Created
May 22, 2020 11:04
-
-
Save rithala/e2114085e542fefc5f2027090848c1a3 to your computer and use it in GitHub Desktop.
Create Certificate Based Azure AD ConfidentialClientApplicationProvider
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using Azure.Security.KeyVault.Certificates; | |
using Azure.Security.KeyVault.Secrets; | |
using Microsoft.Identity.Client; | |
using System; | |
using System.Linq; | |
using System.Security.Cryptography.X509Certificates; | |
namespace Sii.CloudSync.Core.Infrastructure.Configuration.AzureAD | |
{ | |
internal class ConfidentialClientApplicationProvider : IDisposable | |
{ | |
private X509Certificate2 _certificate; | |
private readonly AzureADOptions _options; | |
private readonly CertificateClient _certificateClient; | |
private readonly SecretClient _secretClient; | |
public ConfidentialClientApplicationProvider( | |
AzureADOptions options, | |
CertificateClient certificateClient, | |
SecretClient secretClient) | |
{ | |
_options = options; | |
_certificateClient = certificateClient; | |
_secretClient = secretClient; | |
} | |
public IConfidentialClientApplication Get() | |
{ | |
_certificate = GetCertificate(); | |
return ConfidentialClientApplicationBuilder | |
.Create(_options.AZURE_CLIENT_ID) | |
.WithTenantId(_options.AZURE_TENANT_ID) | |
.WithCertificate(_certificate) | |
.Build(); | |
} | |
private X509Certificate2 GetCertificate() | |
{ | |
var certificate = _certificateClient.GetCertificate(_options.AZURE_CERT_NAME); | |
var secretKey = certificate.Value.SecretId.Segments.Reverse().ToArray(); | |
var privateKey = _secretClient.GetSecret(secretKey[1], secretKey[0]); | |
var certBytes = Convert.FromBase64String(privateKey.Value.Value); | |
return new X509Certificate2(certBytes); | |
} | |
public void Dispose() | |
{ | |
if (_certificate != null) | |
{ | |
_certificate.Dispose(); | |
} | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment