Update Azure to use connection string.

Author: StephenMolloy

README.md

@@ -1,6 +1,6 @@
 # Configuration Builders
 
-Configuration Builders are a new feature of the full .Net Framework, introduced in .Net 4.7.1. You can read about the concept in [this blog post](http://www.msdn.com).
+Configuration Builders are a new feature of the full .Net Framework, introduced in .Net 4.7.1. You can read about the concept in [this blog post](http://jeffreyfritz.com/2017/11/modern-configuration-for-asp-net-4-7-1-with-configurationbuilders/).
 With this project, Microsoft is providing a basic set of Configuration Builders that should make it easy for developers to get started with the new feature. They
 are also intended to address some of the basic needs of applications as they move into a container and cloud focused environment.
 
@@ -87,17 +87,15 @@ There are three additional configuration attributes for this config builder:
     [mode|prefix|stripPrefix]
     (vaultName="MyVaultName" |
      uri="https://MyVaultName.vault.azure.net")
-    [clientId="12345678-9012-3456-7890-123456789012"
-     clientSecret="8eNKl240FSfhgY909unhg23DKNj3b2cOO8bVvd+wdCc="]
+    [connectionString="connection string"]
     type="Microsoft.Configuration.ConfigurationBuilders.AzureKeyVaultConfigBuilder, Microsoft.Configuration.ConfigurationBuilders.Azure" />
 ```
-If your secrets are kept in Azure Key Vault, then this config builder is for you. There are four additional attributes for this config builder. The `vaultName` is
+If your secrets are kept in Azure Key Vault, then this config builder is for you. There are three additional attributes for this config builder. The `vaultName` is
 required. The other attributes allow you some manual control about which vault to connect to, but are only necessary if the application is not running in an
-environment that works well with `Microsoft.Azure.Services.AppAuthentication`. Otherwise, the Azure Services Authentication library is used to automatically pick
-up connection information from the execution environment.
+environment that works magically with `Microsoft.Azure.Services.AppAuthentication`. The Azure Services Authentication library is used to automatically pick
+up connection information from the execution environment if possible, but you can override that feature by providing a connection string instead.
   * `vaultName` - This is a required attribute. It specifies the name of the vault in your Azure subscription from which to read key/value pairs.
-  * `clientId` - This is the Azure Active Directory App Id. A string representation of a GUID.
-  * `clientSecret` - This is the Azure Active Directory App Key. A string.
+  * `connectionString` - A connection string usable by [AzureServiceTokenProvider](https://docs.microsoft.com/en-us/azure/key-vault/service-to-service-authentication#connection-string-support)
   * `uri` - Connect to other Key Vault providers with this attribute. If not specified, Azure is the assumed Vault provider. If the uri _is_specified, then `vaultName` is no longer a required parameter.
 
 ### SimpleJsonConfigBuilder
@@ -163,7 +161,6 @@ public class CustomConfigBuilder : KeyValueConfigBuilder
 ```
 
 ## Blog Posts
-[Insert](sldfj)  
-[Blog Posts](sldkfjs)  
-[And References](sldkfj)  
-[Here](lskdjf)  
+[.Net Framework 4.7.1 ASP.NET and Configuration features](https://blogs.msdn.microsoft.com/dotnet/2017/09/13/net-framework-4-7-1-asp-net-and-configuration-features/)
+[Modern Configuration for ASP.NET 4.7.1 with ConfigurationBuilders](http://jeffreyfritz.com/2017/11/modern-configuration-for-asp-net-4-7-1-with-configurationbuilders/)  
+[Service-to-service authentication to Azure Key Vault using .NET](https://docs.microsoft.com/en-us/azure/key-vault/service-to-service-authentication#connection-string-support)

src/Azure/Azure.csproj

@@ -15,6 +15,8 @@
     <SignAssembly>true</SignAssembly>
     <DelaySign>true</DelaySign>
     <AssemblyOriginatorKeyFile>..\35MSSharedLib1024.snk</AssemblyOriginatorKeyFile>
+    <NuGetPackageImportStamp>
+    </NuGetPackageImportStamp>
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
     <DebugSymbols>true</DebugSymbols>
@@ -35,28 +37,28 @@
   </PropertyGroup>
   <ItemGroup>
     <Reference Include="Microsoft.Azure.KeyVault, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\..\packages\Microsoft.Azure.KeyVault.2.3.2\lib\net452\Microsoft.Azure.KeyVault.dll</HintPath>
+      <HintPath>..\..\packages\Microsoft.Azure.KeyVault.2.4.0-preview\lib\net452\Microsoft.Azure.KeyVault.dll</HintPath>
     </Reference>
     <Reference Include="Microsoft.Azure.KeyVault.WebKey, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\..\packages\Microsoft.Azure.KeyVault.WebKey.2.0.7\lib\net452\Microsoft.Azure.KeyVault.WebKey.dll</HintPath>
+      <HintPath>..\..\packages\Microsoft.Azure.KeyVault.WebKey.2.1.0-preview\lib\net452\Microsoft.Azure.KeyVault.WebKey.dll</HintPath>
     </Reference>
     <Reference Include="Microsoft.Azure.Services.AppAuthentication, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\..\packages\Microsoft.Azure.Services.AppAuthentication.1.0.0-preview\lib\net452\Microsoft.Azure.Services.AppAuthentication.dll</HintPath>
+      <HintPath>..\..\packages\Microsoft.Azure.Services.AppAuthentication.1.1.0-preview\lib\net452\Microsoft.Azure.Services.AppAuthentication.dll</HintPath>
     </Reference>
-    <Reference Include="Microsoft.IdentityModel.Clients.ActiveDirectory, Version=3.14.2.11, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\..\packages\Microsoft.IdentityModel.Clients.ActiveDirectory.3.14.2\lib\net45\Microsoft.IdentityModel.Clients.ActiveDirectory.dll</HintPath>
+    <Reference Include="Microsoft.IdentityModel.Clients.ActiveDirectory, Version=3.19.2.6005, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\Microsoft.IdentityModel.Clients.ActiveDirectory.3.19.2\lib\net45\Microsoft.IdentityModel.Clients.ActiveDirectory.dll</HintPath>
     </Reference>
-    <Reference Include="Microsoft.IdentityModel.Clients.ActiveDirectory.Platform, Version=3.14.2.11, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\..\packages\Microsoft.IdentityModel.Clients.ActiveDirectory.3.14.2\lib\net45\Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dll</HintPath>
+    <Reference Include="Microsoft.IdentityModel.Clients.ActiveDirectory.Platform, Version=3.19.2.6005, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\Microsoft.IdentityModel.Clients.ActiveDirectory.3.19.2\lib\net45\Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dll</HintPath>
     </Reference>
     <Reference Include="Microsoft.Rest.ClientRuntime, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\..\packages\Microsoft.Rest.ClientRuntime.2.3.8\lib\net452\Microsoft.Rest.ClientRuntime.dll</HintPath>
+      <HintPath>..\..\packages\Microsoft.Rest.ClientRuntime.2.3.10\lib\net452\Microsoft.Rest.ClientRuntime.dll</HintPath>
     </Reference>
     <Reference Include="Microsoft.Rest.ClientRuntime.Azure, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\..\packages\Microsoft.Rest.ClientRuntime.Azure.3.3.7\lib\net452\Microsoft.Rest.ClientRuntime.Azure.dll</HintPath>
+      <HintPath>..\..\packages\Microsoft.Rest.ClientRuntime.Azure.3.3.10\lib\net452\Microsoft.Rest.ClientRuntime.Azure.dll</HintPath>
     </Reference>
-    <Reference Include="Newtonsoft.Json, Version=10.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed, processorArchitecture=MSIL">
-      <HintPath>..\..\packages\Newtonsoft.Json.10.0.3\lib\net45\Newtonsoft.Json.dll</HintPath>
+    <Reference Include="Newtonsoft.Json, Version=11.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\Newtonsoft.Json.11.0.1\lib\net45\Newtonsoft.Json.dll</HintPath>
     </Reference>
     <Reference Include="System" />
     <Reference Include="System.Configuration" />
@@ -66,15 +68,23 @@
     <Compile Include="AzureKeyVaultConfigBuilder.cs" />
     <Compile Include="Properties\AssemblyInfo.cs" />
   </ItemGroup>
-  <ItemGroup>
-    <None Include="packages.config" />
-  </ItemGroup>
   <ItemGroup>
     <ProjectReference Include="..\Base\Base.csproj">
       <Project>{f382fbf8-146d-4968-a199-90d37f9ef9a7}</Project>
       <Name>Base</Name>
     </ProjectReference>
   </ItemGroup>
+  <ItemGroup>
+    <None Include="app.config" />
+    <None Include="packages.config" />
+  </ItemGroup>
   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
   <Import Project="$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildThisFileDirectory),MicrosoftConfigurationBuilders.sln))\tools\cleanup.targets" />
+  <Import Project="..\..\packages\Microsoft.Azure.Services.AppAuthentication.1.1.0-preview\build\Microsoft.Azure.Services.AppAuthentication.targets" Condition="Exists('..\..\packages\Microsoft.Azure.Services.AppAuthentication.1.1.0-preview\build\Microsoft.Azure.Services.AppAuthentication.targets')" />
+  <Target Name="EnsureNuGetPackageBuildImports" BeforeTargets="PrepareForBuild">
+    <PropertyGroup>
+      <ErrorText>This project references NuGet package(s) that are missing on this computer. Use NuGet Package Restore to download them.  For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is {0}.</ErrorText>
+    </PropertyGroup>
+    <Error Condition="!Exists('..\..\packages\Microsoft.Azure.Services.AppAuthentication.1.1.0-preview\build\Microsoft.Azure.Services.AppAuthentication.targets')" Text="$([System.String]::Format('$(ErrorText)', '..\..\packages\Microsoft.Azure.Services.AppAuthentication.1.1.0-preview\build\Microsoft.Azure.Services.AppAuthentication.targets'))" />
+  </Target>
 </Project>

src/Azure/AzureKeyVaultConfigBuilder.cs

@@ -14,13 +14,11 @@ namespace Microsoft.Configuration.ConfigurationBuilders
     public class AzureKeyVaultConfigBuilder : KeyValueConfigBuilder
     {
         public const string vaultNameTag = "vaultName";
-        public const string clientIdTag = "clientId";
-        public const string clientSecretTag = "clientSecret";
+        public const string connectionStringTag = "connectionString";
         public const string uriTag = "uri";
 
         private string _vaultName;
-        private string _clientId;
-        private string _clientSecret;
+        private string _connectionString;
         private string _uri;
 
         private KeyVaultClient _kvClient;
@@ -42,24 +40,12 @@ public override void Initialize(string name, NameValueCollection config)
             }
             _uri = _uri.TrimEnd(new char[] { '/' });
 
-            string tmp = config?[clientIdTag];
-            _clientId = (String.IsNullOrWhiteSpace(tmp)) ? null : tmp;
-            tmp = config?[clientSecretTag];
-            _clientSecret = (String.IsNullOrWhiteSpace(tmp)) ? null : tmp;
+            _connectionString = config?[connectionStringTag];
+            _connectionString = String.IsNullOrWhiteSpace(_connectionString) ? null : _connectionString;
 
-
-            // If Client ID and Secret are provided, connect to KeyVault that way.
-            if (!String.IsNullOrWhiteSpace(_clientId) && !String.IsNullOrWhiteSpace(_clientSecret))
-            {
-                _kvClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(GetTokenFromClientSecret));
-            }
-
-            // Otherwise, fall back on the magic of Microsoft.Azure.Services.AppAuthentication.
-            else
-            {
-                AzureServiceTokenProvider tokenProvider = new AzureServiceTokenProvider();
-                _kvClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(tokenProvider.KeyVaultTokenCallback));
-            }
+            // Connect to KeyValut
+            AzureServiceTokenProvider tokenProvider = new AzureServiceTokenProvider(_connectionString);
+            _kvClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(tokenProvider.KeyVaultTokenCallback));
 
             _allKeys = GetAllKeys();
         }
@@ -100,18 +86,6 @@ private async Task<string> GetValueAsync(string key)
             return null;
         }
 
-        private async Task<string> GetTokenFromClientSecret(string authority, string resource, string scope)
-        {
-            AuthenticationContext authContext = new AuthenticationContext(authority);
-            ClientCredential clientCred = new ClientCredential(_clientId, _clientSecret);
-            AuthenticationResult result = await authContext.AcquireTokenAsync(resource, clientCred);
-
-            if (result == null)
-                throw new InvalidOperationException("Failed to obtain token from client secret.");
-
-            return result.AccessToken;
-        }
-
         private List<string> GetAllKeys()
         {
             var allSecrets = Task.Run(async () => { return await _kvClient.GetSecretsAsync(_uri); }).Result;

src/Azure/packages.config

@@ -1,10 +1,10 @@
 <?xml version="1.0" encoding="utf-8"?>
 <packages>
-  <package id="Microsoft.Azure.KeyVault" version="2.3.2" targetFramework="net47" />
-  <package id="Microsoft.Azure.KeyVault.WebKey" version="2.0.7" targetFramework="net47" />
-  <package id="Microsoft.Azure.Services.AppAuthentication" version="1.0.0-preview" targetFramework="net47" />
-  <package id="Microsoft.IdentityModel.Clients.ActiveDirectory" version="3.14.2" targetFramework="net47" />
-  <package id="Microsoft.Rest.ClientRuntime" version="2.3.8" targetFramework="net47" />
-  <package id="Microsoft.Rest.ClientRuntime.Azure" version="3.3.7" targetFramework="net47" />
-  <package id="Newtonsoft.Json" version="10.0.3" targetFramework="net47" />
+  <package id="Microsoft.Azure.KeyVault" version="2.4.0-preview" targetFramework="net471" />
+  <package id="Microsoft.Azure.KeyVault.WebKey" version="2.1.0-preview" targetFramework="net471" />
+  <package id="Microsoft.Azure.Services.AppAuthentication" version="1.1.0-preview" targetFramework="net471" />
+  <package id="Microsoft.IdentityModel.Clients.ActiveDirectory" version="3.19.2" targetFramework="net471" />
+  <package id="Microsoft.Rest.ClientRuntime" version="2.3.10" targetFramework="net471" />
+  <package id="Microsoft.Rest.ClientRuntime.Azure" version="3.3.10" targetFramework="net471" />
+  <package id="Newtonsoft.Json" version="11.0.1" targetFramework="net471" />
 </packages>