Merge pull request #99 from microsoft/users/prnikumb/defaultCredential

vandanakvs · web-flow · commit b42d5ad69591 · 2025-06-04T14:07:50.000+05:30
Removed usermanaged identity from managed identity credential as Syst…
diff --git a/src/service/API/Microsoft.FeatureFlighting.API.csproj b/src/service/API/Microsoft.FeatureFlighting.API.csproj
@@ -21,7 +21,7 @@
     <PackageReference Include="AppInsights.EnterpriseTelemetry.AspNetCore.Extension" Version="6.0.0" />    
     <PackageReference Include="Autofac.Extensions.DependencyInjection" Version="7.2.0" />    
     <PackageReference Include="Azure.Extensions.AspNetCore.Configuration.Secrets" Version="1.2.2" />    
-    <PackageReference Include="Azure.Identity" Version="1.13.1" />    
+    <PackageReference Include="Azure.Identity" Version="1.14.0" />    
     <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="6.0.12" />    
     <PackageReference Include="Microsoft.AspNetCore.Hosting.Abstractions" Version="2.2.0" />    
     <PackageReference Include="Microsoft.AspNetCore.Http.Abstractions" Version="2.2.0" />
@@ -45,6 +45,7 @@
   </ItemGroup>
 
   <ItemGroup>
+    <ProjectReference Include="..\Common\Microsoft.FeatureFlighting.Common.csproj" />
     <ProjectReference Include="..\Domain\Microsoft.FeatureFlighting.Core.csproj" />
     <ProjectReference Include="..\Infrastructure\Microsoft.FeatureFlighting.Infrastructure.csproj" />
   </ItemGroup>
diff --git a/src/service/API/Program.cs b/src/service/API/Program.cs
@@ -10,7 +10,7 @@
 using Azure.Extensions.AspNetCore.Configuration.Secrets;
 using Microsoft.Extensions.Configuration.AzureAppConfiguration;
 using Azure.Core;
-
+using Microsoft.FeatureFlighting.Common;
 namespace Microsoft.PS.Services.FlightingService.Api
 {
     [ExcludeFromCodeCoverage]
@@ -38,14 +38,9 @@ public static IHostBuilder CreateHostBuilder(string[] args)
 
         private static void AddKeyVault(IConfigurationBuilder config)
         {
-            var builtConfig = config.Build();           
+            var builtConfig = config.Build();
             TokenCredential credential;
-            #if DEBUG
-                credential = new VisualStudioCredential();
-            #else
-                credential = new ManagedIdentityCredential(
-                ManagedIdentityId.FromUserAssignedClientId(builtConfig["UserAssignedClientId"]));
-            #endif
+            credential = ManagedIdentityHelper.GetTokenCredential();
 
             config.AddAzureKeyVault(
                 new SecretClient(
@@ -66,15 +61,9 @@ private static void AddAzureAppConfiguration(IConfigurationBuilder config)
             string appConfigurationUri = builtConfig["AzureAppConfigurationUri"];
             string flightingAppConfigLabel = builtConfig["AppConfiguration:FeatureFlightsLabel"];
             string configurationCommonLabel = builtConfig["AppConfiguration:ConfigurationCommonLabel"];
-            string configurationEnvLabel = builtConfig["AppConfiguration:ConfigurationEnvLabel"];            
+            string configurationEnvLabel = builtConfig["AppConfiguration:ConfigurationEnvLabel"];
             TokenCredential credential;
-            #if DEBUG
-                credential = new VisualStudioCredential();
-            #else
-                credential = new ManagedIdentityCredential(
-                ManagedIdentityId.FromUserAssignedClientId(builtConfig["UserAssignedClientId"]));
-            #endif            
-
+            credential = ManagedIdentityHelper.GetTokenCredential();
             config.AddAzureAppConfiguration(options =>
             {
                 options
diff --git a/src/service/Common/Authentication/ITokenGenerator.cs b/src/service/Common/Authentication/ITokenGenerator.cs
@@ -12,9 +12,8 @@ public interface ITokenGenerator
         /// </summary>
         /// <param name="authority">Authority to generate the token</param>
         /// <param name="clientId">ID of the application for generating the token</param>        
-        /// <param name="resourceId">Resource ID for which the token is generated</param>
-        /// <param name="userAssignedClientId">user Assigned Client Id</param>
+        /// <param name="resourceId">Resource ID for which the token is generated</param>        
         /// <returns>Bearer token</returns>
-        Task<string> GenerateToken(string authority, string clientId, string resourceId, string userAssignedClientId);
+        Task<string> GenerateToken(string authority, string clientId, string resourceId);
     }
 }
diff --git a/src/service/Common/Authorization/IAuthorizationService.cs b/src/service/Common/Authorization/IAuthorizationService.cs
@@ -29,10 +29,9 @@ public interface IAuthorizationService
         /// </summary>
         /// <param name="authority">IDP authority</param>
         /// <param name="clientId">AAD Client ID</param>        
-        /// <param name="resourceId">AAD Client ID against which the token is acquired</param>
-        /// <param name="userAssignedClientId">user Assigned Client Id</param>
+        /// <param name="resourceId">AAD Client ID against which the token is acquired</param>        
         /// <returns>Bearer token</returns>
-        Task<string> GetAuthenticationToken(string authority, string clientId, string resourceId,string userAssignedClientId);
+        Task<string> GetAuthenticationToken(string authority, string clientId, string resourceId);
         
         /// <summary>
         /// Augments the user identity with the required claims
diff --git a/src/service/Common/ManagedIdentityHelper.cs b/src/service/Common/ManagedIdentityHelper.cs
@@ -0,0 +1,30 @@
+﻿using Azure.Core;
+using Azure.Identity;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Microsoft.FeatureFlighting.Common
+{
+    public class ManagedIdentityHelper
+    {
+        /// <summary>
+        /// Get the token credential based on the environment (Debug/Release).
+        /// </summary>
+        /// <returns>Token Credential</returns>
+        public static TokenCredential GetTokenCredential()
+        {
+            TokenCredential credential = null;
+
+#if DEBUG
+            credential = new VisualStudioCredential();
+#else
+            credential = new ManagedIdentityCredential();
+#endif
+
+            return credential;
+        }
+    }
+}
diff --git a/src/service/Common/Microsoft.FeatureFlighting.Common.csproj b/src/service/Common/Microsoft.FeatureFlighting.Common.csproj
@@ -8,6 +8,7 @@
   <ItemGroup>
     <PackageReference Include="AppInsights.EnterpriseTelemetry" Version="2.0.0" />
     <PackageReference Include="Autofac" Version="6.3.0" />
+    <PackageReference Include="Azure.Identity" Version="1.14.0" />
     <PackageReference Include="CQRS.Mediatr.Lite" Version="1.2.0" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
   </ItemGroup>
diff --git a/src/service/Domain/Microsoft.FeatureFlighting.Core.csproj b/src/service/Domain/Microsoft.FeatureFlighting.Core.csproj
@@ -13,6 +13,7 @@
 
   <ItemGroup>
     <PackageReference Include="Azure.Data.AppConfiguration" Version="1.2.0" />
+    <PackageReference Include="Azure.Identity" Version="1.14.0" />
     <PackageReference Include="Microsoft.AspNetCore.Http" Version="2.2.2" />
     <PackageReference Include="Microsoft.FeatureManagement" Version="2.6.1" />
     <PackageReference Include="Microsoft.Identity.Client" Version="4.72.1" />
diff --git a/src/service/Infrastructure/AppConfig/AzureConfigurationClientProvider.cs b/src/service/Infrastructure/AppConfig/AzureConfigurationClientProvider.cs
@@ -3,6 +3,7 @@
 using Azure.Data.AppConfiguration;
 using Azure.Identity;
 using Microsoft.Extensions.Configuration;
+using Microsoft.FeatureFlighting.Common;
 using static Microsoft.AspNetCore.Hosting.Internal.HostingApplication;
 
 namespace Microsoft.FeatureFlighting.Infrastructure.AppConfig
@@ -33,12 +34,7 @@ public ConfigurationClient GetConfigurationClient()
                 options.Retry.MaxRetries = 10;
                 options.Retry.Delay = TimeSpan.FromSeconds(1);
                 TokenCredential credential;
-                #if DEBUG
-                      credential = new VisualStudioCredential();
-                #else
-                      credential = new ManagedIdentityCredential(
-                      ManagedIdentityId.FromUserAssignedClientId(_configuration["UserAssignedClientId"]));
-                #endif
+                credential = ManagedIdentityHelper.GetTokenCredential();
                 string appConfigUri = _configuration["AzureAppConfigurationUri"];
                 _configurationClient = new ConfigurationClient(new Uri(appConfigUri), credential, options);
                 return _configurationClient;
diff --git a/src/service/Infrastructure/Authentication/AadTokenGenerator.cs b/src/service/Infrastructure/Authentication/AadTokenGenerator.cs
@@ -10,6 +10,7 @@
 using Azure.Core;
 using Azure.Identity;
 using System.Threading;
+using Microsoft.FeatureFlighting.Common;
 
 namespace Microsoft.FeatureFlighting.Infrastructure.Authentication
 {
@@ -26,17 +27,17 @@ public AadTokenGenerator()
         }
 
         // <inheritdoc/>
-        public async Task<string> GenerateToken(string authority, string clientId, string resourceId, string userAssignedClientId)
+        public async Task<string> GenerateToken(string authority, string clientId, string resourceId)
         {
-            IConfidentialClientApplication client = GetOrCreateConfidentialApp(authority, clientId, userAssignedClientId);
+            IConfidentialClientApplication client = GetOrCreateConfidentialApp(authority, clientId);
             var scopes = new string[] { resourceId };
             AuthenticationResult authenticationResult = await client
                 .AcquireTokenForClient(scopes)
                 .ExecuteAsync();
             return authenticationResult.AccessToken;
         }
 
-        private IConfidentialClientApplication GetOrCreateConfidentialApp(string authority, string clientId, string userAssignedClientId)
+        private IConfidentialClientApplication GetOrCreateConfidentialApp(string authority, string clientId)
         {
             string confidentialAppCacheKey = CreateConfidentialAppCacheKey(authority, clientId);
             if (_cache.ContainsKey(confidentialAppCacheKey))
@@ -58,8 +59,7 @@ private IConfidentialClientApplication GetOrCreateConfidentialApp(string authori
             return client;
 
 #else
-            var credential = new ManagedIdentityCredential(userAssignedClientId);
-
+            var credential = ManagedIdentityHelper.GetTokenCredential();
             IConfidentialClientApplication client =
                 ConfidentialClientApplicationBuilder
                     .Create(clientId)
diff --git a/src/service/Infrastructure/Authorization/AuthorizationService.cs b/src/service/Infrastructure/Authorization/AuthorizationService.cs
@@ -15,6 +15,7 @@
 using Azure.Identity;
 using Azure.Core;
 using System.Threading;
+using Microsoft.FeatureFlighting.Common;
 
 [assembly: InternalsVisibleTo("Microsoft.FeatureFlighting.Infrastructure.Tests")]
 
@@ -75,14 +76,14 @@ public bool IsAuthorized(string appName)
             return false;
         }
 
-        public async Task<string> GetAuthenticationToken(string authority, string clientId, string resourceId,string userAssignedClientId)
+        public async Task<string> GetAuthenticationToken(string authority, string clientId, string resourceId)
         {
             AuthenticationResult authenticationResult;
             const string MsalScopeSuffix = "/.default";
             string bearerToken = null;
             try
             {
-                IConfidentialClientApplication app = GetOrCreateConfidentialApp(authority, clientId, userAssignedClientId);
+                IConfidentialClientApplication app = GetOrCreateConfidentialApp(authority, clientId);
                 if (app != null)
                 {
                     var scopes = new[] { resourceId + MsalScopeSuffix };
@@ -97,7 +98,7 @@ public async Task<string> GetAuthenticationToken(string authority, string client
             return bearerToken;
         }
 
-        private IConfidentialClientApplication GetOrCreateConfidentialApp(string authority, string clientId,string userAssignedClientId)
+        private IConfidentialClientApplication GetOrCreateConfidentialApp(string authority, string clientId)
         {
             string confidentialAppCacheKey = $"{authority}-{clientId}";
             if (_confidentialApps.ContainsKey(confidentialAppCacheKey))
@@ -115,7 +116,7 @@ private IConfidentialClientApplication GetOrCreateConfidentialApp(string authori
             _confidentialApps.TryAdd(confidentialAppCacheKey, app);
             return app;
 #else
-            var credential = new ManagedIdentityCredential(userAssignedClientId);
+            var credential = ManagedIdentityHelper.GetTokenCredential();
             IConfidentialClientApplication app =
                 ConfidentialClientApplicationBuilder
                     .Create(clientId)                    
diff --git a/src/service/Infrastructure/Graph/GraphGroupVerificationService.cs b/src/service/Infrastructure/Graph/GraphGroupVerificationService.cs
@@ -147,7 +147,7 @@ private IGraphServiceClient CreateGraphClient(IConfiguration configuration)
                 _cache.Add(confidentialAppCacheKey, client);
 
 #else
-                var credential = new ManagedIdentityCredential(configuration["UserAssignedClientId"]);
+                var credential = ManagedIdentityHelper.GetTokenCredential();
                 IConfidentialClientApplication client =
                 ConfidentialClientApplicationBuilder
                     .Create(configuration["Graph:ClientId"])
diff --git a/src/service/Infrastructure/Microsoft.FeatureFlighting.Infrastructure.csproj b/src/service/Infrastructure/Microsoft.FeatureFlighting.Infrastructure.csproj
@@ -8,7 +8,7 @@
 
   <ItemGroup>
     <PackageReference Include="Azure.Data.AppConfiguration" Version="1.2.0" />
-    <PackageReference Include="Azure.Identity" Version="1.13.1" />
+    <PackageReference Include="Azure.Identity" Version="1.14.0" />
     <PackageReference Include="Azure.Storage.Blobs" Version="12.10.0" />
     <PackageReference Include="Microsoft.Azure.Cosmos" Version="3.23.0" />
     <PackageReference Include="Microsoft.Extensions.Http" Version="6.0.0" />
diff --git a/src/service/Infrastructure/Storage/BlobProviderFactory.cs b/src/service/Infrastructure/Storage/BlobProviderFactory.cs
@@ -30,12 +30,7 @@ public BlobProviderFactory(ITenantConfigurationProvider tenantConfigurationProvi
             _configuration = configuration;
             if (_defaultAzureCredential == null)
             {
-                #if DEBUG
-                     _defaultAzureCredential = new VisualStudioCredential();
-                #else
-                     _defaultAzureCredential = new ManagedIdentityCredential(
-                     ManagedIdentityId.FromUserAssignedClientId(_configuration["UserAssignedClientId"]));
-                #endif
+                _defaultAzureCredential = ManagedIdentityHelper.GetTokenCredential();
             }
         }
 
diff --git a/src/service/Infrastructure/Storage/CosmosDbRepository.cs b/src/service/Infrastructure/Storage/CosmosDbRepository.cs
@@ -42,13 +42,7 @@ public CosmosDbRepository(CosmosDbConfiguration cosmosConfiguration, IConfigurat
                 MaxRetryAttemptsOnRateLimitedRequests = int.Parse(_configuration["CosmosDb:MaxRetryAttemptsOnRateLimitedRequests"])
             };
             TokenCredential credential;
-            #if DEBUG
-                credential = new VisualStudioCredential();
-            #else
-                credential = new ManagedIdentityCredential(
-                ManagedIdentityId.FromUserAssignedClientId(_configuration["UserAssignedClientId"]));
-            #endif
-            
+            credential = ManagedIdentityHelper.GetTokenCredential();            
             CosmosClient client = new(cosmosConfiguration.Endpoint, credential, options);
             Database database = client.GetDatabase(cosmosConfiguration.DatabaseId);
             _container = database.GetContainer(cosmosConfiguration.ContainerId);
diff --git a/src/service/Infrastructure/Webhook/WebhookTriggerManager.cs b/src/service/Infrastructure/Webhook/WebhookTriggerManager.cs
@@ -16,7 +16,7 @@
 using Microsoft.Extensions.Configuration;
 
 namespace Microsoft.FeatureFlighting.Infrastructure.Webhook
-{   
+{
     // <inheritdoc/>
     internal class WebhookTriggerManager: IWebhookTriggerManager
     {
@@ -26,7 +26,7 @@ internal class WebhookTriggerManager: IWebhookTriggerManager
         public IConfiguration _configuration { get; }
 
         public WebhookTriggerManager(IHttpClientFactory httpClientFactory, ITokenGenerator tokenGenerator, ILogger logger, IConfiguration configuration)
-        {            
+        {
             _httpClientFactory = httpClientFactory;
             _tokenGenerator = tokenGenerator;
             _logger= logger;
@@ -49,7 +49,7 @@ public async Task<string> Trigger(WebhookConfiguration webhook, string payload,
 
             DependencyContext dependency = CreateDependencyContext(webhook, trackingIds);
             HttpRequestMessage request = new(new HttpMethod(webhook.HttpMethod), webhook.Uri ?? "");
-            string bearerToken = await _tokenGenerator.GenerateToken(webhook.AuthenticationAuthority, webhook.ClientId, webhook.ResourceId, _configuration["UserAssignedClientId"]);
+            string bearerToken = await _tokenGenerator.GenerateToken(webhook.AuthenticationAuthority, webhook.ClientId, webhook.ResourceId);
             request.Headers.Add("Authorization", $"Bearer {bearerToken}");
             request.Headers.Add("x-correlationId", trackingIds.CorrelationId);
             request.Headers.Add("x-messageId", trackingIds.TransactionId);
@@ -62,7 +62,7 @@ public async Task<string> Trigger(WebhookConfiguration webhook, string payload,
                         request.Headers.Add(header.Key, header.Value);
                 }
             }
-            
+
             request.Content = new StringContent(payload, Encoding.UTF8, "application/json");
             dependency.RequestDetails = payload;
 
diff --git a/src/service/Tests/Api.Tests/Microsoft.FeatureFlighting.API.Tests.csproj b/src/service/Tests/Api.Tests/Microsoft.FeatureFlighting.API.Tests.csproj
@@ -7,6 +7,7 @@
   </PropertyGroup>
 
   <ItemGroup>
+    <PackageReference Include="Azure.Identity" Version="1.14.0" />
     <PackageReference Include="Microsoft.Identity.Client" Version="4.72.1" />
     <PackageReference Include="Microsoft.Identity.ServiceEssentials.AspNetCore" Version="1.35.0" />
     <PackageReference Include="Microsoft.Identity.ServiceEssentials.Caching" Version="1.35.0" />
diff --git a/src/service/Tests/Common.Tests/Microsoft.FeatureFlighting.Common.Tests.csproj b/src/service/Tests/Common.Tests/Microsoft.FeatureFlighting.Common.Tests.csproj
@@ -6,6 +6,7 @@
   </PropertyGroup>
 
   <ItemGroup>
+    <PackageReference Include="Azure.Identity" Version="1.14.0" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.0.0" />
     <PackageReference Include="Moq" Version="4.16.1" />
     <PackageReference Include="MSTest.TestAdapter" Version="2.2.8" />
diff --git a/src/service/Tests/Domain.Tests/Microsoft.PS.FlightingService.Core.Tests.csproj b/src/service/Tests/Domain.Tests/Microsoft.PS.FlightingService.Core.Tests.csproj
@@ -7,6 +7,7 @@
   </PropertyGroup>
 
   <ItemGroup>
+    <PackageReference Include="Azure.Identity" Version="1.14.0" />
     <PackageReference Include="coverlet.collector" Version="3.1.0">
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
diff --git a/src/service/Tests/Services.Tests/Microsoft.FeatureFlighting.Infrastructure.Tests.csproj b/src/service/Tests/Services.Tests/Microsoft.FeatureFlighting.Infrastructure.Tests.csproj
@@ -19,6 +19,7 @@
   </ItemGroup>
 
   <ItemGroup>
+    <PackageReference Include="Azure.Identity" Version="1.14.0" />
     <PackageReference Include="Microsoft.AspNetCore.Http" Version="2.2.2" />
     <PackageReference Include="Microsoft.AspNetCore.Http.Abstractions" Version="2.2.0" />
     <PackageReference Include="Microsoft.Identity.Client" Version="4.72.1" />

Original file line number	Diff line number	Diff line change
`@@ -12,9 +12,8 @@ public interface ITokenGenerator`
`12`	`12`	`/// </summary>`
`13`	`13`	`/// <param name="authority">Authority to generate the token</param>`
`14`	`14`	`/// <param name="clientId">ID of the application for generating the token</param>`
`15`		`- /// <param name="resourceId">Resource ID for which the token is generated</param>`
`16`		`- /// <param name="userAssignedClientId">user Assigned Client Id</param>`
	`15`	`+ /// <param name="resourceId">Resource ID for which the token is generated</param>`
`17`	`16`	`/// <returns>Bearer token</returns>`
`18`		`- Task<string> GenerateToken(string authority, string clientId, string resourceId, string userAssignedClientId);`
	`17`	`+ Task<string> GenerateToken(string authority, string clientId, string resourceId);`
`19`	`18`	`}`
`20`	`19`	`}`