C# 在密钥库中列出秘密而不登录每个秘密?
我已经成功地列出了Azure KeyVault中的所有秘密-但是每次我想要获得下一个秘密时,我都需要打电话获取令牌 如何存储凭据,以便在循环期间只需登录一次C# 在密钥库中列出秘密而不登录每个秘密?,c#,asp.net-mvc,azure,azure-keyvault,C#,Asp.net Mvc,Azure,Azure Keyvault,我已经成功地列出了Azure KeyVault中的所有秘密-但是每次我想要获得下一个秘密时,我都需要打电话获取令牌 如何存储凭据,以便在循环期间只需登录一次 public async Task<List<string>> getsecretslist(string url) { var kv = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(GetToken));
public async Task<List<string>> getsecretslist(string url)
{
var kv = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(GetToken));
List<string> secretlist = new List<string>();
var all = kv.GetSecretsAsync(url);
var myId = "";
foreach (Microsoft.Azure.KeyVault.Models.SecretItem someItem in all.Result)
{
myId = someItem.Id;
var mOtherThing = someItem.Identifier;
var yep = await kv.GetSecretAsync(mOtherThing.ToString());
secretlist.Add(yep.Value);
}
return secretlist;
}
public异步任务getsecretslist(字符串url)
{
var kv=新的KeyVaultClient(新的KeyVaultClient.AuthenticationCallback(GetToken));
List secretlist=新列表();
var all=kv.GetSecretsAsync(url);
var myId=“”;
foreach(Microsoft.Azure.KeyVault.Models.SecretItem someItem in all.Result)
{
myId=someItem.Id;
var mOtherThing=someItem.Identifier;
var yep=wait kv.GetSecretAsync(mOtherThing.ToString());
secretlist.Add(是值);
}
返回秘密名单;
}
您不需要在循环中调用GetSecretAsync
。这些秘密已经包含在调用GetSecretsAsync
的结果集中。这就是为什么要反复对您进行身份验证
下面是对循环的一个简单更改,以完成您正在寻找的任务
var all = kv.GetSecretsAsync(url).GetAwaiter().GetResult();
foreach (var secret in all.Value)
{
secretlist.Add(secret.Id);
}
在GetToken回调方法中,只要访问令牌有效且未过期,就需要缓存它。然后回调将返回缓存的访问令牌,而不是再次进行身份验证。以下代码段将使用ADAL默认令牌缓存(例如TokenCache.DefaultShared)
公共静态异步任务GetToken(字符串权限、字符串资源、字符串范围)
{
var assertionCert=新客户端证书(clientId,certificate);
var context=newauthenticationcontext(authority,TokenCache.DefaultShared);
var result=await context.AcquireTokenAsync(resource,assertionCert).ConfigureAwait(false);
返回result.AccessToken;
}
我发现最好的方法是保存在GetToken
函数中获得的令牌,例如:
var authenticationContext = new AuthenticationContext(authority, TokenCache.DefaultShared);
var authenticationResult = await authenticationContext.AcquireTokenAsync(resource, KeyVaultUserClientId, new Uri(KeyVaultRedirectUri), new PlatformParameters(PromptBehavior.SelectAccount)).ConfigureAwait(false);
return authenticationResult.AccessToken;
然后我简单地修改了客户端的getter,这样它将检查到期时间,如果它仍然有效(应该有60分钟的到期时间),它将返回一个更简单的客户端,返回lastAuthenticationResult
private static KeyVaultClient KeyVaultClient
{
get
{
if (lastAuthenticationResult != null && DateTime.UtcNow.AddSeconds(5) < lastAuthenticationResult.ExpiresOn)
{
if (m_cachedKeyVaultClient != null)
{
return m_cachedKeyVaultClient;
}
else
{
return new KeyVaultClient(getCachedToken);
}
}
if (m_keyVaultClient == null)
m_keyVaultClient = new KeyVaultClient(GetAccessTokenAsync);
return m_keyVaultClient;
}
}
private static async Task<string> getCachedToken(string authority, string resource, string scope)
{
return lastAuthenticationResult.AccessToken;
}
private static KeyVaultClient KeyVaultClient
{
得到
{
if(lastAuthenticationResult!=null&&DateTime.UtcNow.AddSeconds(5)
啊!我甚至没有注意到GetSecretsAsync和GetSecretAsync都被使用。我也会把它包括进去。谢谢我相信这个答案是错误的。结果不包含秘密值。只有身份证,你需要另一次往返才能得到秘密。GetSecrets()返回SecretItem的集合,该集合不包括secret的值(SecretBundle会)
private static KeyVaultClient KeyVaultClient
{
get
{
if (lastAuthenticationResult != null && DateTime.UtcNow.AddSeconds(5) < lastAuthenticationResult.ExpiresOn)
{
if (m_cachedKeyVaultClient != null)
{
return m_cachedKeyVaultClient;
}
else
{
return new KeyVaultClient(getCachedToken);
}
}
if (m_keyVaultClient == null)
m_keyVaultClient = new KeyVaultClient(GetAccessTokenAsync);
return m_keyVaultClient;
}
}
private static async Task<string> getCachedToken(string authority, string resource, string scope)
{
return lastAuthenticationResult.AccessToken;
}