Articles Authentication to Azure by Arcus Security Team

emailx45

Местный
Регистрация
5 Май 2008
Сообщения
3,571
Реакции
2,439
Credits
574
Authentication to Azure
Arcus Security Team - Date: ?
[SHOWTOGROUPS=4,20]
Authentication
As of today we support a few authentication mechanisms.

Managed Service Identity
You can use Для просмотра ссылки Войди или Зарегистрируйся to delegate the authentication to Azure via ManagedServiceIdentityAuthenticator.

This is the recommended approach to interact with Azure Key Vault.
Код:
var vaultAuthenticator = new ManagedServiceIdentityAuthenticator();
var vaultConfiguration = new KeyVaultConfiguration(keyVaultUri);
var keyVaultSecretProvider = new KeyVaultSecretProvider(vaultAuthenticator, vaultConfiguration);

If you require more control over the authentication mechanism you can optionally specify an AzureServiceTokenProvider connection string &/or Azure AD instance.
Код:
var connectionString = Configuration.GetConnectionString("Arcus:MSI:ConnectionString");
var azureAdInstance = Configuration.GetValue<string>("Arcus:MSI:AzureAdInstance");
var vaultAuthenticator = new ManagedServiceIdentityAuthenticator(connectionString, azureAdInstance);
var vaultConfiguration = new KeyVaultConfiguration(keyVaultUri);
var keyVaultSecretProvider = new KeyVaultSecretProvider(vaultAuthenticator, vaultConfiguration);

See Для просмотра ссылки Войди или Зарегистрируйся for supported connection strings and Для просмотра ссылки Войди или Зарегистрируйся for valid azure AD instances

Service Principle
Authentication via username and password is supported with the ServicePrincipalAuthenticator.
Код:
var clientId = Configuration.GetValue<string>("Arcus:ServicePrincipal:ClientId");
var clientKey = Configuration.GetValue<string>("Arcus:ServicePrincipal:AccessKey");

var vaultAuthenticator = new ServicePrincipalAuthenticator(clientId, clientKey);
var vaultConfiguration = new KeyVaultConfiguration(keyVaultUri);
var keyVaultSecretProvider = new KeyVaultSecretProvider(vaultAuthenticator, vaultConfiguration);

Certificate
Authentication via client ID and certificate is supported with the CertifidateBasedAuthentication.
Код:
var clientId = Configuration.GetValue<string>("Arcus:ServicePrincipal:ClientId");
X509Certificate2 certificate = ...

var vaultAuthenticator = new CertificateBasedAuthentication(clientId, certificate);
var vaultConfiguration = new KeyVaultConfiguration(keyVaultUri);
var keyVaultSecretProvider = new KeyVaultSecretProvider(vaultAuthenticator, vaultConfiguration);
[/SHOWTOGROUPS]