9

I'm trying to call all the vaults in a subscription. The approach I'm using is this -

Controller

var myClient = new Microsoft.Azure.KeyVault.KeyVaultClient(new KeyVaultClient.AuthenticationCallback(Helper.GetToken));
Microsoft.Azure.KeyVault.KeyVaultCredential test = new KeyVaultCredential(new KeyVaultClient.AuthenticationCallback(Helper.GetToken));

TokenCloudCredentials tokenCredentials = new TokenCloudCredentials("xxx", test.Token);

KeyVaultManagementClient client = new KeyVaultManagementClient(tokenCredentials);
VaultListResponse response = new VaultListResponse();

Helper

public static async Task<string> GetToken(string authority, string resource, string scope)
{

  var clientId = ConfigurationManager.AppSettings["AuthClientId"];
  var clientRedirectURI = ConfigurationManager.AppSettings["AuthClientRedirectURI"];

  var context = new AuthenticationContext(authority, TokenCache.DefaultShared);

  result = await context.AcquireTokenAsync(resource, clientId, new Uri(clientRedirectURI), new PlatformParameters(PromptBehavior.Always)); 
 return result.AccessToken; 
}

For my controller "test.Token" always returns null but I can't help but think it may be from me not passing anything into Helper.Token in test. I know that the Helper.Token essentially matches what the call back wants:

public delegate Task<string> AuthenticationCallback(
string authority,
string resource,
string scope)

But where do I get authority, resource and scope from? Thanks!

imsome1
  • 1,182
  • 4
  • 22
  • 37
Pikapops
  • 631
  • 2
  • 8
  • 22
  • place a breakpoint on your controllers method and check the debugger to see if its being set correctly – Dylan Kilkenny Feb 28 '17 at 10:41
  • I'm sorry but I'm not sure what you mean by this. I've popped in breakpoints but as soon as I jump over " Microsoft.Azure.KeyVault.KeyVaultCredential test = new KeyVaultCredential(new KeyVaultClient.AuthenticationCallback(Helper.GetToken));" then it goes to the next line (TokenCredientials) - I check test and token is set to null. – Pikapops Feb 28 '17 at 10:46

1 Answers1

2

AuthenticationCallback is a delegate function and the value of authority/resource/scope is provide by SDK, we need to provide the delegate function to use these values to get the access token.

If you are using a web app, your code will not work ,because you need to provide the client_secret or client_assertion during the oath process . And if you debug your application , you will find the GetToken function will not fire ,because you don’t use that client to perform a query (or other operation). Please refer to below link for how to use Azure Key Vault from a Web Application :

https://learn.microsoft.com/en-us/azure/key-vault/key-vault-use-from-web-application

Please also click here which includes two video tutorials which helps you understand better .

Nan Yu
  • 26,101
  • 9
  • 68
  • 148
  • 2
    How does SDK knows about authority – user145610 Apr 21 '20 at 11:06
  • 1
    @user145610 KeyVaultClient knows these from WWW-Authenticate response header in the response of the request to KeyVault service which doesn't contain access token and is supposed to return 401. – K.Miao Jul 03 '20 at 02:27