(adsbygoogle = window.adsbygoogle || []).push({});

//
// Copyright © Microsoft Corporation, All Rights Reserved
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// You must login or register to view this content.
//
// THIS CODE IS PROVIDED *AS IS* BASIS, WITHOUT WARRANTIES OR CONDITIONS
// OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION
// ANY IMPLIED WARRANTIES OR CONDITIONS OF TITLE, FITNESS FOR A
// PARTICULAR PURPOSE, MERCHANTABILITY OR NON-INFRINGEMENT.
//
// See the Apache License, Version 2.0 for the specific language
// governing permissions and limitations under the License.

using Microsoft.IdentityModel.Clients.ActiveDirectory;
using Microsoft.KeyVault.Client;
using Microsoft.WindowsAzure;
using System.Configuration;
using System.Security.Cryptography.X509Certificates;

namespace SampleKeyVaultClientWebRole
{
/// <summary>
/// This class uses Microsoft.KeyVault.Client library to call into Key Vault and retrieve a secret.
///
/// Authentication when calling Key Vault is done through the configured X509 ceritifcate.
/// </summary>
public class KeyVaultAccessor
{
private static KeyVaultClient keyVaultClient;
private static X509Certificate2 clientAssertionCertPfx;
static KeyVaultAccessor()
{
keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(GetAccessToken));
clientAssertionCertPfx = CertificateHelper.FindCertificateByThumbprint(ConfigurationManager.AppSettings[Constants.KeyVaultAuthCertThumbprintSetting]);
}

/// <summary>
/// Get a secret from Key Vault
/// </summary>
/// <param name="secretId">ID of the secret</param>
/// <returns>secret value</returns>
public static string GetSecret(string secretId)
{
var secret = keyVaultClient.GetSecretAsync(secretId).Result;
return secret.Value;
}

/// <summary>
/// Authentication callback that gets a token using the X509 certificate
/// </summary>
/// <param name="authority">Address of the authority</param>
/// <param name="resource">Identifier of the target resource that is the recipient of the requested token</param>
/// <param name="scope">Scope</param>
/// <returns></returns>
public static string GetAccessToken(string authority, string resource, string scope)
{
var client_id = ConfigurationManager.AppSettings[Constants.KeyVaultAuthClientIdSetting];

var context = new AuthenticationContext(authority, null);

var assertionCert = new ClientAssertionCertificate(client_id, clientAssertionCertPfx);

var result = context.AcquireToken(resource, assertionCert);

return result.AccessToken;
}

}
}


// Second file Functions.cs

using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using Microsoft.Azure.WebJobs;

namespace SJKP.KeyVault.AzureWebJob
{
public class Functions
{
// This function will get triggered/executed when a new message is written
// on an Azure Queue called queue.
//public static void ProcessQueueMessage([QueueTrigger("queue")] string message, TextWriter log)
//{
// log.WriteLine(message);
//}
}
}

// Third File Constants.cs

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;

namespace SampleKeyVaultClientWebRole
{
public static class Constants
{
public static string KeyVaultAuthClientIdSetting = "KeyVaultAuthClientId";
public static string KeyVaultAuthCertThumbprintSetting = "KeyVaultAuthCertThumbprint";
}
}

// Then The Package Microsoft.KeyVault.Client

//
// Copyright © Microsoft Corporation, All Rights Reserved
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// You must login or register to view this content.
//
// THIS CODE IS PROVIDED *AS IS* BASIS, WITHOUT WARRANTIES OR CONDITIONS
// OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION
// ANY IMPLIED WARRANTIES OR CONDITIONS OF TITLE, FITNESS FOR A
// PARTICULAR PURPOSE, MERCHANTABILITY OR NON-INFRINGEMENT.
//
// See the Apache License, Version 2.0 for the specific language
// governing permissions and limitations under the License.

using System;

namespace Microsoft.KeyVault.Client
{
internal static class UriExtensions
{
/// <summary>
/// Returns an authority string for URI that is guaranteed to contain
/// a port number.
/// </summary>
/// <param name="uri">The Uri from which to compute the authority</param>
/// <returns>The complete authority for the Uri</returns>
public static string FullAuthority( this Uri uri )
{
string authority = uri.Authority;

if ( !authority.Contains( ":" ) )
{
// Append port for complete authority
authority = string.Format( "{0}:{1}", uri.Authority, uri.Port.ToString() );
}

return authority;
}

/// <summary>
/// x-www-form-urlencoded a string without the requirement for System.Web
/// </summary>
/// <param name="String"></param>
/// <returns></returns>
// [Obsolete("Use System.Uri.EscapeDataString instead")]
public static string UrlFormEncode( string text )
{
// Sytem.Uri provides reliable parsing
if ( string.IsNullOrEmpty( text ) )
return string.Empty;

return System.Uri.EscapeDataString( text ).Replace( "%20", "+" );
}

/// <summary>
/// UrlDecodes a string without requiring System.Web
/// </summary>
/// <param name="text">String to decode.</param>
/// <returns>decoded string</returns>
public static string UrlFormDecode( string text )
{
if ( string.IsNullOrEmpty( text ) )
return string.Empty;

// pre-process for + sign space formatting since System.Uri doesn't handle it
// plus literals are encoded as %2b normally so this should be safe
text = text.Replace( "+", " " );

return System.Uri.UnescapeDataString( text );
}
}
}

ill upload and release public when i can figure this out
:/ not much here but I'm working my but off