This repository has been archived by the owner on Aug 2, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 37
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Support for AAD subject name issue authentication (#788)
* Introduce a new generic cert loader service. * Make ASC use a static http client and move the data provider away from using client secrets and towards using cert based aad authentication. * Update documentation for ASC data provider * Add retry while lookingup certificates to address timing issue caused on local dev environment. * Move MDM Cert loader to use the generic certificate loader * Cleanup cert loaders since respective data provider is now dependent on generic cert loader. * Move Geomaster client to use certificate from generic cert loader. * Support for loading certificates from dev keyvault to computer user store. This helps dev environment without without constant intervention. * Remove unsed namespaces * Add keyvault certificate loader for dev environment to build pipeline * Add support for subject name + issuer authentication for AAD bearer tokens. This eliminated the need to store client secret. Add support for token cache and auto token refresh. * Cleanup Asc token service since it now acquires token via subject name + issuer auth via the generic token service. * Switch Asc client to use generic token service. * SDK for MSAL. * Config for loading certificate used to acquire AAD token. * Move Kusto SDK client to use subject name issuer AAD authentication. * Initialize generic certificate loader and cleanup other certificate loaders+ASC token service. * Add a new Http data provider. Helps test the generic token service enabling move of other data providers to this approach. * Resolve merge conflict * Fix typofor method name * Add mock values for ASC data provider and tests to succeed. * Add a new method fixing the typo in earlier method name. Once this change is deployed, will deprecate the method with typo and by updating detector code. * Fix build error
- Loading branch information
Showing
34 changed files
with
2,492 additions
and
532 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
99 changes: 99 additions & 0 deletions
99
src/Diagnostics.DataProviders/DataProviderConfigurations/HttpDataProviderConfiguration.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,99 @@ | ||
| using System; | ||
| using System.Collections.Generic; | ||
| using System.ComponentModel.DataAnnotations; | ||
|
|
||
|
|
||
| namespace Diagnostics.DataProviders.DataProviderConfigurations | ||
| { | ||
| [DataSourceConfiguration("HttpProvider")] | ||
| public class HttpDataProviderConfiguration : DataProviderConfigurationBase, IDataProviderConfiguration | ||
| { | ||
| /// <summary> | ||
| /// Subject name of the certificate that will be used by default to acquire token from AAD while sending HTTP requests. | ||
| /// </summary> | ||
| [ConfigurationName("DefaultTokenRequestorCertSubjectName")] | ||
| [Required] | ||
| public string DefaultTokenRequestorCertSubjectName { get; set; } | ||
|
|
||
| /// <summary> | ||
| /// Subject name of the certificate that will be sent as client certificate along with the HTTP request to support certificate based authentication. | ||
| /// </summary> | ||
| [ConfigurationName("DefaultClientCertAuthSubjectName")] | ||
| [Required] | ||
| public string DefaultClientCertAuthSubjectName { get; set; } | ||
|
|
||
| /// <summary> | ||
| /// User Agent value passed to external endpoint. | ||
| /// </summary> | ||
| [ConfigurationName("UserAgent")] | ||
| [Required] | ||
| public string UserAgent { get; set; } | ||
|
|
||
| /// <summary> | ||
| /// Domain URI of the AAD Tenant where the aad app resides. | ||
| /// </summary> | ||
| [ConfigurationName("DefaultAADAuthority")] | ||
| [Required] | ||
| public string DefaultAADAuthority { get; set; } | ||
|
|
||
| private Uri _defaultAADAuthorityUri = default(Uri); | ||
|
|
||
| public Uri DefaultAADAuthorityUri | ||
| { | ||
| get { | ||
| if (_defaultAADAuthorityUri == null) | ||
| { | ||
| _defaultAADAuthorityUri = new Uri(DefaultAADAuthority); | ||
| } | ||
| return _defaultAADAuthorityUri; | ||
| } | ||
| } | ||
|
|
||
| /// <summary> | ||
| /// Client id of of the aad app to request the token from. | ||
| /// </summary> | ||
| [ConfigurationName("DefaultAADClientId")] | ||
| [Required] | ||
| public string DefaultAADClientId { get; set; } | ||
|
|
||
| /// <summary> | ||
| /// Timeout value in milliseconds for all outbound requests. | ||
| /// </summary> | ||
| [ConfigurationName("DefaultRequestTimeOutInMilliSeconds")] | ||
| [Required] | ||
| public int DefaultRequestTimeOutInMilliSeconds { get; set; } | ||
|
|
||
| /// <summary> | ||
| /// Number of connections that are open simultaneously to a given destination URL. | ||
| /// </summary> | ||
| [ConfigurationName("MaxConnectionsPerServer")] | ||
| [Required] | ||
| public int MaxConnectionsPerServer { get; set; } | ||
|
|
||
| /// <summary> | ||
| /// Comma seperated list of headers that are prohibited to include in outgoiung HTTP calls | ||
| /// </summary> | ||
| [ConfigurationName("ProhibitedHeadersCSV")] | ||
| [Required] | ||
| public string ProhibitedHeaders { get; set; } | ||
|
|
||
| private List<string> _prohibitedHeadersList = new List<string>(); | ||
| public List<string> ProhibitedHeadersList | ||
| { | ||
| get | ||
| { | ||
| if (_prohibitedHeadersList.Count < 1 && !string.IsNullOrWhiteSpace(ProhibitedHeaders)) | ||
| { | ||
| foreach (string currHeaderName in ProhibitedHeaders.Split(',')) | ||
| { | ||
| if (!string.IsNullOrWhiteSpace(currHeaderName)) | ||
| { | ||
| _prohibitedHeadersList.Add(currHeaderName.Trim()); | ||
| } | ||
| } | ||
| } | ||
| return _prohibitedHeadersList; | ||
| } | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.