1

From my question here I understand that I can set up an application registration in Active Directory, and that I can use the application ID and a key that I set up within the application registration in order to authenticate.

Where is an example on how to do that?

What has the combination of the application ID (which I understand to also be called the client ID) and the key I add to the keys collection got to do with the Service Principal?

[Update]

From this link about service principals

If I understand it correctly we are no longer talking about "application key", we are talking about "application credentials". I am guessing this is the same thing?

The following paragraph has me hopelessly confused about the difference between "application credentials", "sign in credentials", and "service principal's credentials":

"To sign in with a service principal, use the -ServicePrincipal argument with the Connect-AzureRmAccount cmdlet. You will also need the service princpal's application ID, sign-in credentials, and the tenant ID associate with the service principal. In order to get the service principal's credentials as the appropriate object, use the Get-Credential cmdlet. This cmdlet will display a dialog box to enter the service principal user ID and password into."

[Update]

From the answer to my question here I have been able to run HelloKeyVault using the following app settings:

VaultUrl, AuthClientId and AuthCertThumbprint

There is no mention of a service principal or "key" or a "token"

I am just trying to understand the instructions at https://learn.microsoft.com/en-gb/azure/key-vault/key-vault-get-started at this stage.

Kirsten
  • 15,730
  • 41
  • 179
  • 318

2 Answers2

1

You typically use the service principal to deploy / manage your resources within a CI / CD environment like VSTS or within PowerShell scripts. Check Sign in with a service principal

Martin Brandl
  • 56,134
  • 13
  • 133
  • 172
0

From the sample application here after fixing the bug in the Powershell script reported here

I was able to run the HelloKeyVault source

 class Program
{
    static KeyVaultClient keyVaultClient;
    static InputValidator inputValidator;

    static void Main(string[] args)
    {

        KeyBundle keyBundle = null; // The key specification and attributes
        SecretBundle secret = null;
        CertificateBundle certificateBundle = null;
        string keyName = string.Empty;
        string secretName = string.Empty;
        string certificateName = string.Empty;
        string certificateCreateName = string.Empty;

        inputValidator = new InputValidator(args);

        ServiceClientTracing.AddTracingInterceptor(new ConsoleTracingInterceptor());
        ServiceClientTracing.IsEnabled = inputValidator.GetTracingEnabled();

        var clientId = ConfigurationManager.AppSettings["AuthClientId"];
        var cerificateThumbprint = ConfigurationManager.AppSettings["AuthCertThumbprint"];

        var certificate = FindCertificateByThumbprint(cerificateThumbprint);
        var assertionCert = new ClientAssertionCertificate(clientId, certificate);

        keyVaultClient = new KeyVaultClient((authority, resource, scope) => GetAccessToken(authority, resource, scope, assertionCert), 
               new InjectHostHeaderHttpMessageHandler());
         // etc

This shows that we can get the token using the AuthClientId and the AuthCertThumbprint

In this case guess the Application Id is given by the AuthClientId and the "key to authenticate" is given by the AuthCertThumbprint

The Service principal is not mentioned as being necessary.

Kirsten
  • 15,730
  • 41
  • 179
  • 318