Azure Service authentication in Visual Studio 2022在注销后仍然有效。

huangapple go评论81阅读模式
英文:

Azure Service authentication in Visual Studio 2022 works even after sign out

问题

我正在进行一个ASP.NET Core Web API项目。在这个项目中,我使用Azure.Security.KeyVault.SecretsSecretClient类来从密钥保管库中获取秘密。

我能够在使用我的个人Microsoft帐户登录Visual Studio和未登录Visual Studio时从密钥保管库中获取秘密。我想知道SecretClient类是如何验证用户的?它如何能够获取Azure AD令牌,以便在不登录Visual Studio的情况下使用Azure密钥保管库进行身份验证以检索秘密?

以下是我在Program.cs(.NET 6)文件中用于注入SecretClient依赖项的代码:

using backendapp.Services.Contracts;
using backendapp.Services;
using Microsoft.Extensions.Azure;
using backendapp.Services.Repository;

namespace backendapp;

public class Program
{
    public static void Main(string[] args)
    {
        var builder = WebApplication.CreateBuilder(args);

        // Add services to the container.

        builder.Services.AddControllers();
        // Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
        builder.Services.AddEndpointsApiExplorer();
        builder.Services.AddSwaggerGen();
        builder.Services.AddAzureClients(azureClientFactoryBuilder =>
        {
            azureClientFactoryBuilder.AddSecretClient(builder.Configuration.GetSection("KeyVault"));
        });
        builder.Services.AddSingleton<IKeyVaultManager, KeyVaultManager>();
        builder.Services.AddSingleton<IDocumentClientWrapper, DocumentClientWrapper>();
        builder.Services.AddSingleton<IDbManager, DbManager>();
        builder.Services.AddSingleton<IEmployeeRepository, EmployeeRepository>();

        var app = builder.Build();

        // Configure the HTTP request pipeline.
        if (app.Environment.IsDevelopment())
        {
            app.UseSwagger();
            app.UseSwaggerUI();
        }

        app.UseHttpsRedirection();

        app.UseAuthorization();

        app.MapControllers();

        app.Run();
    }
}

此外,在appsettings.json中,我有一个名为KeyVault的部分,其中只有一个VaultUri条目。

以下是我使用SecretClient类的KeyVaultManager类:

public class KeyVaultManager : IKeyVaultManager
{
    private SecretClient _secretClient;

    public KeyVaultManager(SecretClient secretClient)
    {
        _secretClient = secretClient;
    }

    public async Task<string> GetSecretAsync(string secretName)
    {
        try
        {
            KeyVaultSecret keyVaultSecret = await _secretClient.GetSecretAsync(secretName);
            return keyVaultSecret.Value;
        }
        catch (Exception ex)
        {
            throw;
        }
    }
}

我想知道如何在未登录Visual Studio的情况下,我能够使用我的个人帐户从密钥保管库中获取秘密。

英文:

I'm working on an ASP.NET Core Web API project. In this project I'm using Azure.Security.KeyVault.Secrets's SecretClient class to fetch secrets from a key vault.

I'm able to fetch the secrets from key vault when I signed in into Visual Studio using my personal Microsoft account as well as without sign in into Visual Studio. I wanted to know how SecretClient class authenticates the user? How it is able to get Azure AD token to authenticate itself with Azure key vault to retrieve secret even without signing into Visual Studio?

Below is the code I have used in Program.cs (.NET 6) file to inject the SecretClient dependency:

using backendapp.Services.Contracts;
using backendapp.Services;
using Microsoft.Extensions.Azure;
using backendapp.Services.Repository;

namespace backendapp;

public class Program
{
    public static void Main(string[] args)
    {
        var builder = WebApplication.CreateBuilder(args);

        // Add services to the container.

        builder.Services.AddControllers();
        // Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
        builder.Services.AddEndpointsApiExplorer();
        builder.Services.AddSwaggerGen();
        builder.Services.AddAzureClients(azureClientFactoryBuilder =&gt;
        {
            azureClientFactoryBuilder.AddSecretClient(builder.Configuration.GetSection(&quot;KeyVault&quot;));
        });
        builder.Services.AddSingleton&lt;IKeyVaultManager, KeyVaultManager&gt;();
        builder.Services.AddSingleton&lt;IDocumentClientWrapper, DocumentClientWrapper&gt;();
        builder.Services.AddSingleton&lt;IDbManager, DbManager&gt;();
        builder.Services.AddSingleton&lt;IEmployeeRepository, EmployeeRepository&gt;();

        var app = builder.Build();

        // Configure the HTTP request pipeline.
        if (app.Environment.IsDevelopment())
        {
            app.UseSwagger();
            app.UseSwaggerUI();
        }

        app.UseHttpsRedirection();

        app.UseAuthorization();

        app.MapControllers();

        app.Run();
    }
}

Also in appsettings.json, I have a section KeyVault which has just a VaultUri entry.

Below is my KeyVaultManager class which uses the SecretClient class

    public class KeyVaultManager : IKeyVaultManager
    {
        private SecretClient _secretClient;

        public KeyVaultManager(SecretClient secretClient)
        {
            _secretClient = secretClient;
        }

        public async Task&lt;string&gt; GetSecretAsync(string secretName)
        {
            try
            {
                KeyVaultSecret keyVaultSecret = await _secretClient.GetSecretAsync(secretName);
                return keyVaultSecret.Value;
            }
            catch(Exception ex)
            {
                throw;
            }
        }
    }

I wanted to know how I'm able to fetch secrets from keyvault under my personal account even without signing in to Visual Studio.
Azure Service authentication in Visual Studio 2022在注销后仍然有效。

答案1

得分: 1

Azure身份验证使用各种方法对Azure服务进行身份验证,按照特定顺序尝试它们。

您可以查看AzureDefaultCredentials文档,了解不同的机制以及它们尝试的顺序。

很可能您仍然使用Azure Cli登录。

英文:

Azure authentication utilizes various methods to authenticate with Azure services, attempting them in a specific order.

You can check out the AzureDefaultCredentials documentation to see the different mechanisms and the sequence in which they are tried.

It is very likely that you are still logged in with Azure Cli.

huangapple
  • 本文由 发表于 2023年6月25日 22:03:21
  • 转载请务必保留本文链接:https://go.coder-hub.com/76550785.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定