Note: Pre-release packages are distributed via feedz.io.
The primary goal for this dotnet cli tool was to provide a seamless development experience for local Docker Container that requires access to Azure Resources such as Azure Key Vault, Azure Blob Storage, Azure Database etc.
By default when Visual Studio.NET or VSCode is run, the token provides are utilized to provide underline libraries with tokens for authentication. In contrast that doesn't exist for local Docker Container.
Once the tool is run, User specific Environments are set for the following variables:
MSI_ENDPOINTandMSI_SECRETIDENTITY_ENDPOINTandIDENTITY_HEADER
These values allow for simulation of Azure App Service MSI Managed Identity calls.
Please send email if you consider to hire me.
It supports the following authentication libraries:
The tool was tested on:
-
On Windows 11 Machine with Azure Cli and Visual Studio.NET Token Providers.
-
On Linux with Azure Cli only. Install Azure Cli
curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
dotnet tool install --global appauthentication-
In the terminal login to the Azure subscription:
az login az account list az account set –subscription “YourSubscriptionName” -
Next before starting any terminals or Development IDE please run this tool in command prompt
appauthentication run- Verify that User Environment Variables are created
Get-ChildItem Env::
IDENTITY_ENDPOINT http://host.docker.internal:5050/oauth2/token
IDENTITY_HEADER 199aef00-4bd2-441f-9139-9574d001fc89
MSI_ENDPOINT http://host.docker.internal:5050/oauth2/token
MSI_SECRET 199aef00-4bd2-441f-9139-9574d001fc89- If the variables are displayed that you are ready for running the containers
- Update
Docker-Compose.ymlto something like this;
version: "3.4"
# docker-compose -f "docker-compose.yaml" up -d --build
# docker-compose -f "docker-compose.yaml" up -d --no-recreate
services:
bet.web:
image: app:WorkerSample
build:
context: .
dockerfile: src/WorkerSample/Dockerfile
environment:
- DOTNETCORE_ENVIRONMENT=Development
- MSI_ENDPOINT=${MSI_ENDPOINT}
- MSI_SECRET=${MSI_SECRET}
- IDENTITY_ENDPOINT=${IDENTITY_ENDPOINT}
- IDENTITY_HEADER=${IDENTITY_HEADER}Please see sample project WorkerSample
- --authority:https://login.microsoftonline.com/{tenantId} or -a:https://login.microsoftonline.com/{tenantId}
- --verbose:debug
- --token-provider:AzureCli (default) or -t:AzureCli
- --token-provider:VisualStudio or -t:VisualStudio
- --environment:Production or -e:Development (used with Azure Vault values to be loaded into tooling)
- --resource:{scope} or -r:{scope}
- --port:1010 or -p:2323 (default: 5050)
- --config:file or -c:appsettings.config
- --fix or -f
- --local or -l (default Docker) - local overrides Visual Studio.NET token profiles with this tooling
dotnet run -- run --verbose:debug --localSince linux doesn't support idea of User environment variables, the values must be supplied manually in the process before running other commands:
export MSI_ENDPOINT='http://localhost:5050/oauth2/token' \
export MSI_SECRET='199aef00-4bd2-441f-9139-9574d001fc89' \
export IDENTITY_ENDPOINT='http://localhost:5050/oauth2/token' \
export IDENTITY_HEADER='199aef00-4bd2-441f-9139-9574d001fc89' In addition, setting network parameter worked when testing with docker on linux https://docs.docker.com/network/network-tutorial-host/#procedure.
docker run --rm -it -e IDENTITY_ENDPOINT='http://localhost:5050/oauth2/token' -e IDENTITY_HEADER='35e4ce9a-8447-45bb-bdd0-7b91e24cb624' --network host mcr.microsoft.com/dotnet/sdk:7.0-
To learn how to use this tool in real life example refer to K8.DotNetCore.Workshop
-
How to authenticate .NET apps to Azure services using the .NET Azure SDK