Reputation: 1957
Azure AuthenticationContext | What should be the value of the first parameter "authority"
I am referring the following article : https://learn.microsoft.com/en-us/azure/storage/blobs/storage-encrypt-decrypt-blobs-key-vault
I need assistance to understand the parameters of the method pasted below:
private async static Task<string> GetToken(string authority, string resource, string scope)
{
var authContext = new AuthenticationContext(authority);
ClientCredential clientCred = new ClientCredential(
ConfigurationManager.AppSettings["clientId"],
ConfigurationManager.AppSettings["clientSecret"]);
AuthenticationResult result = await authContext.AcquireTokenAsync(resource, clientCred);
if (result == null)
throw new InvalidOperationException("Failed to obtain the JWT token");
return result.AccessToken;
}
Please advise what should be the values of GetToken(string authority, string resource, string scope)
Upvotes: 0
Views: 1843
Answers (2)
Reputation: 1
A good example (I altered the code a bit, as it was out of date and used your values for client/secret), for getting KeyVaultClient() using AD credentials.
var keyVaultClient = new KeyVaultClient(async(authority, resource, scope) =>
{
var adCredential = new ClientCredential(ConfigurationManager.AppSettings["clientId"],
ConfigurationManager.AppSettings["clientSecret"]);
var authenticationContext = new AuthenticationContext(authority, null);
var authenticationResult = await authenticationContext.AcquireTokenAsync(resource, adCredential);
return authenticationResult.AccessToken;
});
authority, resource and scope are provided by the SDK (i.e. you don't have to provide values for them), and are passed to the delegate function AuthenticationCallback, which returns the token to get a key vault client. Hope this helps! :)
Upvotes: 0
Reputation: 9664
Authority - https://login.windows.net/<your AD tenant GUID> ( this is the Authority issuing the token)
Resource - https://vault.azure.net (this is the resource that token is being requested for)
Scope - Empty string for this case. Notice that it's a parameter in your method, but it's not really used anywhere.
Also note that you would call this method directly in very rare cases when using object model. More probably than not, you will just pass the delegate for this method to the KeyVaultClient.AuthenticationCallback or KeyValutKeyResolver like it's shown in the tutorial you have shared.
Upvotes: 2
Related Questions
- Azure KeyVault: Azure.Identity.CredentialUnavailableException: DefaultAzureCredential failed to retrieve a token from the included credentials
- Issue in accessing Azure Keyvault - DefaultAzureCredential failed to retrieve a token
- azure unable to access keyvault for issuing verifiable credentials
- Access KeyVault with Subject Name + Issuer Auth
- Azure.RequestFailedException in Azure.Security.KeyVault.Secrets
- Azure KeyVault Secret Get Throws Authentication Error
- Problem with configuring Azure KeyVault in ASP.net app
- .Net Core 2.2 Generated AzureAD Authentication - InvalidOperationException: No authenticationScheme and no DefaultChallengeScheme?
- authority_not_in_valid_list: 'authority' is not in the list of valid addresses
- 'authority' should be in Uri format Parameter name: authority