Introduction: Many people spend a lot of time
figuring out how to authenticate with the Microsoft.Azure fluent library
because it is different from the authentication used with its predecessor. In
addition, Microsoft libraries for Azure.Identity and
Microsoft.Azure.Services.AppAuthentication only complicate the earlier methods.
This article tries to cut the chase.
Description: A little bit of context around the
earlier method of authentication will help before the description of the new
method. This involved instantiating one of the credential class like so:
_tfsDataConnection = new TfsTeamProjectCollection(new
Uri(this._tfsLink));
_tfsDataConnection.Authenticate();
By default, it reads the current user and authenticates with
that service principal.
The Azure.Identity library was developed to package all the
identity related routines into one assembly. We could now use tokens as a form
of identity with the help of code like this:
var aadSettings = new
ActiveDirectoryServiceSettings
{
AuthenticationEndpoint = new
Uri(authSettings.ActiveDirectoryEndpointUrl),
TokenAudience = new
Uri(authSettings.ManagementEndpointUrl),
ValidateAuthority = true
};
return await
ApplicationTokenProvider.LoginSilentAsync(
authSettings.TenantId,
authSettings.ClientId,
authSettings.ClientSecret,
aadSettings);
}
The fluent
library can accept ApplicationTokenProvider and the new method looks like this:
// Use
AzureServiceTokenProvider’s built-in callback for KeyVaultClient
var
azureServiceTokenProvider = new AzureServiceTokenProvider();
var kv = new
KeyVaultClient(new
KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
// Request an
access token for SqlConnection
sqlConnection =
new SqlConnection(YourConnectionString))
{
sqlConnection.AccessToken =
azureServiceTokenProvider.GetAccessTokenAsync("https://database.windows.net");
sqlConnection.Open();
}
The Fluent
library started recognizing a new primitive for credentials called the
AzureCredentials instead of the erstwhile TokenCredentials or DefaultCredentials.
Although there is a DefaultAzureCredentials(), the Fluent library does not
recognize interactive credentials because of the error cannot convert ‘Azure.Identity.DefaultAzureCredential’
to ‘Microsoft.Rest.ServiceClientCredential’. This calls for a modification to
the new methods as follows:
var
azureServiceTokenProvider = new AzureServiceTokenProvider(connectionString, azureAdInstance);
var token = await
azureServiceTokenProvider.GetAccessTokenAsync(“https://management.azure.com”,
tenantId);
TokenCredentials
tokenCredentials = new TokenCredentials(token);
Var azure = Azure
.Configure()
.WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic)
.Authenticate(new
AzureCredentials(tokenCredentials, tokenCredentials, tenantId,
AzureEnvironment.AzureGlobalCloud))
.WithSubscription(subscriptionId);
No comments:
Post a Comment