Articles - Authentication to Azure by Arcus Security Team | BESK.SU - программирование без границ (c) 2025

Articles Authentication to Azure by Arcus Security Team

emailx45

emailx45

Местный
Credits
513
Authentication to Azure
Arcus Security Team - Date: ?
[SHOWTOGROUPS=4,20]
Authentication
As of today we support a few authentication mechanisms.

Managed Service Identity
You can use Managed Service Identity to delegate the authentication to Azure via ManagedServiceIdentityAuthenticator.

This is the recommended approach to interact with Azure Key Vault.
Код: 
var vaultAuthenticator = new ManagedServiceIdentityAuthenticator();
var vaultConfiguration = new KeyVaultConfiguration(keyVaultUri);
var keyVaultSecretProvider = new KeyVaultSecretProvider(vaultAuthenticator, vaultConfiguration);
If you require more control over the authentication mechanism you can optionally specify an AzureServiceTokenProvider connection string &/or Azure AD instance.
Код: 
var connectionString = Configuration.GetConnectionString("Arcus:MSI:ConnectionString");
var azureAdInstance = Configuration.GetValue<string>("Arcus:MSI:AzureAdInstance");
var vaultAuthenticator = new ManagedServiceIdentityAuthenticator(connectionString, azureAdInstance);
var vaultConfiguration = new KeyVaultConfiguration(keyVaultUri);
var keyVaultSecretProvider = new KeyVaultSecretProvider(vaultAuthenticator, vaultConfiguration);
See Service-to-service authentication to Azure Key Vault using .NET - Connection String Support for supported connection strings and National clouds - Azure AD authentication endpoints for valid azure AD instances

Service Principle
Authentication via username and password is supported with the ServicePrincipalAuthenticator.
Код: 
var clientId = Configuration.GetValue<string>("Arcus:ServicePrincipal:ClientId");
var clientKey = Configuration.GetValue<string>("Arcus:ServicePrincipal:AccessKey");

var vaultAuthenticator = new ServicePrincipalAuthenticator(clientId, clientKey);
var vaultConfiguration = new KeyVaultConfiguration(keyVaultUri);
var keyVaultSecretProvider = new KeyVaultSecretProvider(vaultAuthenticator, vaultConfiguration);
Certificate
Authentication via client ID and certificate is supported with the CertifidateBasedAuthentication.
Код: 
var clientId = Configuration.GetValue<string>("Arcus:ServicePrincipal:ClientId");
X509Certificate2 certificate = ...

var vaultAuthenticator = new CertificateBasedAuthentication(clientId, certificate);
var vaultConfiguration = new KeyVaultConfiguration(keyVaultUri);
var keyVaultSecretProvider = new KeyVaultSecretProvider(vaultAuthenticator, vaultConfiguration);
[/SHOWTOGROUPS]
 
Войдите или зарегистрируйтесь для ответа.
Сверху