Thursday, May 20, 2021

Authenticating with Microsoft.Azure Fluent library:

 


Introduction: Many people spend a lot of time figuring out how to authenticate with the Microsoft.Azure fluent library because it is different from the authentication used with its predecessor. In addition, Microsoft libraries for Azure.Identity and Microsoft.Azure.Services.AppAuthentication only complicate the earlier methods. This article tries to cut the chase.

Description: A little bit of context around the earlier method of authentication will help before the description of the new method. This involved instantiating one of the credential class like so:

_tfsDataConnection = new TfsTeamProjectCollection(new Uri(this._tfsLink));

_tfsDataConnection.Authenticate();

By default, it reads the current user and authenticates with that service principal.

The Azure.Identity library was developed to package all the identity related routines into one assembly. We could now use tokens as a form of identity with the help of code like this:

            var aadSettings = new ActiveDirectoryServiceSettings

            {

                AuthenticationEndpoint = new Uri(authSettings.ActiveDirectoryEndpointUrl),

                TokenAudience = new Uri(authSettings.ManagementEndpointUrl),

                ValidateAuthority = true

            };

 

            return await ApplicationTokenProvider.LoginSilentAsync(

                authSettings.TenantId,

                authSettings.ClientId,

                authSettings.ClientSecret,

                aadSettings);

        }

 

The fluent library can accept ApplicationTokenProvider and the new method looks like this:

// Use AzureServiceTokenProvider’s built-in callback for KeyVaultClient

var azureServiceTokenProvider = new AzureServiceTokenProvider();

var kv = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));

 

// Request an access token for SqlConnection

sqlConnection = new SqlConnection(YourConnectionString))

{

    sqlConnection.AccessToken = azureServiceTokenProvider.GetAccessTokenAsync("https://database.windows.net");

    sqlConnection.Open();

}

 

The Fluent library started recognizing a new primitive for credentials called the AzureCredentials instead of the erstwhile TokenCredentials or DefaultCredentials. Although there is a DefaultAzureCredentials(), the Fluent library does not recognize interactive credentials because of the error cannot convert ‘Azure.Identity.DefaultAzureCredential’ to ‘Microsoft.Rest.ServiceClientCredential’. This calls for a modification to the new methods as follows:

var azureServiceTokenProvider = new AzureServiceTokenProvider(connectionString, azureAdInstance);

var token = await azureServiceTokenProvider.GetAccessTokenAsync(“https://management.azure.com”, tenantId);

TokenCredentials tokenCredentials = new TokenCredentials(token);

Var azure  = Azure

                      .Configure()

                      .WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic)

                      .Authenticate(new AzureCredentials(tokenCredentials, tokenCredentials, tenantId, AzureEnvironment.AzureGlobalCloud))

                     .WithSubscription(subscriptionId);             

 

at

No comments:

Post a Comment