Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEATURE REQ] clientCertificateCredential to support x5c for Azure AD #43945

Closed
gaoyp830 opened this issue May 9, 2024 · 7 comments
Closed

[FEATURE REQ] clientCertificateCredential to support x5c for Azure AD #43945

gaoyp830 opened this issue May 9, 2024 · 7 comments
Assignees
@jsquire
Labels
Client This issue points to a problem in the data-plane of the library. Extensions ASP.NET Core extensions issue-addressed The Azure SDK team member assisting with this issue believes it to be addressed and ready to close.

Comments

@gaoyp830
Copy link
Contributor

gaoyp830 commented May 9, 2024

Library name

Microsoft.Extensions.Azure

Please describe the feature.

In order for Azure function service bus trigger to support connection using Azure AD, the code snippet here (which is used to generate token to be used in the creation of service bus client) needs to set SendX5C to be true in the options. (https://learn.microsoft.com/en-us/dotnet/api/microsoft.identity.web.microsoftidentityoptions.sendx5c?view=msal-model-dotnet-latest)
@github-actions github-actions bot added Client This issue points to a problem in the data-plane of the library. Extensions ASP.NET Core extensions needs-team-attention This issue needs attention from Azure service team or SDK team labels May 9, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented May 9, 2024

Thank you for your feedback. Tagging and routing to the team member best able to assist.

@jsquire
Copy link
Member

jsquire commented May 9, 2024

Hi @gaoyp830. Thank you for reaching out and we regret that you are experiencing difficulties. For your scenario, you'll need to override the default options by calling UseCredential as part of your DI registration. This allows you to control credential creation and set the options desired for your specific needs.

In this case, I believe you'll want to look at setting ClientCertificateCredentialOptions.SendCertificateChain and using that with a new instance of ClientCertificateCredential. For example:

services.AddAzureClients(clientBuilder =>
{
    var options = new ClientCertificateCredentialOptions { SendCertificateChain = true };
    var credential = new ClientCertificateCredential(options);
            
    // This will set the credential used by all Azure clients.
    clientBuilder.UseCredential(credential);
});

More context and discussion can be found in:

@jsquire jsquire added issue-addressed The Azure SDK team member assisting with this issue believes it to be addressed and ready to close. and removed needs-team-attention This issue needs attention from Azure service team or SDK team labels May 9, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented May 9, 2024

Hi @gaoyp830. Thank you for opening this issue and giving us the opportunity to assist. We believe that this has been addressed. If you feel that further discussion is needed, please add a comment with the text "/unresolve" to remove the "issue-addressed" label and continue the conversation.

@gaoyp830
Copy link
Contributor Author

Hi @jsquire, thanks for the information! from Dependency injection with the Azure SDK for .NET, I see that in the example the client is passed in after registration using dependency injection:

public MyApiController(BlobServiceClient blobServiceClient) { _blobServiceClient = blobServiceClient; }
...however this example is the client code. I wonder in the case of using service bus trigger, registering the service bus client like you have mentioned above will also result in service bus trigger using the same client?

Thanks again for any help!

@gaoyp830 gaoyp830 added needs-team-attention This issue needs attention from Azure service team or SDK team and removed issue-addressed The Azure SDK team member assisting with this issue believes it to be addressed and ready to close. labels May 13, 2024
@jsquire
Copy link
Member

jsquire commented May 14, 2024

The trigger uses the registered DI credential implicitly for the clients that perform its operations. There's no difference for what you'd need to do.

@jsquire jsquire added the issue-addressed The Azure SDK team member assisting with this issue believes it to be addressed and ready to close. label May 14, 2024
@github-actions github-actions bot removed the needs-team-attention This issue needs attention from Azure service team or SDK team label May 14, 2024
@github-actions GitHub Actions
Copy link

Hi @gaoyp830. Thank you for opening this issue and giving us the opportunity to assist. We believe that this has been addressed. If you feel that further discussion is needed, please add a comment with the text "/unresolve" to remove the "issue-addressed" label and continue the conversation.

@github-actions GitHub Actions
Copy link

Hi @gaoyp830, since you haven’t asked that we /unresolve the issue, we’ll close this out. If you believe further discussion is needed, please add a comment /unresolve to reopen the issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jsquire jsquire

Labels
Client This issue points to a problem in the data-plane of the library. Extensions ASP.NET Core extensions issue-addressed The Azure SDK team member assisting with this issue believes it to be addressed and ready to close.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jsquire @gaoyp830