By default WebJobs requires to specify Azure Storage account using AzureWebJobsStorage connection string.
But I already have access to my storage with Managed Identity:
AzureServiceTokenProvider azureServiceTokenProvider = new AzureServiceTokenProvider();
string accessToken = await azureServiceTokenProvider.GetAccessTokenAsync("https://storage.azure.com/");
StorageCredentials storageCredentials = new StorageCredentials(new TokenCredential(accessToken));
CloudStorageAccount cloudStorageAccount = new CloudStorageAccount(storageCredentials, "mystorageaccount", "core.windows.net", true);
Can I configure WebJobs to use this cloudStorageAccount instead of AzureWebJobsStorage connection string?
Can I configure WebJobs to use this cloudStorageAccount instead of AzureWebJobsStorage connection string?
Yes, you could use cloudStorageAccount to get blob account and do some operation on blobs. However, you still need to provide AzureWebJobsDashboard and AzureWebJobsStorage when you use Webjob. Because they are not only connectionstring, they are also the log path.
In my test, I set AzureWebJobsStorage value with storage1 connection and in code I get storage2 account and it works.
AzureServiceTokenProvider azureServiceTokenProvider = new AzureServiceTokenProvider();
string accessToken = azureServiceTokenProvider.GetAccessTokenAsync("https://storage.azure.com/").Result;
StorageCredentials storageCredentials = new StorageCredentials(new TokenCredential(accessToken));
CloudStorageAccount cloudStorageAccount = new CloudStorageAccount(storageCredentials, "storage2", "core.windows.net", true);
CloudBlobClient cloudBlobClient = cloudStorageAccount.CreateCloudBlobClient();
CloudBlobContainer cloudBlobContainer = cloudBlobClient.GetContainerReference("mycontainer");
CloudBlockBlob cloudBlockBlob = cloudBlobContainer.GetBlockBlobReference("hello.txt");
cloudBlockBlob.UploadTextAsync("aaaaaaaa").Wait();
For more details about assign role and get access token you could refer to this article.
Related
I am trying to access AWS S3 files using Identity pool of Cognito. I am able to do all functionalities of Congito user pool and faced no issue in secret hash. I use same way here but now having the issue in this process.
I am providing my code below for more understanding. I am getting error at line AuthFlowResponse context = await user.StartWithSrpAuthAsync below.
secretHash = crypto.GetMACHash(username + "<ClientID>");
AmazonCognitoIdentityProviderConfig config = new AmazonCognitoIdentityProviderConfig();
var provider = new AmazonCognitoIdentityProviderClient("<accessKey>", "<SecretKey>",RegionEndpoint.USEast1);
CognitoUserPool userPool = new CognitoUserPool("<userpool>", "<clientId>", provider, "<clientSecret>");
CognitoUser user = new CognitoUser(username, "<clientId>", userPool, provider, secretHash);
string userpassword = "Testtest#1";
AuthFlowResponse context = await user.StartWithSrpAuthAsync(new InitiateSrpAuthRequest()
{
Password = userpassword
}).ConfigureAwait(false);
CognitoAWSCredentials s3Credentials =
user.GetCognitoAWSCredentials("<IdentityPoolID>", RegionEndpoint.USEast1);
I'm trying to create meeting using Chime SDK and I'm passing accessKey and accessKeyId to authenticate. However, the request fails with error, 'Invalid session token'. When I pass session token generated using AWS CLI it works fine. I want to generate the session token programmatically from within .net. How to achieve this.
AWSCredentials credentials = new Chime.Credentials(awsAccessKeyId, awsSecretAccessKey, token);
RegionEndpoint region = RegionEndpoint.USEast1;
client = new AmazonChimeClient(credentials, RegionEndpoint.USEast1);
CreateMeetingRequest request = new CreateMeetingRequest();
request.MeetingHostId = meetingHostId;
request.ExternalMeetingId = externalMeetingId;
return await client.CreateMeetingAsync(request);
You are not setting the ClientRequestToken
CreateMeetingRequest request = new CreateMeetingRequest();
request.MeetingHostId = meetingHostId;
request.ExternalMeetingId = externalMeetingId;
//needs request.ClientRequestToken = ????
Tim
I am following this sample in attempt to publish messages in PubSub from a c#.net app on a windows server. As expected it throws auth exception on:
PublisherClient publisher = PublisherClient.Create();
Most of my code base connects to GCS and BigQuery using their respective services, sample below:
private StorageService GetStorageService()
{
X509Certificate2 certificate = new X509Certificate2(certificateFile, "notasecret", X509KeyStorageFlags.Exportable);
ServiceAccountCredential credential = new ServiceAccountCredential(
new ServiceAccountCredential.Initializer(serviceAccountEmail)
{
Scopes = new[] { StorageService.Scope.DevstorageFullControl }
}.FromCertificate(certificate));
return new StorageService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
ApplicationName = projectNumber,
});
}
I just pass certificateFile, serviceAccountEmail from a config file as parameters. Is there anyway to Auth similarly for PubSub?
Yes, it's possible, and you're looking in the right repo for samples. I notice the QuickStart directory is missing a README.md. I'll add one shortly.
To get this line of code to work:
PublisherClient publisher = PublisherClient.Create();
Set the environment variable GOOGLE_APPLICATION_CREDENTIALS to the path of a json service account credentials file. Details are in step 3 of the root README:
https://github.com/GoogleCloudPlatform/dotnet-docs-samples/blob/master/README.md
If your environment requires you to manually specify the path to a credential file, the code looks like this:
GoogleCredential googleCredential = null;
using (var jsonStream = new FileStream(jsonPath, FileMode.Open,
FileAccess.Read, FileShare.Read))
{
googleCredential = GoogleCredential.FromStream(jsonStream)
.CreateScoped(PublisherClient.DefaultScopes);
}
Channel channel = new Channel(PublisherClient.DefaultEndpoint.Host,
PublisherClient.DefaultEndpoint.Port,
googleCredential.ToChannelCredentials());
PublisherClient publisher = PublisherClient.Create(channel);
I reported issue https://github.com/GoogleCloudPlatform/google-cloud-dotnet/issues/1398 to make this common task simpler.
Trying to post a message to an AWS SQS Queue that already exists using .Net Core.
Due to some deployment issues, I don't want to create a separate credentials file, I just want to manually add the credentials and add them to my client or request. I can't see how to do this using the documentation.
I've got a simple console app version of what I am trying to do below... I have created the Credentials, I just can't see how to inject them into the client or request so that it authenticates with my IAM user.
Currently the code just hangs creating the client.
var awsCreds = new BasicAWSCredentials("MYKEYGOESHERE", "MYSECRETGOESHERE");
var amazonSQSConfig = new AmazonSQSConfig();
amazonSQSConfig.ServiceURL = "https://sqs.eu-west-1.amazonaws.com";
var amazonSQSClient = new AmazonSQSClient(amazonSQSConfig);
var sendRequest = new SendMessageRequest();
sendRequest.QueueUrl = "https://sqs.eu-west-1.amazonaws.com/[USERID]/[QUEUENAME]";
sendRequest.MessageBody = "{ 'message' : 'hello world' }";
var sendMessageResponse = amazonSQSClient.SendMessageAsync(sendRequest);
You have to pass the credentials to the AmazonSQSClient like so:
var amazonSQSClient = new AmazonSQSClient(awsCreds, amazonSQSConfig);
Five years later, here is what is working for me:
AmazonSQSClient sqsClient = new AmazonSQSClient("MYKEYGOESHERE", "MYSECRETGOESHERE", RegionEndpoint.USWest2);
No use of BasicAWSCredentials or AmazonSQSConfig.
I have taken the code from the SDK and made just one modification to set the authentication type but when I try to connect I get an "Unauthorized" error.
My code is:
// Set up the CRM Service.
CrmAuthenticationToken token = new CrmAuthenticationToken();
token.AuthenticationType = 2;
token.OrganizationName = "TESTCRM";
CrmService service = new CrmService();
service.Url = "https://testcrm.ifdtestsystem.com/MSCrmServices/2007/CrmService.asmx";
service.CrmAuthenticationTokenValue = token;
//service.Credentials = System.Net.CredentialCache.DefaultCredentials;
service.Credentials = new NetworkCredential("Bill", "Password");
// Create an account entity and assign data to some attributes.
account newAccount = new account();
newAccount.name = "Greg Bike Store";
newAccount.accountnumber = "123456";
newAccount.address1_postalcode = "98052";
newAccount.address1_city = "Redmond";
// Call the Create method to create an account.
Guid accountId = service.Create(newAccount);
When using SPLA (IFD) you need to also populate the token with a crmticket.The ticket can be retrieved by quering the CrmDiscoveryService.
This document contains a reasonable sample how to use CrmDiscoveryService to obtain a ticket and set up CrmService.
Note that Credentials property for the service will no longer be required as all authentication information will be inside the ticket.
Hope this helps