Search code examples
c#.net-4.8.net-standard-2.0azure-app-configuration

Azure App Configuration Services with Key that is an Array pointer

I am trying to store my Azure AD configuration in Azure App Configuration. For reference, and to make sure I'm not encountering an issue that was fixed in a later edition the code that is loading this configuration is .Net 4.8/Standard 2.0.

My current key structure follows best practices such as AzureAd:TenantId and AzureAd:Instance etc.

The problem is when I get to the credentials portion of the config. In case you are unfamiliar, Microsoft.Identity.Web has a definition for the configuration Which I then used to turn into a POCO because I am doing something manual outside the confines of the normal identity web downstream flow.

My Poco looks like this:

public class EntraConfiguration
{
  public string Instance { get; set; }

  public string TenantId { get; set; }

  /* other values omitted for brevity */
  
  public IEnumerable<IDictionary<string, string>> ClientCredentials { get; set; }
}

When I load my application, I'm using a simple binder:

var entraConfiguration = new EntraConfiguration();
configuration.Bind("AzureAd", entraConfiguration);
services.AddSingleton(entraConfiguration);

The part I am struggling with are the credentials array, which per the example can look like this:

{
   "ClientCredentials": [
      {
        "SourceType": "ClientSecret",
        "ClientSecret": "MyClientSecret"
      },
      {
        "SourceType": "KeyVault",
        "KeyVaultUrl": "https://mykeyvault.vault.azure.net",
        "KeyVaultCertificateName": "MyCertificate"
      }
    ]
}

Now, if I were setting these in a build pipeline, I could easily use a key like AzureAd:ClientCredentials:0:SourceType The reason I want to do this is because I need to pull the client secret from Keyvault through AAC and then want it to bind into my poco automatically.

However, when I do so, the ClientCredentials property on my poco is always null. All of the other properties are set.

Is my key structure wrong in AAC or maybe I'm using the wrong type for binding in my poco. I have bound out of an appsettings file just like this before with no issue.

Solution

  • In our implementation of this, we use the following for ClientCredentials in the POCO.

    public CredentialDescription[] ClientCredentials { get; set; }

    We have made use of this syntax in App Configuration AzureAd:ClientCredentials:0:SourceType in order to use keyvault references for the ClientSecret but it should also be possible in App Configuration to simply put a json array into a setting called AzureAd:ClientCredentials.