You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe
Today the authentication methods include password and Microsoft Entra, however when paired with ACL, only passwords can be used. Rotation of passwords can be cumbersome and pose security risks while we manage them.
Azure Cache for Redis already supports Microsoft Entra+ ACL in non Enterprise tiers - Azure Redis.
Describe the solution you'd like
Based on this, I recommend a similar approach which at it's core will continue to use ACL based auth but will allow a configurable authenticator which can be ACL based. For parity with Azure Redis, it might make sense to use Oid as username with token as password.
User = Object ID of your managed identity or service principal
Password = Microsoft Entra token that you acquired using MSAL
At code level:
Currently ACL auth by default does username and password validation with ACL entries. We compose it with an IGarnetAuthenticator instance to inject authentication behavior of username and password and then just validate the permissions against the ACL list of the user. This approach is more favorable as it minimizes changes and avoids redundant code needed to combine behaviors of AclAuthenticator and AADAuthenticator. Rather than inheriting these behavior, we compose AclAuthenticator with an IGarnetAuthenticator.
Describe alternatives you've considered
No response
Additional context
No response
The text was updated successfully, but these errors were encountered:
Feature request type
enhancement
Is your feature request related to a problem? Please describe
Today the authentication methods include password and Microsoft Entra, however when paired with ACL, only passwords can be used. Rotation of passwords can be cumbersome and pose security risks while we manage them.
Azure Cache for Redis already supports Microsoft Entra+ ACL in non Enterprise tiers - Azure Redis.
Describe the solution you'd like
Based on this, I recommend a similar approach which at it's core will continue to use ACL based auth but will allow a configurable authenticator which can be ACL based. For parity with Azure Redis, it might make sense to use Oid as username with token as password.
At code level:
Currently ACL auth by default does username and password validation with ACL entries. We compose it with an IGarnetAuthenticator instance to inject authentication behavior of username and password and then just validate the permissions against the ACL list of the user. This approach is more favorable as it minimizes changes and avoids redundant code needed to combine behaviors of AclAuthenticator and AADAuthenticator. Rather than inheriting these behavior, we compose AclAuthenticator with an IGarnetAuthenticator.
Describe alternatives you've considered
No response
Additional context
No response
The text was updated successfully, but these errors were encountered: