Last active
May 23, 2023 15:37
-
-
Save AArnott/88768dbd4e0754f7cbea407bc99c7b76 to your computer and use it in GitHub Desktop.
A sample of how to obtain a secret value from Azure Key Vault using implicit auth via ADAL and your AD account
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Configuration; | |
using System.Net.Http; | |
using System.Threading.Tasks; | |
using Microsoft.Azure.KeyVault; // Install-Package Microsoft.Azure.KeyVault | |
using Microsoft.IdentityModel.Clients.ActiveDirectory; // Install-Package Microsoft.IdentityModel.Clients.ActiveDirectory | |
namespace KeyVaultSample | |
{ | |
class Program | |
{ | |
/// <summary> | |
/// The Application ID for the app registered with the Azure Active Directory. | |
/// </summary> | |
/// <remarks> | |
/// Register your application in https://portal.azure.com/ within the "App Registrations" blade. | |
/// Be sure to grant your app permissions to "Azure Key Vault (AzureKeyVault)". | |
/// </remarks> | |
private static readonly string ADALClientId = ConfigurationManager.AppSettings.Get("ADALClientId"); | |
/// <summary> | |
/// A URI recorded for the AAD registered app as a valid redirect URI. | |
/// </summary> | |
/// <remarks> | |
/// For example: "https://myapp/finish". Literally, it could be that. You don't need to have a server responding to this URI. | |
/// </remarks> | |
private static readonly Uri ADALRedirectUri = new Uri(ConfigurationManager.AppSettings.Get("ADALRedirectUri")); | |
/// <remarks> | |
/// For example: https://yourCoolApp.vault.azure.net/ | |
/// </remarks> | |
private static readonly string KeyVaultAddress = ConfigurationManager.AppSettings.Get("KeyVaultAddress"); | |
static void Main(string[] args) | |
{ | |
var keyVault = new KeyVaultClient( | |
new KeyVaultClient.AuthenticationCallback(GetAccessTokenAsync), | |
new HttpClient()); | |
string secret = keyVault.GetSecretAsync(KeyVaultAddress, "vsazure").Result.Value; | |
Console.WriteLine("vsazure secret: " + secret); | |
} | |
private static async Task<string> GetAccessTokenAsync(string authority, string resource, string scope) | |
{ | |
var context = new AuthenticationContext(authority, TokenCache.DefaultShared); | |
AuthenticationResult result; | |
try | |
{ | |
// Try to get the token from Windows auth | |
result = await context.AcquireTokenAsync(resource, ADALClientId, new UserCredential()); | |
} | |
catch (AdalException) | |
{ | |
try | |
{ | |
// Try to get the token silently, either using the token cache or browser cookies. | |
result = await context.AcquireTokenAsync(resource, ADALClientId, ADALRedirectUri, new PlatformParameters(PromptBehavior.Never)); | |
} | |
catch (AdalException) | |
{ | |
// OK, ultimately fail: ask the user to authenticate manually. | |
result = await context.AcquireTokenAsync(resource, ADALClientId, ADALRedirectUri, new PlatformParameters(PromptBehavior.Always)); | |
} | |
} | |
return result.AccessToken; | |
} | |
} | |
} |
I tried this, having set up my APP with these permisssions
I get the following error
Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException: 'AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'.
Trace ID: 96b0599e-3bac-4fb5-a64e-99180321ce00
Correlation ID: 8f334bd1-d1db-410f-96de-c91b40803c50
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
AuthenticationCallback not happening. It terminates the process..