Removed usermanaged identity from managed identity credential as Syst…

src/service/API/Program.cs

@@ -38,14 +38,13 @@ public static IHostBuilder CreateHostBuilder(string[] args)
 
         private static void AddKeyVault(IConfigurationBuilder config)
         {
-            var builtConfig = config.Build();           
+            var builtConfig = config.Build();
             TokenCredential credential;
-            #if DEBUG
-                credential = new VisualStudioCredential();
-            #else
-                credential = new ManagedIdentityCredential(
-                ManagedIdentityId.FromUserAssignedClientId(builtConfig["UserAssignedClientId"]));
-            #endif
+#if DEBUG
+            credential = new VisualStudioCredential();
+#else
+            credential = new ManagedIdentityCredential();
+#endif
 
             config.AddAzureKeyVault(
                 new SecretClient(
@@ -66,14 +65,13 @@ private static void AddAzureAppConfiguration(IConfigurationBuilder config)
             string appConfigurationUri = builtConfig["AzureAppConfigurationUri"];
             string flightingAppConfigLabel = builtConfig["AppConfiguration:FeatureFlightsLabel"];
             string configurationCommonLabel = builtConfig["AppConfiguration:ConfigurationCommonLabel"];
-            string configurationEnvLabel = builtConfig["AppConfiguration:ConfigurationEnvLabel"];            
+            string configurationEnvLabel = builtConfig["AppConfiguration:ConfigurationEnvLabel"];
             TokenCredential credential;
-            #if DEBUG
-                credential = new VisualStudioCredential();
-            #else
-                credential = new ManagedIdentityCredential(
-                ManagedIdentityId.FromUserAssignedClientId(builtConfig["UserAssignedClientId"]));
-            #endif            
+#if DEBUG
+            credential = new VisualStudioCredential();
+#else
+            credential = new ManagedIdentityCredential();
+#endif
 
             config.AddAzureAppConfiguration(options =>
             {

src/service/Common/Authentication/ITokenGenerator.cs

@@ -12,9 +12,8 @@ public interface ITokenGenerator
         /// </summary>
         /// <param name="authority">Authority to generate the token</param>
         /// <param name="clientId">ID of the application for generating the token</param>        
-        /// <param name="resourceId">Resource ID for which the token is generated</param>
-        /// <param name="userAssignedClientId">user Assigned Client Id</param>
+        /// <param name="resourceId">Resource ID for which the token is generated</param>        
         /// <returns>Bearer token</returns>
-        Task<string> GenerateToken(string authority, string clientId, string resourceId, string userAssignedClientId);
+        Task<string> GenerateToken(string authority, string clientId, string resourceId);
     }
 }

src/service/Common/Authorization/IAuthorizationService.cs

@@ -29,10 +29,9 @@ public interface IAuthorizationService
         /// </summary>
         /// <param name="authority">IDP authority</param>
         /// <param name="clientId">AAD Client ID</param>        
-        /// <param name="resourceId">AAD Client ID against which the token is acquired</param>
-        /// <param name="userAssignedClientId">user Assigned Client Id</param>
+        /// <param name="resourceId">AAD Client ID against which the token is acquired</param>        
         /// <returns>Bearer token</returns>
-        Task<string> GetAuthenticationToken(string authority, string clientId, string resourceId,string userAssignedClientId);
+        Task<string> GetAuthenticationToken(string authority, string clientId, string resourceId);
 
         /// <summary>
         /// Augments the user identity with the required claims

src/service/Infrastructure/AppConfig/AzureConfigurationClientProvider.cs

@@ -33,12 +33,11 @@ public ConfigurationClient GetConfigurationClient()
                 options.Retry.MaxRetries = 10;
                 options.Retry.Delay = TimeSpan.FromSeconds(1);
                 TokenCredential credential;
-                #if DEBUG
-                      credential = new VisualStudioCredential();
-                #else
-                      credential = new ManagedIdentityCredential(
-                      ManagedIdentityId.FromUserAssignedClientId(_configuration["UserAssignedClientId"]));
-                #endif
+#if DEBUG
+                credential = new VisualStudioCredential();
+#else
+                credential = new ManagedIdentityCredential();
+#endif
                 string appConfigUri = _configuration["AzureAppConfigurationUri"];
                 _configurationClient = new ConfigurationClient(new Uri(appConfigUri), credential, options);
                 return _configurationClient;

src/service/Infrastructure/Authentication/AadTokenGenerator.cs

@@ -26,17 +26,17 @@ public AadTokenGenerator()
         }
 
         // <inheritdoc/>
-        public async Task<string> GenerateToken(string authority, string clientId, string resourceId, string userAssignedClientId)
+        public async Task<string> GenerateToken(string authority, string clientId, string resourceId)
         {
-            IConfidentialClientApplication client = GetOrCreateConfidentialApp(authority, clientId, userAssignedClientId);
+            IConfidentialClientApplication client = GetOrCreateConfidentialApp(authority, clientId);
             var scopes = new string[] { resourceId };
             AuthenticationResult authenticationResult = await client
                 .AcquireTokenForClient(scopes)
                 .ExecuteAsync();
             return authenticationResult.AccessToken;
         }
 
-        private IConfidentialClientApplication GetOrCreateConfidentialApp(string authority, string clientId, string userAssignedClientId)
+        private IConfidentialClientApplication GetOrCreateConfidentialApp(string authority, string clientId)
         {
             string confidentialAppCacheKey = CreateConfidentialAppCacheKey(authority, clientId);
             if (_cache.ContainsKey(confidentialAppCacheKey))
@@ -58,7 +58,7 @@ private IConfidentialClientApplication GetOrCreateConfidentialApp(string authori
             return client;
 
 #else
-            var credential = new ManagedIdentityCredential(userAssignedClientId);
+            var credential = new ManagedIdentityCredential();
 
             IConfidentialClientApplication client =
                 ConfidentialClientApplicationBuilder

src/service/Infrastructure/Authorization/AuthorizationService.cs

@@ -75,14 +75,14 @@ public bool IsAuthorized(string appName)
             return false;
         }
 
-        public async Task<string> GetAuthenticationToken(string authority, string clientId, string resourceId,string userAssignedClientId)
+        public async Task<string> GetAuthenticationToken(string authority, string clientId, string resourceId)
         {
             AuthenticationResult authenticationResult;
             const string MsalScopeSuffix = "/.default";
             string bearerToken = null;
             try
             {
-                IConfidentialClientApplication app = GetOrCreateConfidentialApp(authority, clientId, userAssignedClientId);
+                IConfidentialClientApplication app = GetOrCreateConfidentialApp(authority, clientId);
                 if (app != null)
                 {
                     var scopes = new[] { resourceId + MsalScopeSuffix };
@@ -97,7 +97,7 @@ public async Task<string> GetAuthenticationToken(string authority, string client
             return bearerToken;
         }
 
-        private IConfidentialClientApplication GetOrCreateConfidentialApp(string authority, string clientId,string userAssignedClientId)
+        private IConfidentialClientApplication GetOrCreateConfidentialApp(string authority, string clientId)
         {
             string confidentialAppCacheKey = $"{authority}-{clientId}";
             if (_confidentialApps.ContainsKey(confidentialAppCacheKey))
@@ -115,7 +115,7 @@ private IConfidentialClientApplication GetOrCreateConfidentialApp(string authori
             _confidentialApps.TryAdd(confidentialAppCacheKey, app);
             return app;
 #else
-            var credential = new ManagedIdentityCredential(userAssignedClientId);
+            var credential = new ManagedIdentityCredential();
             IConfidentialClientApplication app =
                 ConfidentialClientApplicationBuilder
                     .Create(clientId)                    

src/service/Infrastructure/Graph/GraphGroupVerificationService.cs

@@ -147,7 +147,7 @@ private IGraphServiceClient CreateGraphClient(IConfiguration configuration)
                 _cache.Add(confidentialAppCacheKey, client);
 
 #else
-                var credential = new ManagedIdentityCredential(configuration["UserAssignedClientId"]);
+                var credential = new ManagedIdentityCredential();
                 IConfidentialClientApplication client =
                 ConfidentialClientApplicationBuilder
                     .Create(configuration["Graph:ClientId"])

src/service/Infrastructure/Storage/BlobProviderFactory.cs

@@ -30,12 +30,11 @@ public BlobProviderFactory(ITenantConfigurationProvider tenantConfigurationProvi
             _configuration = configuration;
             if (_defaultAzureCredential == null)
             {
-                #if DEBUG
-                     _defaultAzureCredential = new VisualStudioCredential();
-                #else
-                     _defaultAzureCredential = new ManagedIdentityCredential(
-                     ManagedIdentityId.FromUserAssignedClientId(_configuration["UserAssignedClientId"]));
-                #endif
+#if DEBUG
+                _defaultAzureCredential = new VisualStudioCredential();
+#else
+                _defaultAzureCredential = new ManagedIdentityCredential();
+#endif
             }
         }
 

src/service/Infrastructure/Storage/CosmosDbRepository.cs

@@ -42,11 +42,10 @@ public CosmosDbRepository(CosmosDbConfiguration cosmosConfiguration, IConfigurat
                 MaxRetryAttemptsOnRateLimitedRequests = int.Parse(_configuration["CosmosDb:MaxRetryAttemptsOnRateLimitedRequests"])
             };
             TokenCredential credential;
-            #if DEBUG
-                credential = new VisualStudioCredential();
-            #else
-                credential = new ManagedIdentityCredential(
-                ManagedIdentityId.FromUserAssignedClientId(_configuration["UserAssignedClientId"]));
+#if DEBUG
+            credential = new VisualStudioCredential();
+#else
+            credential = new ManagedIdentityCredential();
             #endif
 
             CosmosClient client = new(cosmosConfiguration.Endpoint, credential, options);

src/service/Infrastructure/Webhook/WebhookTriggerManager.cs

@@ -16,7 +16,7 @@
 using Microsoft.Extensions.Configuration;
 
 namespace Microsoft.FeatureFlighting.Infrastructure.Webhook
-{   
+{
     // <inheritdoc/>
     internal class WebhookTriggerManager: IWebhookTriggerManager
     {
@@ -26,7 +26,7 @@ internal class WebhookTriggerManager: IWebhookTriggerManager
         public IConfiguration _configuration { get; }
 
         public WebhookTriggerManager(IHttpClientFactory httpClientFactory, ITokenGenerator tokenGenerator, ILogger logger, IConfiguration configuration)
-        {            
+        {
             _httpClientFactory = httpClientFactory;
             _tokenGenerator = tokenGenerator;
             _logger= logger;
@@ -49,7 +49,7 @@ public async Task<string> Trigger(WebhookConfiguration webhook, string payload,
 
             DependencyContext dependency = CreateDependencyContext(webhook, trackingIds);
             HttpRequestMessage request = new(new HttpMethod(webhook.HttpMethod), webhook.Uri ?? "");
-            string bearerToken = await _tokenGenerator.GenerateToken(webhook.AuthenticationAuthority, webhook.ClientId, webhook.ResourceId, _configuration["UserAssignedClientId"]);
+            string bearerToken = await _tokenGenerator.GenerateToken(webhook.AuthenticationAuthority, webhook.ClientId, webhook.ResourceId);
             request.Headers.Add("Authorization", $"Bearer {bearerToken}");
             request.Headers.Add("x-correlationId", trackingIds.CorrelationId);
             request.Headers.Add("x-messageId", trackingIds.TransactionId);
@@ -62,7 +62,7 @@ public async Task<string> Trigger(WebhookConfiguration webhook, string payload,
                         request.Headers.Add(header.Key, header.Value);
                 }
             }
-            
+
             request.Content = new StringContent(payload, Encoding.UTF8, "application/json");
             dependency.RequestDetails = payload;