Skip to content

Instantly share code, notes, and snippets.

@jarig
Created August 18, 2020 13:43
Show Gist options
  • Save jarig/ff823654b9f8519040f2fb56f221d317 to your computer and use it in GitHub Desktop.
Save jarig/ff823654b9f8519040f2fb56f221d317 to your computer and use it in GitHub Desktop.
Authenticate to keyvault using either certificate or secret
public class CertificateHelper
{
public static X509Certificate2 FindCertificateByThumbprint(string thumbrint)
{
X509Certificate2 cert;
cert = FindCertificateByThumbprint(thumbrint, StoreName.My, StoreLocation.CurrentUser);
if (cert == null)
{
cert = FindCertificateByThumbprint(thumbrint, StoreName.My, StoreLocation.LocalMachine);
}
return cert;
}
private static X509Certificate2 FindCertificateByThumbprint(string thumbrint, StoreName storeName, StoreLocation storeLocation)
{
using (X509Store store = new X509Store(storeName, storeLocation))
{
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certs = store.Certificates.Find(X509FindType.FindByThumbprint,
thumbrint, false); // Don't validate certs, since the test root isn't installed.
if (certs == null || certs.Count == 0)
return null;
return certs.OfType<X509Certificate2>().Single();
}
}
}
private static IKeyVaultClient CreateKeyVaultClientWithCertificate(string clientId, string certificateThumbrint)
{
X509Certificate2 clientCertificate = CertificateHelper.FindCertificateByThumbprint(certificateThumbrint);
if (clientCertificate == null)
{
throw new Exception($"Failed to find certificate with thumbprint {certificateThumbrint}");
}
var clientCredential = new ClientAssertionCertificate(clientId, clientCertificate);
return CreateKeyVaultClient(async (AuthenticationContext authenticationContext, string resource) =>
{ return await authenticationContext.AcquireTokenAsync(resource, clientCredential); });
}
private static IKeyVaultClient CreateKeyVaultClientWithSecret(string clientId, string clientSecret)
{
ClientCredential clientCredential = new ClientCredential(clientId, clientSecret);
return CreateKeyVaultClient(async (AuthenticationContext authenticationContext, string resource) =>
{ return await authenticationContext.AcquireTokenAsync(resource, clientCredential); });
}
private static IKeyVaultClient CreateKeyVaultClient(TokenAcquireDelegateAsync tokenAcquireDelegateAsync)
{
var tokenCache = new TokenCache();
IKeyVaultClient keyVaultClient = new KeyVaultClient(async (authority, resource, scope) =>
{
AuthenticationContext authenticationContext = new AuthenticationContext(new Uri(authority).AbsoluteUri, false, tokenCache);
AuthenticationResult result = await tokenAcquireDelegateAsync(authenticationContext, resource).ConfigureAwait(false);
string token = result.AccessToken;
return token;
});
return keyVaultClient;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment