I'm using the newer v4.x version of the Azure .NET SDKS - https://www.nuget.org/packages/Azure.Security.KeyVault.Secrets/4.1.0
In my case this is to access Key Vault secrets but the question probably applies globally. When using the above nuget package to retrieve a secret through a .NET Core 3.1 app, all seems to work OK.
var credential = new ClientSecretCredential("<TENANT_ID>", "<CLIENT_ID>", "<SECRET>");
var client = new SecretClient(new Uri("https://MyVault.vault.azure.net/"), credential);
var secret = await client.GetSecretAsync("MySecret");
However I need it to run in a .NET Framework 4.7.1, the call eventually times out after retrying 4 times.
I fully suspect this is down to the corporate proxy I work behind (although if there may be other reasons please tell me).
There is a SecretClientOptions that inherits from ClientOptions which contains a Transport property but it is not immediately obvious how to use this.
I see on other versions of the Node SDK they have a proxyOptions property but that doesn't exist in the .NET version. Is there another way to configure this?
I also wanted to try an diagnose a bit further but am not sure how to use the Diagnostics property and I struggle to get Fiddler to capture any .NET traffic these days.
UPDATE: Looks like a fix for this was committed 9 days ago so expecting a fix soon which will make .NET Framework use the system proxy correctly - https://github.com/Azure/azure-sdk-for-net/issues/16990
After diving into the library code it appears that the normal proxy as used with HttpClient isn't used. By setting the HTTP_PROXY and HTTPS_PROXY environment variables I was able to get this to work.
Environment.SetEnvironmentVariable("HTTP_PROXY", "http://my.corporate.proxy/");
Environment.SetEnvironmentVariable("HTTPS_PROXY", "http://my.corporate.proxy/");
UPDATE: Looks like a fix for this was committed 9 days ago so expecting a fix soon which will make .NET Framework use the system proxy correctly - https://github.com/Azure/azure-sdk-for-net/issues/16990
An alternative solution here can be the answer by Mun here. He suggests to cache the Key Vault values in App Settings Data structure.
You can also try this approach suggested by Docs if you don't prefer above approach.
Related
I used to use the UserPrincipal class to retrieve active directory information on a user, specifically the EmployeeId (not the username, we don't usually use that to tie employees to specific data points in sql). However, in .net core that class doesn't exist and I'm still fairly new to .net core so I'm not sure how a lot of it's features work in an Intranet setting. I know many probably won't work with asp.net core being cross platform and other server types not having any idea of active directory.
Below is code I use in regular asp.net environments to grab an employee id.
var userContext = System.Web.HttpContext.Current;
PrincipalContext pcxt = new PrincipalContext(ContextType.Domain, "mydomain.com");
UserPrincipal uPrincipal = UserPrincipal.FindByIdentity(pcxt, IdentityType.SamAccountName, userContext.User.Identity.Name);
return uPrincipal.EmployeeId;
What kind of code if any can I use to grab the same information? Is it possible without third party libraries? It seems the IIS server may transport some kind of information I need through claims? I've attempted to do research but every thing just leads me down more research avenues and I'm not sure where to start.
What you are looking for now has moved in Net Core. The User Principal lives on the HttpContext, but you access via the IHttpContextAccessor which is injected using dependency injection.. This is an example from Microsoft of the starting point for it: https://learn.microsoft.com/en-us/aspnet/core/fundamentals/http-context?view=aspnetcore-2.2
Okay, looks like for .net core 2> Microsoft has implemented the Principal Context library again, even though the documentation says there is no page when clicking .NET Core 2.2. At the very least, I am able to install the package and it works. It's authored by Microsoft, so I don't consider it Third Party.
https://dotnet.myget.org/feed/dotnet-core/package/nuget/System.DirectoryServices.AccountManagement
Luckily was able to find the package thanks to this answer: https://stackoverflow.com/a/49773749/5245385
The code is the exact same as it is in my question. All functionality seems intact.
I am trying to implement SCIM with Web Api 2 (c#) and I've found the nuget package and some documentation from Microsoft and their sample code.
My understanding from the SCIM documentation is that they just need an API with the specified user/Group methods and schemas, but in the sample code they have used a monitor and provider.
public Startup()
{
IMonitor monitor = new DefaultMonitor();
IProvider provider = new SampleProvider();
this.starter = new WebApplicationStarter(provider, monitor);
}
Their code doesn't compile even after following the instructions and getting nuget packages most probably because of the old resources on the packages that they have used, but also I don't see what is the nececity of using the package other than adding some interfaces for my controllers.
I've also found this:
SCIM (System for Cross-domain Identity Management) library for C#
But it is also a shame that the blog post that they are pointing to from MS is gone :.
So what I am asking is:
- Am I going the correct direction? Should I use the nuget?
And if yes, anything special on Web api?
Any suggestion is also very appreciated.
On My Xamarin.forms Portable Project, I am trying to read information from google sheet:
using (var stream = this.Assets.Open(#"clientsecret.json"))
{
var secrets = GoogleClientSecrets.Load(stream).Secrets;
//I get the secrets correctly
credential = GoogleWebAuthorizationBroker.AuthorizeAsync(
secrets,
Scopes,
"user",
CancellationToken.None,
new FileDataStore(credPath,true)).Result;
}
I get
Unhandled Exception
System.AggregateException: One or more errors occurred.
when the complier trying to get credential, keep in your mind the same code is working fine in windows forms application
You appear to be using the Google APIs .Net client library. At this time the client library does not officially support Xamarin
Please see the issue here Investigate Xamarin support #984 or this one #840
Option 1:
Create a fork of the Google APIs .Net client library and fix any issues you can find. The client library is open source so this should be doable. I am sure we would be happy to accept a pull request if you get it working.
Option 2:
Create your own library for accessing just the sheets api. This may be the faster way to go but you need to have some understanding of how Google oauth works in order to do this.
Sounds like it could be a similar issue I am/was facing with auth2 in a UWP app. I use the same kind of auth flow as per your code, and it throws an exception at runtime when I use the mainstream Google APIs .Net Client library. In my case, I was able to use the beta version of the library v1.31.0 beta 01, and that got my UWP app and the auth flow working fine. From looking at the branch the magic is that the beta libraries will default the FileDataStore to a PasswordVaultDataStore object for UWP, which seems to work fine. There are also other differences like UWP code receiver classes etc but I haven't really checked in detail. For all it's worth, try the beta library and see if it helps in your case.
I tried to get the content of the user's profile picture and I found out that I had to call the Beta version because the current version gives the following error message:
"code": "GetUserPhoto",
"message": "The operation is not supported."
So, I tried to switch to Beta, and here is the code that I wrote in C# to do it, but it doesn't work:
Microsoft.Graph 1.6.2
List<QueryOption> options = new List<QueryOption>
{
new QueryOption("$api-version", "beta")
};
var pictureStream = await graphClient.Me.Photo.Content.Request(options).GetAsync();
I got the same error message.
I tried the same request in the Graph Explorer. The 1.0 doesn't work, but Beta works.
The api-version query parameter is used by the Azure AD Graph API. This is a different API than Microsoft Graph. There is a lot of functional overlap (Azure AD Graph is slowly being migrated over to Microsoft Graph) but they use entirely different entities and calling conventions.
In order to call the /beta endpoint using the Microsoft Graph .NET Client Library, you need to change the BaseUrl of the client:
graphClient.BaseUrl = "https://graph.microsoft.com/beta";
var pictureStream = await graphClient.Me.Photo.Content.Request().GetAsync();
Some important notes about the /beta endpoint:
It isn't supported and isn't suitable for production. So don't do that. Or at least don't tell anyone and don't call Support if it stops working. ;-)
The .NET Client uses objects constructed off the production metadata. This means that any entities, actions or properties that were added in /beta don't exist in the models shipped with the SDK.
The .NET Client will ignore any values returned by Microsoft Graph that it doesn't expect to see. So if an endpoint returns a property that wasn't included in the production metadata (see #2), it will simply be ignored.
So long as you're only using a /beta to gain functionality but still expecting /v1.0 results, it should work okay. Photos for example only look at Exchange in v1.0 but look in both Exchange and Active Directory but still return the same result. In theory this means you should be able to swap /beta for /v1.0 without a problem.
I think you are still calling V1 endpoint. In fact, the Beta endpoint is not currently supported in the Microsoft Graph .NET Client Library. More info here.
There is an official beta client for Graph API now:
https://github.com/microsoftgraph/msgraph-beta-sdk-dotnet
We recently upgraded SS from V3 to V4 and have found that our C# clients are now failing because breaking changes were introduced when the PredefinedRoutes were renamed from /syncreply/ to /sync/.
My question is... how can we keep those older clients in the wild still working while we update them from the top (server) down? (Updating all our clients and partners at the same time is not an option.)
Is there a way to add a custom httphandler or maybe a Host setting i am missing?
PS: The only route that is using the /syncreply/ lookup is Authenticate.
Thanks,
Jordan
You can change the existing v3 Service Clients to use the new pre-defined Routes by setting the UseNewPredefinedRoutes property, e.g:
var client = new JsonServiceClient(baseUrl) {
UseNewPredefinedRoutes = true
};