretBundle sb = GHUserName.Result;
return(sb.Value);
}
public void GettingASecret()
{
var endpoint = TestEnvironment.KeyVaultUri;
#region Snippet:GetSecret
var client = new MiniSecretClient(new Uri(endpoint), new DefaultAzureCredential());
SecretBundle secret = client.GetSecret("TestSecret");
Console.WriteLine(secret.Value);
#endregion
}
public string GetKey(SecretBundle secret)
{
// Remove the prefix from the secret name and replace two
// dashes in any name with the KeyDelimiter, which is the
// delimiter used in configuration (usually a colon). Azure
// Key Vault doesn't allow a colon in secret names.
var isCommonSecret = secret.SecretIdentifier.Name.StartsWith(CommonPrefix);
var prefix = isCommonSecret ? CommonPrefix : _prefix;
var secretName = secret.SecretIdentifier.Name.Substring(prefix.Length);
return(secretName.Replace("--", ConfigurationPath.KeyDelimiter));
}
public static RSA CreateRSAKeysAndSaveInVault(KeyVaultClient keyVaultClient, string vaultBaseUrl, string keyName)
{
//Generate teh RSA Key
RSA rsaKeys = RSA.Create(2048);
Microsoft.Azure.KeyVault.WebKey.JsonWebKey rsaKeysJson = new Microsoft.Azure.KeyVault.WebKey.JsonWebKey(rsaKeys, true);
//save as KV Secret both public / private part of the Keys
SecretBundle keySetResult = keyVaultClient.SetSecretAsync(vaultBaseUrl, $"key-{keyName}", rsaKeysJson.ToString()).Result;
return(rsaKeys);
}
static void Main(string[] args)
{
string keyVaultRoot = "https://PROVIDE.vault.azure.net/secrets/";
var azureServiceTokenProvider = new AzureServiceTokenProvider();
var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
SecretBundle secretBundle = keyVaultClient.GetSecretAsync($"{keyVaultRoot}Secret1").Result;
var secretValue = secretBundle.Value;
}
private async Task GitSetupAsync()
{
AzureServiceTokenProvider azureServiceTokenProvider = new AzureServiceTokenProvider();
KeyVaultClient keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
SecretBundle secretBundle = await keyVaultClient.GetSecretAsync(_secretUri).ConfigureAwait(false);
var productInformation = new ProductHeaderValue("MLGitHubLabeler");
_client = new GitHubClient(productInformation)
{
Credentials = new Credentials(secretBundle.Value)
};
}
private async Task <string> GetSecretFromURIAsync(string secretURI)
{
SecretBundle sec = await vault.GetSecretAsync(secretURI);
if (sec.ContentType.Equals("base64String"))
{
return(Encoding.UTF8.GetString(Convert.FromBase64String(sec.Value)));
}
else
{
return(sec.Value);
}
}
static void getMySecret(IConfiguration config, KeyVaultClient keyVault)
{
// To-Do Make sure secretURI is not null or other possible exceptions
string mySecretURI = config.GetSection("mySecret").Value;
try{
SecretBundle secret = keyVault.GetSecretAsync(mySecretURI).GetAwaiter().GetResult();
Console.WriteLine(secret.Value);
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}
public async Task <ActionResult> Secret()
{
string keyVaultEndPoint = ConfigurationManager.AppSettings["KeyVaultEndPoint"];
KeyVaultClient.AuthenticationCallback callback = new KeyVaultClient.AuthenticationCallback(GetToken);
KeyVaultClient keyVaultClient = new KeyVaultClient(callback);
SecretBundle secretBundle = await keyVaultClient.GetSecretAsync(keyVaultEndPoint, "keyvault-secret").ConfigureAwait(false);
ViewBag.Message = secretBundle.Value;
return(View());
}
private X509Certificate2 GetTokenCertificate()
{
if (string.IsNullOrEmpty(keyVaultSettings.ClientId) || string.IsNullOrEmpty(keyVaultSettings.ClientSecret))
{
return(new X509Certificate2(certSettings.CertificatePath, certSettings.CertificatePwd));
}
KeyVaultClient client = KeyVaultSettings.GetClient(keyVaultSettings.ClientId, keyVaultSettings.ClientSecret);
CertificateBundle certificate = client.GetCertificateAsync(keyVaultSettings.SecretUri, certSettings.CertificateName).GetAwaiter().GetResult();
SecretBundle secret = client.GetSecretAsync(certificate.SecretIdentifier.Identifier).GetAwaiter().GetResult();
byte[] pfxBytes = Convert.FromBase64String(secret.Value);
return(new X509Certificate2(pfxBytes));
}
public async Task <string> GetSecretAsync(string secretUri)
{
try
{
SecretBundle secretValue = await _keyVaultClient.GetSecretAsync($"{GetKeyVaultServiceURL()}/secrets/{secretUri}");
return(secretValue.Value);
}
catch (Exception e)
{
Console.WriteLine(e);
}
return(string.Empty);
}
private static async Task <string> GetPublicKeyAsync(string secretIdentifier)
{
if (!secrects.ContainsKey(secretIdentifier))
{
var azureServiceTokenProvider = new AzureServiceTokenProvider();
var authenticationCallback = new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback);
var kvClient = new KeyVaultClient(authenticationCallback, client);
SecretBundle secretBundle = await kvClient.GetSecretAsync(secretIdentifier);
secrects[secretIdentifier] = secretBundle.Value;
}
return(secrects[secretIdentifier]);
}
private static async Task <string> GetPrivateKeyAsync(string secretIdentifier)
{
if (!secrects.ContainsKey(secretIdentifier))
{
var azureServiceTokenProvider = new AzureServiceTokenProvider();
var authenticationCallback = new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback);
var kvClient = new KeyVaultClient(authenticationCallback, client);
SecretBundle secretBundle = await kvClient.GetSecretAsync(secretIdentifier);
byte[] data = Convert.FromBase64String(secretBundle.Value);
secrects[secretIdentifier] = Encoding.UTF8.GetString(data);
}
return(secrects[secretIdentifier]);
}
public async Task Invoke(HttpContext context)
{
if (context.Request.Path.HasValue && rgxKey.IsMatch(context.Request.Path))
{
var key = rgxKey.Match(context.Request.Path).Groups[1].Value;
if (!string.IsNullOrEmpty(_config.GetValue <string>($"KeyVaultValues:{key}")))
{
var bundle = new SecretBundle(value: _config.GetValue <string>($"KeyVaultValues:{key}"));
await context.Response.WriteAsync(JsonConvert.SerializeObject(bundle));
}
}
await _next.Invoke(context);
}
// Use Cert to access AKV
private static async Task <string> RetrieveSecretAsync(string akvBaseUrl, string clientId, X509Certificate2 cert, string secretName)
{
var assertionCert = new ClientAssertionCertificate(clientId, cert);
var kvClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(async(authority, resource, scope) =>
{
var context = new AuthenticationContext(authority, TokenCache.DefaultShared);
var result = await context.AcquireTokenAsync(resource, assertionCert);
return(result.AccessToken);
}));
SecretBundle secretBundle = await kvClient.GetSecretAsync(akvBaseUrl, secretName);
return(secretBundle != null ? secretBundle.Value : null);
}
private async Task <CloudBlobClient> GetCloudBlobClientAsync()
{
var secretName = "storageKey";
SecretBundle secretBundle = null;
// TODO: Need to cache this
secretBundle = await _keyVaultClient.GetSecretAsync(_keyVaultUrl, secretName)
.ConfigureAwait(false);
var creds = new StorageCredentials(_storageAccountName, secretBundle.Value);
var blobClient = new CloudBlobClient(new Uri(_storageAccountUrl), creds);
return(blobClient);
}
public async Task CreateSecret(VehiclePolicies policydata)
{
// Create the content for the Policy data to be stored as Secret
Insdata akvdata = new Insdata {
Id = policydata.Id, Inscompany = policydata.Inscompany,
Policyno = policydata.Policyno, Userid = policydata.Userid, Vehicleno = policydata.Vehicleno
};
//Create a JSON String of the Policy data to be stored as Secret
string insurancepolicysecret = JsonConvert.SerializeObject(akvdata);
byte[] datatoencrypt = System.Text.Encoding.UTF8.GetBytes(insurancepolicysecret);
string keyUri = string.Format("https://{0}.vault.azure.net/keys/{1}", _keyVaultName, _keyName);
string keyVaultUri = string.Format("https://{0}.vault.azure.net", _keyVaultName);
//Encrypt the data before it is stored as a Secret
KeyOperationResult result = await _keyVaultClient.EncryptAsync(keyUri, JsonWebKeyEncryptionAlgorithm.RSAOAEP256,
datatoencrypt);
byte[] encdata = result.Result;
string encrypteddata = Convert.ToBase64String(encdata);
//Set the Policy Start and Expiry Data to be added as attributes to the secret
SecretAttributes attribs = new SecretAttributes
{
Enabled = true,
Expires = DateTime.UtcNow.AddYears(1),
NotBefore = DateTime.UtcNow
};
IDictionary <string, string> alltags = new Dictionary <string, string>
{
{ "InsuranceCompany", policydata.Inscompany }
};
string contentType = "DigitalInsurance";
// Create a Secret with the encrypted Policy data
SecretBundle bundle = await _keyVaultClient.SetSecretAsync(keyVaultUri, policydata.Uidname,
encrypteddata, alltags, contentType, attribs);
string bundlestr = bundle.Value;
policydata.Version = bundle.SecretIdentifier.Version;
policydata.Lastmod = bundle.Attributes.Updated;
policydata.Startdate = bundle.Attributes.NotBefore;
policydata.Enddate = bundle.Attributes.Expires;
}
private async Task <SecretBundle> GetSecretFromVault(string secretName)
{
var secretIdentifier = _keyVaultPath + "secrets/" + secretName + "/";
try
{
SecretBundle secret = await _keyVaultClient.GetSecretAsync(secretIdentifier);
return(secret);
}
catch (Exception ex)
{
Debug.Write(ex.ToString());
}
return(null);
}
public RegistrationController()
{
// Initialize the KeyVaultClient
// The AzureServiceTokenProvider allows us to access the KeyVault using the
// application's Managed Service Identity
_azureServiceTokenProvider = new AzureServiceTokenProvider();
_keyVaultClient = new KeyVaultClient(
new KeyVaultClient.AuthenticationCallback(
_azureServiceTokenProvider.KeyVaultTokenCallback));
SecretBundle clientID = _keyVaultClient.GetSecretAsync(ConfigurationManager.AppSettings["KEYVAULT_ENDPOINT"], CLIENT_ID).Result;
SecretBundle clientSecret = _keyVaultClient.GetSecretAsync(ConfigurationManager.AppSettings["KEYVAULT_ENDPOINT"], CLIENT_SECRET).Result;
_registrationService = new RegistrationService(ConfigurationManager.AppSettings["TableStorageConnectionString"]);
_appService = new AppService(ConfigurationManager.AppSettings["TENANT"], clientID.Value, clientSecret.Value);
_subscriptionService = new SubscriptionService(ConfigurationManager.AppSettings["APIMUrl"], ConfigurationManager.AppSettings["APIMIdentifier"], ConfigurationManager.AppSettings["APIMKey"]);
}
internal static async Task <X509Certificate2> GetCertificateFromKeyvault(string certName)
{
AzureServiceTokenProvider azureServiceTokenProvider = new AzureServiceTokenProvider();
string keyVaultName = System.Environment.GetEnvironmentVariable("KeyVaultName", EnvironmentVariableTarget.Process);
KeyVaultClient keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
SecretBundle kvSecret = await keyVaultClient.GetSecretAsync($"https://{keyVaultName}.vault.azure.net/secrets/{certName}");
X509Certificate2 certificate = new X509Certificate2(Convert.FromBase64String(kvSecret.Value), string.Empty,
X509KeyStorageFlags.MachineKeySet |
X509KeyStorageFlags.PersistKeySet |
X509KeyStorageFlags.Exportable);
return(certificate);
}
private (SecretAttributes attributes, SecretBundle bundle) CreateSecret(string name, string value, Func <SecretAttributes> attributesFactory = null, Action <SecretBundle> bundleAction = null)
{
var id = new SecretIdentifier(VaultUri, name).Identifier;
var secretAttributes = attributesFactory?.Invoke() ?? new SecretAttributes()
{
Enabled = true
};
var secretBundle = new SecretBundle(VaultUri, id);
secretBundle.Id = id;
secretBundle.Attributes = secretAttributes;
secretBundle.Value = value;
bundleAction?.Invoke(secretBundle);
return(secretAttributes, secretBundle);
}
private string PrintSecretBundleMetadata(SecretBundle bundle)
{
StringBuilder strBuilder = new StringBuilder();
strBuilder.AppendFormat($"id: {bundle.Id}\n");
strBuilder.AppendFormat($"\tcontent type: {bundle.ContentType}\n");
strBuilder.AppendFormat($"\tmanaged: {bundle.Managed}\n");
strBuilder.AppendFormat($"\tenabled: {bundle.Attributes.Enabled}\n");
strBuilder.AppendFormat($"\tnbf: {bundle.Attributes.NotBefore}\n");
strBuilder.AppendFormat($"\texp: {bundle.Attributes.Expires}\n");
strBuilder.AppendFormat($"\tcreated: {bundle.Attributes.Created}\n");
strBuilder.AppendFormat($"\tupdated: {bundle.Attributes.Updated}\n");
strBuilder.AppendFormat($"\trecoveryLevel: {bundle.Attributes.RecoveryLevel}\n");
return(strBuilder.ToString());
}
public async Task <SecretWrapper> SetSecretAsync(string secretName, string secretValue, CancellationToken cancellationToken)
{
EnsureArg.IsNotNullOrWhiteSpace(secretName, nameof(secretName));
EnsureArg.IsNotNullOrWhiteSpace(secretValue, nameof(secretValue));
SecretBundle result = await _keyVaultClient.SetSecretAsync(
_keyVaultUri.AbsoluteUri,
secretName,
secretValue,
tags : null,
contentType : null,
secretAttributes : null,
cancellationToken);
return(new SecretWrapper(result.Id, result.Value));
}
private static async Task <X509Certificate2> GetCertificateAsync(IConfiguration configuration)
{
var azureServiceTokenProvider = new AzureServiceTokenProvider();
var keyVaultClient = new KeyVaultClient(
new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
IConfigurationSection keyVaultConfiguration = configuration.GetSection("KeyVault");
SecretBundle rawSecret =
await keyVaultClient.GetSecretAsync(keyVaultConfiguration["BaseUrl"], keyVaultConfiguration["SecretName"]);
return(new X509Certificate2(Convert.FromBase64String(rawSecret.Value),
(string)null,
X509KeyStorageFlags.MachineKeySet));
}
public async Task <string> GetSecret(string secretPath)
{
if (_memoryCache.TryGetValue(_cachePrefix + secretPath, out string cachedToken))
{
return(cachedToken);
}
KeyVaultClient keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(GetToken));
SecretBundle secret = await keyVaultClient.GetSecretAsync(Config.BaseSecretURL + secretPath);
// For safety we don't want to keep hold of results indefinately.
// This will allow a one day lead on retiring old keys.
_memoryCache.Set(secretPath, secret.Value, DateTimeOffset.Now.AddDays(1));
return(secret.Value);
}
private static void DoVault()
{
kvc = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(GetToken));
// write
// writeKeyVault();
SecretBundle secret = Task.Run(() => kvc.GetSecretAsync(BASESECRETURI +
@"/secrets/" + SECRETNAME)).ConfigureAwait(false).GetAwaiter().GetResult();
Console.WriteLine(secret.Value);
//Console.WriteLine(secret.Tags["Test1"].ToString());
Console.ReadLine();
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
var builder = new ConfigurationBuilder()
.SetBasePath(Directory.GetCurrentDirectory())
.AddJsonFile("appsettings.json", optional: false, reloadOnChange: true);
Configuration = builder.Build();
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
kvc = Utility.GetKeyClient(Configuration.GetSection("KeyVault").GetSection("employee").Value);
SecretBundle secret = Utility.GetSecret(Configuration.GetSection("KeyVault").GetSection("employee").Value);
services.AddDbContext <employeeContext>
(options => options.UseSqlServer(secret.Value));
services.AddOptions();
}
public async Task <string> GetSecretAsync(string secretName, CancellationToken cancellationToken)
{
try
{
string cachedSecret = await _cache.GetStringAsync(secretName, cancellationToken);
if (!string.IsNullOrWhiteSpace(cachedSecret))
{
return(cachedSecret);
}
SecretBundle secret = await _client.GetSecretAsync(_settings.KeyVaultUrl, secretName, cancellationToken);
if (!string.IsNullOrWhiteSpace(secret.Value))
{
await _cache.SetStringAsync(secretName, secret.Value, new DistributedCacheEntryOptions()
{
SlidingExpiration = TimeSpan.FromHours(_settings.SecretCacheTimeoutMinutes)
}, cancellationToken);
}
return(secret.Value);
}
#if DEBUG
catch (AzureServiceTokenProviderException)
{
_log.LogInformation("ATTENTION DEVELOPER: You need may need to install the Azure CLI. Then try restart this application.");
throw;
}
catch (KeyVaultErrorException ex) when(ex.Response.StatusCode == HttpStatusCode.Unauthorized)
{
_log.LogInformation("ATTENTION DEVELOPER: You need to log into Azure using your own credentials. Using the Azure CLI, run 'az login', provide your credentials and then run 'az account set -s <YOUR SUBSCRIPTION ID>'. Then try restart this application.");
throw;
}
#endif
catch (KeyVaultErrorException ex) when(ex.Response.StatusCode == HttpStatusCode.NotFound)
{
_log.LogWarning(ex, $"The secret {secretName} could not be found in the keyvault.");
throw;
}
catch (KeyVaultErrorException ex)
{
_log.LogError(ex, $"Something went wrong: {ex.Message}");
throw;
}
}
public async Task GettingASecretAsync()
{
var endpoint = TestEnvironment.KeyVaultUri;
#region Snippet:GetSecretAsync
#if SNIPPET
string endpoint = "https://myvault.vault.azure.net";
#endif
var client = new MiniSecretClient(new Uri(endpoint), new DefaultAzureCredential());
SecretBundle secret = await client.GetSecretAsync("TestSecret");
Console.WriteLine(secret.Value);
#endregion
Assert.NotNull(secret.Value);
}
