Retrieve Azure Data Factory Service Identity Application ID
I have created one Data Factory and Key Vault using C# Code, I would like to set Access Policy of Key Vault.
For that I want data factory "Service Identity Application ID" (Highlighted in red in attached image) using C# code.
How could I do that?
c#
azure-active-directory azure-data-factory azure-keyvault azure-data-factory-2 edited Aug 31 '18 at 13:50
David Walschots
8,21452647
asked Aug 31 '18 at 13:43
Bhavesh KashikarBhavesh Kashikar
62
add a comment |
I have created one Data Factory and Key Vault using C# Code, I would like to set Access Policy of Key Vault.
For that I want data factory "Service Identity Application ID" (Highlighted in red in attached image) using C# code.
How could I do that?
c#
azure-active-directory azure-data-factory azure-keyvault azure-data-factory-2 edited Aug 31 '18 at 13:50
David Walschots
8,21452647
asked Aug 31 '18 at 13:43
Bhavesh KashikarBhavesh Kashikar
62
add a comment |
I have created one Data Factory and Key Vault using C# Code, I would like to set Access Policy of Key Vault.
For that I want data factory "Service Identity Application ID" (Highlighted in red in attached image) using C# code.
How could I do that?
c#
azure-active-directory azure-data-factory azure-keyvault azure-data-factory-2 edited Aug 31 '18 at 13:50
David Walschots
8,21452647
asked Aug 31 '18 at 13:43
Bhavesh KashikarBhavesh Kashikar
62
I have created one Data Factory and Key Vault using C# Code, I would like to set Access Policy of Key Vault.
For that I want data factory "Service Identity Application ID" (Highlighted in red in attached image) using C# code.
How could I do that?
c#
azure-active-directory azure-data-factory azure-keyvault azure-data-factory-2 c#
azure-active-directory azure-data-factory azure-keyvault azure-data-factory-2 edited Aug 31 '18 at 13:50
David Walschots
8,21452647
asked Aug 31 '18 at 13:43
Bhavesh KashikarBhavesh Kashikar
62
edited Aug 31 '18 at 13:50
David Walschots
8,21452647
asked Aug 31 '18 at 13:43
Bhavesh KashikarBhavesh Kashikar
62
edited Aug 31 '18 at 13:50
David Walschots
8,21452647
edited Aug 31 '18 at 13:50
David Walschots
8,21452647
edited Aug 31 '18 at 13:50
David Walschots
8,21452647
8,21452647
asked Aug 31 '18 at 13:43
Bhavesh KashikarBhavesh Kashikar
62
asked Aug 31 '18 at 13:43
Bhavesh KashikarBhavesh Kashikar
62
asked Aug 31 '18 at 13:43
Bhavesh KashikarBhavesh Kashikar
62
62
add a comment |
add a comment |
3 Answers
3
active
oldest
votes
If you want to get the access token with the application id, hope this doc could help.
answered Sep 1 '18 at 10:23
Fang LiuFang Liu
1,245268
add a comment |
Yes you can do this from C# code.
Here is a quick sample code that I wrote to get the Service Identity Application ID from C# code.
Pre-requisite is to install the following packages from your package manager console (Tools -> NuGet Package Manager -> Package Manager Console):
Install-Package Microsoft.Azure.Management.DataFactory -Prerelease
Install-Package Microsoft.Azure.Management.ResourceManager -Prerelease
Install-Package Microsoft.IdentityModel.Clients.ActiveDirectory
After the packages are installed, use code below
using System;
using Microsoft.Rest;
using Microsoft.Azure.Management.ResourceManager;
using Microsoft.Azure.Management.DataFactory;
using Microsoft.IdentityModel.Clients.ActiveDirectory;
namespace GetDataFactory
class Program
static void Main(string args)
// Set variables
string tenantID = "<your tenant ID>";
string applicationId = "<your application ID>";
string authenticationKey = "<your authentication key for the application>";
string subscriptionId = "<your subscription ID where the data factory resides>";
string resourceGroup = "<your resource group where the data factory resides>";
string dataFactoryName = "<specify the name of data factory to create. It must be globally unique.>";
// Authenticate and create a data factory management client
var context = new AuthenticationContext("https://login.windows.net/" + tenantID);
ClientCredential cc = new ClientCredential(applicationId, authenticationKey);
AuthenticationResult result = context.AcquireTokenAsync("https://management.azure.com/", cc).Result;
ServiceClientCredentials cred = new TokenCredentials(result.AccessToken);
var client = new DataFactoryManagementClient(cred) SubscriptionId = subscriptionId ;
var myFactory = client.Factories.Get(resourceGroup, dataFactoryName);
//Getting principal Id as you mentioned in question, but you can get more information from the Identity object as per your need.
Guid? principalId = myFactory.Identity.PrincipalId;
Once you have all the identity information, you can update the access policy for the keyvault to give required permissions (like listing keys, get/list secrets etc.) to the application (whose Id you've highlighted in the image)
Use KeyVaultManagementClient class -
https://docs.microsoft.com/en-us/dotnet/api/microsoft.azure.management.keyvault.keyvaultmanagementclient?view=azure-dotnet
https://docs.microsoft.com/en-us/dotnet/api/microsoft.azure.management.keyvault.vaultsoperationsextensions.updateaccesspolicy?view=azure-dotnet
Use Fluent API -
Look at this sample on Github - https://github.com/Azure-Samples/key-vault-dotnet-manage-key-vaults
Utilities.Log("Authorizing the application associated with the current service principal...");
vault1 = vault1.Update()
.DefineAccessPolicy()
.ForServicePrincipal(SdkContext.AzureCredentialsFactory.FromFile(Environment.GetEnvironmentVariable("AZURE_AUTH_LOCATION")).ClientId)
.AllowKeyAllPermissions()
.AllowSecretPermissions(SecretPermissions.Get)
.AllowSecretPermissions(SecretPermissions.List)
.Attach()
.Apply();
Utilities.Log("Updated key vault");
Utilities.PrintVault(vault1);
//============================================================
// Update a key vault
Utilities.Log("Update a key vault to enable deployments and add permissions to the application...");
vault1 = vault1.Update()
.WithDeploymentEnabled()
.WithTemplateDeploymentEnabled()
.UpdateAccessPolicy(vault1.AccessPolicies[0].ObjectId)
.AllowSecretAllPermissions()
.Parent()
.Apply();
Utilities.Log("Updated key vault");
// Print the network security group
Utilities.PrintVault(vault1);Use Rest API
https://docs.microsoft.com/en-us/rest/api/keyvault/vaults/updateaccesspolicy
answered Sep 2 '18 at 22:12
Rohit SaigalRohit Saigal
3,2522218
1
Thanks for the reply, It is very usefull. However, It couldn't solve my problem. Actually I want code to retreive Azure Data Factory Application ID( Highlighted in image) using C# code/
– Bhavesh Kashikar
Sep 3 '18 at 5:07
Thanks for clarifying Bhavesh Kashikar. I have edited my answer to add a code sample at the beginning, which solves your problem very specifically. Please take a look now.
– Rohit Saigal
Sep 3 '18 at 21:47
@Bhavesh Kashikar Did you get a chance to use the updated code for getting to Azure Data Factory Application ID?
– Rohit Saigal
Sep 5 '18 at 11:36
I have used same code, it is giving me PrincipleID, but not ObjectID (Highlighted in above image). myFactory.Identity will give me PrincipleId and TenantId, which is linked to Service Identity Id and Service Identity Tenant, but I could not find property which is linked to Service Identity Application ID
– Bhavesh Kashikar
Sep 5 '18 at 13:23
add a comment |
If you want to retrieve the app id of an existing ADF, you need to do 2 trips.
The first is to retrieve the service identity for resource manager. @rohit's first code block does this in c#. This retrieves the object ID of the principal, not the app ID which is an attribute of that object.
The second is to retrieve the application ID from active directory via RM. You can then use this to assign access policy. For example, in powershell you would do this:
First Step:
$principal = (Get-AzureRmDataFactoryV2 -ResourceGroupName "yourRG" -Name yourADF).identity.PrincipalId
then second step...
$appId = (Get-AzureRmADServicePrincipal -ObjectId $principal).ApplicationId
The c# equivilent should be easy to figure out from this.
answered Nov 13 '18 at 20:53
MarkDMarkD
338314
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f52116811%2fretrieve-azure-data-factory-service-identity-application-id%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
If you want to get the access token with the application id, hope this doc could help.
answered Sep 1 '18 at 10:23
Fang LiuFang Liu
1,245268
add a comment |
If you want to get the access token with the application id, hope this doc could help.
answered Sep 1 '18 at 10:23
Fang LiuFang Liu
1,245268
add a comment |
If you want to get the access token with the application id, hope this doc could help.
answered Sep 1 '18 at 10:23
Fang LiuFang Liu
1,245268
If you want to get the access token with the application id, hope this doc could help.
answered Sep 1 '18 at 10:23
Fang LiuFang Liu
1,245268
answered Sep 1 '18 at 10:23
Fang LiuFang Liu
1,245268
answered Sep 1 '18 at 10:23
Fang LiuFang Liu
1,245268
answered Sep 1 '18 at 10:23
Fang LiuFang Liu
1,245268
1,245268
add a comment |
add a comment |
Yes you can do this from C# code.
Here is a quick sample code that I wrote to get the Service Identity Application ID from C# code.
Pre-requisite is to install the following packages from your package manager console (Tools -> NuGet Package Manager -> Package Manager Console):
Install-Package Microsoft.Azure.Management.DataFactory -Prerelease
Install-Package Microsoft.Azure.Management.ResourceManager -Prerelease
Install-Package Microsoft.IdentityModel.Clients.ActiveDirectory
After the packages are installed, use code below
using System;
using Microsoft.Rest;
using Microsoft.Azure.Management.ResourceManager;
using Microsoft.Azure.Management.DataFactory;
using Microsoft.IdentityModel.Clients.ActiveDirectory;
namespace GetDataFactory
class Program
static void Main(string args)
// Set variables
string tenantID = "<your tenant ID>";
string applicationId = "<your application ID>";
string authenticationKey = "<your authentication key for the application>";
string subscriptionId = "<your subscription ID where the data factory resides>";
string resourceGroup = "<your resource group where the data factory resides>";
string dataFactoryName = "<specify the name of data factory to create. It must be globally unique.>";
// Authenticate and create a data factory management client
var context = new AuthenticationContext("https://login.windows.net/" + tenantID);
ClientCredential cc = new ClientCredential(applicationId, authenticationKey);
AuthenticationResult result = context.AcquireTokenAsync("https://management.azure.com/", cc).Result;
ServiceClientCredentials cred = new TokenCredentials(result.AccessToken);
var client = new DataFactoryManagementClient(cred) SubscriptionId = subscriptionId ;
var myFactory = client.Factories.Get(resourceGroup, dataFactoryName);
//Getting principal Id as you mentioned in question, but you can get more information from the Identity object as per your need.
Guid? principalId = myFactory.Identity.PrincipalId;
Once you have all the identity information, you can update the access policy for the keyvault to give required permissions (like listing keys, get/list secrets etc.) to the application (whose Id you've highlighted in the image)
Use KeyVaultManagementClient class -
https://docs.microsoft.com/en-us/dotnet/api/microsoft.azure.management.keyvault.keyvaultmanagementclient?view=azure-dotnet
https://docs.microsoft.com/en-us/dotnet/api/microsoft.azure.management.keyvault.vaultsoperationsextensions.updateaccesspolicy?view=azure-dotnet
Use Fluent API -
Look at this sample on Github - https://github.com/Azure-Samples/key-vault-dotnet-manage-key-vaults
Utilities.Log("Authorizing the application associated with the current service principal...");
vault1 = vault1.Update()
.DefineAccessPolicy()
.ForServicePrincipal(SdkContext.AzureCredentialsFactory.FromFile(Environment.GetEnvironmentVariable("AZURE_AUTH_LOCATION")).ClientId)
.AllowKeyAllPermissions()
.AllowSecretPermissions(SecretPermissions.Get)
.AllowSecretPermissions(SecretPermissions.List)
.Attach()
.Apply();
Utilities.Log("Updated key vault");
Utilities.PrintVault(vault1);
//============================================================
// Update a key vault
Utilities.Log("Update a key vault to enable deployments and add permissions to the application...");
vault1 = vault1.Update()
.WithDeploymentEnabled()
.WithTemplateDeploymentEnabled()
.UpdateAccessPolicy(vault1.AccessPolicies[0].ObjectId)
.AllowSecretAllPermissions()
.Parent()
.Apply();
Utilities.Log("Updated key vault");
// Print the network security group
Utilities.PrintVault(vault1);Use Rest API
https://docs.microsoft.com/en-us/rest/api/keyvault/vaults/updateaccesspolicy
answered Sep 2 '18 at 22:12
Rohit SaigalRohit Saigal
3,2522218
1
Thanks for the reply, It is very usefull. However, It couldn't solve my problem. Actually I want code to retreive Azure Data Factory Application ID( Highlighted in image) using C# code/
– Bhavesh Kashikar
Sep 3 '18 at 5:07
Thanks for clarifying Bhavesh Kashikar. I have edited my answer to add a code sample at the beginning, which solves your problem very specifically. Please take a look now.
– Rohit Saigal
Sep 3 '18 at 21:47
@Bhavesh Kashikar Did you get a chance to use the updated code for getting to Azure Data Factory Application ID?
– Rohit Saigal
Sep 5 '18 at 11:36
I have used same code, it is giving me PrincipleID, but not ObjectID (Highlighted in above image). myFactory.Identity will give me PrincipleId and TenantId, which is linked to Service Identity Id and Service Identity Tenant, but I could not find property which is linked to Service Identity Application ID
– Bhavesh Kashikar
Sep 5 '18 at 13:23
add a comment |
Yes you can do this from C# code.
Here is a quick sample code that I wrote to get the Service Identity Application ID from C# code.
Pre-requisite is to install the following packages from your package manager console (Tools -> NuGet Package Manager -> Package Manager Console):
Install-Package Microsoft.Azure.Management.DataFactory -Prerelease
Install-Package Microsoft.Azure.Management.ResourceManager -Prerelease
Install-Package Microsoft.IdentityModel.Clients.ActiveDirectory
After the packages are installed, use code below
using System;
using Microsoft.Rest;
using Microsoft.Azure.Management.ResourceManager;
using Microsoft.Azure.Management.DataFactory;
using Microsoft.IdentityModel.Clients.ActiveDirectory;
namespace GetDataFactory
class Program
static void Main(string args)
// Set variables
string tenantID = "<your tenant ID>";
string applicationId = "<your application ID>";
string authenticationKey = "<your authentication key for the application>";
string subscriptionId = "<your subscription ID where the data factory resides>";
string resourceGroup = "<your resource group where the data factory resides>";
string dataFactoryName = "<specify the name of data factory to create. It must be globally unique.>";
// Authenticate and create a data factory management client
var context = new AuthenticationContext("https://login.windows.net/" + tenantID);
ClientCredential cc = new ClientCredential(applicationId, authenticationKey);
AuthenticationResult result = context.AcquireTokenAsync("https://management.azure.com/", cc).Result;
ServiceClientCredentials cred = new TokenCredentials(result.AccessToken);
var client = new DataFactoryManagementClient(cred) SubscriptionId = subscriptionId ;
var myFactory = client.Factories.Get(resourceGroup, dataFactoryName);
//Getting principal Id as you mentioned in question, but you can get more information from the Identity object as per your need.
Guid? principalId = myFactory.Identity.PrincipalId;
Once you have all the identity information, you can update the access policy for the keyvault to give required permissions (like listing keys, get/list secrets etc.) to the application (whose Id you've highlighted in the image)
Use KeyVaultManagementClient class -
https://docs.microsoft.com/en-us/dotnet/api/microsoft.azure.management.keyvault.keyvaultmanagementclient?view=azure-dotnet
https://docs.microsoft.com/en-us/dotnet/api/microsoft.azure.management.keyvault.vaultsoperationsextensions.updateaccesspolicy?view=azure-dotnet
Use Fluent API -
Look at this sample on Github - https://github.com/Azure-Samples/key-vault-dotnet-manage-key-vaults
Utilities.Log("Authorizing the application associated with the current service principal...");
vault1 = vault1.Update()
.DefineAccessPolicy()
.ForServicePrincipal(SdkContext.AzureCredentialsFactory.FromFile(Environment.GetEnvironmentVariable("AZURE_AUTH_LOCATION")).ClientId)
.AllowKeyAllPermissions()
.AllowSecretPermissions(SecretPermissions.Get)
.AllowSecretPermissions(SecretPermissions.List)
.Attach()
.Apply();
Utilities.Log("Updated key vault");
Utilities.PrintVault(vault1);
//============================================================
// Update a key vault
Utilities.Log("Update a key vault to enable deployments and add permissions to the application...");
vault1 = vault1.Update()
.WithDeploymentEnabled()
.WithTemplateDeploymentEnabled()
.UpdateAccessPolicy(vault1.AccessPolicies[0].ObjectId)
.AllowSecretAllPermissions()
.Parent()
.Apply();
Utilities.Log("Updated key vault");
// Print the network security group
Utilities.PrintVault(vault1);Use Rest API
https://docs.microsoft.com/en-us/rest/api/keyvault/vaults/updateaccesspolicy
answered Sep 2 '18 at 22:12
Rohit SaigalRohit Saigal
3,2522218
1
Thanks for the reply, It is very usefull. However, It couldn't solve my problem. Actually I want code to retreive Azure Data Factory Application ID( Highlighted in image) using C# code/
– Bhavesh Kashikar
Sep 3 '18 at 5:07
Thanks for clarifying Bhavesh Kashikar. I have edited my answer to add a code sample at the beginning, which solves your problem very specifically. Please take a look now.
– Rohit Saigal
Sep 3 '18 at 21:47
@Bhavesh Kashikar Did you get a chance to use the updated code for getting to Azure Data Factory Application ID?
– Rohit Saigal
Sep 5 '18 at 11:36
I have used same code, it is giving me PrincipleID, but not ObjectID (Highlighted in above image). myFactory.Identity will give me PrincipleId and TenantId, which is linked to Service Identity Id and Service Identity Tenant, but I could not find property which is linked to Service Identity Application ID
– Bhavesh Kashikar
Sep 5 '18 at 13:23
add a comment |
Yes you can do this from C# code.
Here is a quick sample code that I wrote to get the Service Identity Application ID from C# code.
Pre-requisite is to install the following packages from your package manager console (Tools -> NuGet Package Manager -> Package Manager Console):
Install-Package Microsoft.Azure.Management.DataFactory -Prerelease
Install-Package Microsoft.Azure.Management.ResourceManager -Prerelease
Install-Package Microsoft.IdentityModel.Clients.ActiveDirectory
After the packages are installed, use code below
using System;
using Microsoft.Rest;
using Microsoft.Azure.Management.ResourceManager;
using Microsoft.Azure.Management.DataFactory;
using Microsoft.IdentityModel.Clients.ActiveDirectory;
namespace GetDataFactory
class Program
static void Main(string args)
// Set variables
string tenantID = "<your tenant ID>";
string applicationId = "<your application ID>";
string authenticationKey = "<your authentication key for the application>";
string subscriptionId = "<your subscription ID where the data factory resides>";
string resourceGroup = "<your resource group where the data factory resides>";
string dataFactoryName = "<specify the name of data factory to create. It must be globally unique.>";
// Authenticate and create a data factory management client
var context = new AuthenticationContext("https://login.windows.net/" + tenantID);
ClientCredential cc = new ClientCredential(applicationId, authenticationKey);
AuthenticationResult result = context.AcquireTokenAsync("https://management.azure.com/", cc).Result;
ServiceClientCredentials cred = new TokenCredentials(result.AccessToken);
var client = new DataFactoryManagementClient(cred) SubscriptionId = subscriptionId ;
var myFactory = client.Factories.Get(resourceGroup, dataFactoryName);
//Getting principal Id as you mentioned in question, but you can get more information from the Identity object as per your need.
Guid? principalId = myFactory.Identity.PrincipalId;
Once you have all the identity information, you can update the access policy for the keyvault to give required permissions (like listing keys, get/list secrets etc.) to the application (whose Id you've highlighted in the image)
Use KeyVaultManagementClient class -
https://docs.microsoft.com/en-us/dotnet/api/microsoft.azure.management.keyvault.keyvaultmanagementclient?view=azure-dotnet
https://docs.microsoft.com/en-us/dotnet/api/microsoft.azure.management.keyvault.vaultsoperationsextensions.updateaccesspolicy?view=azure-dotnet
Use Fluent API -
Look at this sample on Github - https://github.com/Azure-Samples/key-vault-dotnet-manage-key-vaults
Utilities.Log("Authorizing the application associated with the current service principal...");
vault1 = vault1.Update()
.DefineAccessPolicy()
.ForServicePrincipal(SdkContext.AzureCredentialsFactory.FromFile(Environment.GetEnvironmentVariable("AZURE_AUTH_LOCATION")).ClientId)
.AllowKeyAllPermissions()
.AllowSecretPermissions(SecretPermissions.Get)
.AllowSecretPermissions(SecretPermissions.List)
.Attach()
.Apply();
Utilities.Log("Updated key vault");
Utilities.PrintVault(vault1);
//============================================================
// Update a key vault
Utilities.Log("Update a key vault to enable deployments and add permissions to the application...");
vault1 = vault1.Update()
.WithDeploymentEnabled()
.WithTemplateDeploymentEnabled()
.UpdateAccessPolicy(vault1.AccessPolicies[0].ObjectId)
.AllowSecretAllPermissions()
.Parent()
.Apply();
Utilities.Log("Updated key vault");
// Print the network security group
Utilities.PrintVault(vault1);Use Rest API
https://docs.microsoft.com/en-us/rest/api/keyvault/vaults/updateaccesspolicy
answered Sep 2 '18 at 22:12
Rohit SaigalRohit Saigal
3,2522218
Yes you can do this from C# code.
Here is a quick sample code that I wrote to get the Service Identity Application ID from C# code.
Pre-requisite is to install the following packages from your package manager console (Tools -> NuGet Package Manager -> Package Manager Console):
Install-Package Microsoft.Azure.Management.DataFactory -Prerelease
Install-Package Microsoft.Azure.Management.ResourceManager -Prerelease
Install-Package Microsoft.IdentityModel.Clients.ActiveDirectory
After the packages are installed, use code below
using System;
using Microsoft.Rest;
using Microsoft.Azure.Management.ResourceManager;
using Microsoft.Azure.Management.DataFactory;
using Microsoft.IdentityModel.Clients.ActiveDirectory;
namespace GetDataFactory
class Program
static void Main(string args)
// Set variables
string tenantID = "<your tenant ID>";
string applicationId = "<your application ID>";
string authenticationKey = "<your authentication key for the application>";
string subscriptionId = "<your subscription ID where the data factory resides>";
string resourceGroup = "<your resource group where the data factory resides>";
string dataFactoryName = "<specify the name of data factory to create. It must be globally unique.>";
// Authenticate and create a data factory management client
var context = new AuthenticationContext("https://login.windows.net/" + tenantID);
ClientCredential cc = new ClientCredential(applicationId, authenticationKey);
AuthenticationResult result = context.AcquireTokenAsync("https://management.azure.com/", cc).Result;
ServiceClientCredentials cred = new TokenCredentials(result.AccessToken);
var client = new DataFactoryManagementClient(cred) SubscriptionId = subscriptionId ;
var myFactory = client.Factories.Get(resourceGroup, dataFactoryName);
//Getting principal Id as you mentioned in question, but you can get more information from the Identity object as per your need.
Guid? principalId = myFactory.Identity.PrincipalId;
Once you have all the identity information, you can update the access policy for the keyvault to give required permissions (like listing keys, get/list secrets etc.) to the application (whose Id you've highlighted in the image)
Use KeyVaultManagementClient class -
https://docs.microsoft.com/en-us/dotnet/api/microsoft.azure.management.keyvault.keyvaultmanagementclient?view=azure-dotnet
https://docs.microsoft.com/en-us/dotnet/api/microsoft.azure.management.keyvault.vaultsoperationsextensions.updateaccesspolicy?view=azure-dotnet
Use Fluent API -
Look at this sample on Github - https://github.com/Azure-Samples/key-vault-dotnet-manage-key-vaults
Utilities.Log("Authorizing the application associated with the current service principal...");
vault1 = vault1.Update()
.DefineAccessPolicy()
.ForServicePrincipal(SdkContext.AzureCredentialsFactory.FromFile(Environment.GetEnvironmentVariable("AZURE_AUTH_LOCATION")).ClientId)
.AllowKeyAllPermissions()
.AllowSecretPermissions(SecretPermissions.Get)
.AllowSecretPermissions(SecretPermissions.List)
.Attach()
.Apply();
Utilities.Log("Updated key vault");
Utilities.PrintVault(vault1);
//============================================================
// Update a key vault
Utilities.Log("Update a key vault to enable deployments and add permissions to the application...");
vault1 = vault1.Update()
.WithDeploymentEnabled()
.WithTemplateDeploymentEnabled()
.UpdateAccessPolicy(vault1.AccessPolicies[0].ObjectId)
.AllowSecretAllPermissions()
.Parent()
.Apply();
Utilities.Log("Updated key vault");
// Print the network security group
Utilities.PrintVault(vault1);Use Rest API
https://docs.microsoft.com/en-us/rest/api/keyvault/vaults/updateaccesspolicy
answered Sep 2 '18 at 22:12
Rohit SaigalRohit Saigal
3,2522218
edited Sep 3 '18 at 21:46
answered Sep 2 '18 at 22:12
Rohit SaigalRohit Saigal
3,2522218
answered Sep 2 '18 at 22:12
Rohit SaigalRohit Saigal
3,2522218
answered Sep 2 '18 at 22:12
Rohit SaigalRohit Saigal
3,2522218
3,2522218
1
Thanks for the reply, It is very usefull. However, It couldn't solve my problem. Actually I want code to retreive Azure Data Factory Application ID( Highlighted in image) using C# code/
– Bhavesh Kashikar
Sep 3 '18 at 5:07
Thanks for clarifying Bhavesh Kashikar. I have edited my answer to add a code sample at the beginning, which solves your problem very specifically. Please take a look now.
– Rohit Saigal
Sep 3 '18 at 21:47
@Bhavesh Kashikar Did you get a chance to use the updated code for getting to Azure Data Factory Application ID?
– Rohit Saigal
Sep 5 '18 at 11:36
I have used same code, it is giving me PrincipleID, but not ObjectID (Highlighted in above image). myFactory.Identity will give me PrincipleId and TenantId, which is linked to Service Identity Id and Service Identity Tenant, but I could not find property which is linked to Service Identity Application ID
– Bhavesh Kashikar
Sep 5 '18 at 13:23
add a comment |
1
Thanks for the reply, It is very usefull. However, It couldn't solve my problem. Actually I want code to retreive Azure Data Factory Application ID( Highlighted in image) using C# code/
– Bhavesh Kashikar
Sep 3 '18 at 5:07
Thanks for clarifying Bhavesh Kashikar. I have edited my answer to add a code sample at the beginning, which solves your problem very specifically. Please take a look now.
– Rohit Saigal
Sep 3 '18 at 21:47
@Bhavesh Kashikar Did you get a chance to use the updated code for getting to Azure Data Factory Application ID?
– Rohit Saigal
Sep 5 '18 at 11:36
I have used same code, it is giving me PrincipleID, but not ObjectID (Highlighted in above image). myFactory.Identity will give me PrincipleId and TenantId, which is linked to Service Identity Id and Service Identity Tenant, but I could not find property which is linked to Service Identity Application ID
– Bhavesh Kashikar
Sep 5 '18 at 13:23
1
1
Thanks for the reply, It is very usefull. However, It couldn't solve my problem. Actually I want code to retreive Azure Data Factory Application ID( Highlighted in image) using C# code/
– Bhavesh Kashikar
Sep 3 '18 at 5:07
Thanks for the reply, It is very usefull. However, It couldn't solve my problem. Actually I want code to retreive Azure Data Factory Application ID( Highlighted in image) using C# code/
– Bhavesh Kashikar
Sep 3 '18 at 5:07
Thanks for clarifying Bhavesh Kashikar. I have edited my answer to add a code sample at the beginning, which solves your problem very specifically. Please take a look now.
– Rohit Saigal
Sep 3 '18 at 21:47
Thanks for clarifying Bhavesh Kashikar. I have edited my answer to add a code sample at the beginning, which solves your problem very specifically. Please take a look now.
– Rohit Saigal
Sep 3 '18 at 21:47
@Bhavesh Kashikar Did you get a chance to use the updated code for getting to Azure Data Factory Application ID?
– Rohit Saigal
Sep 5 '18 at 11:36
@Bhavesh Kashikar Did you get a chance to use the updated code for getting to Azure Data Factory Application ID?
– Rohit Saigal
Sep 5 '18 at 11:36
I have used same code, it is giving me PrincipleID, but not ObjectID (Highlighted in above image). myFactory.Identity will give me PrincipleId and TenantId, which is linked to Service Identity Id and Service Identity Tenant, but I could not find property which is linked to Service Identity Application ID
– Bhavesh Kashikar
Sep 5 '18 at 13:23
I have used same code, it is giving me PrincipleID, but not ObjectID (Highlighted in above image). myFactory.Identity will give me PrincipleId and TenantId, which is linked to Service Identity Id and Service Identity Tenant, but I could not find property which is linked to Service Identity Application ID
– Bhavesh Kashikar
Sep 5 '18 at 13:23
add a comment |
If you want to retrieve the app id of an existing ADF, you need to do 2 trips.
The first is to retrieve the service identity for resource manager. @rohit's first code block does this in c#. This retrieves the object ID of the principal, not the app ID which is an attribute of that object.
The second is to retrieve the application ID from active directory via RM. You can then use this to assign access policy. For example, in powershell you would do this:
First Step:
$principal = (Get-AzureRmDataFactoryV2 -ResourceGroupName "yourRG" -Name yourADF).identity.PrincipalId
then second step...
$appId = (Get-AzureRmADServicePrincipal -ObjectId $principal).ApplicationId
The c# equivilent should be easy to figure out from this.
answered Nov 13 '18 at 20:53
MarkDMarkD
338314
add a comment |
If you want to retrieve the app id of an existing ADF, you need to do 2 trips.
The first is to retrieve the service identity for resource manager. @rohit's first code block does this in c#. This retrieves the object ID of the principal, not the app ID which is an attribute of that object.
The second is to retrieve the application ID from active directory via RM. You can then use this to assign access policy. For example, in powershell you would do this:
First Step:
$principal = (Get-AzureRmDataFactoryV2 -ResourceGroupName "yourRG" -Name yourADF).identity.PrincipalId
then second step...
$appId = (Get-AzureRmADServicePrincipal -ObjectId $principal).ApplicationId
The c# equivilent should be easy to figure out from this.
answered Nov 13 '18 at 20:53
MarkDMarkD
338314
add a comment |
If you want to retrieve the app id of an existing ADF, you need to do 2 trips.
The first is to retrieve the service identity for resource manager. @rohit's first code block does this in c#. This retrieves the object ID of the principal, not the app ID which is an attribute of that object.
The second is to retrieve the application ID from active directory via RM. You can then use this to assign access policy. For example, in powershell you would do this:
First Step:
$principal = (Get-AzureRmDataFactoryV2 -ResourceGroupName "yourRG" -Name yourADF).identity.PrincipalId
then second step...
$appId = (Get-AzureRmADServicePrincipal -ObjectId $principal).ApplicationId
The c# equivilent should be easy to figure out from this.
answered Nov 13 '18 at 20:53
MarkDMarkD
338314
If you want to retrieve the app id of an existing ADF, you need to do 2 trips.
The first is to retrieve the service identity for resource manager. @rohit's first code block does this in c#. This retrieves the object ID of the principal, not the app ID which is an attribute of that object.
The second is to retrieve the application ID from active directory via RM. You can then use this to assign access policy. For example, in powershell you would do this:
First Step:
$principal = (Get-AzureRmDataFactoryV2 -ResourceGroupName "yourRG" -Name yourADF).identity.PrincipalId
then second step...
$appId = (Get-AzureRmADServicePrincipal -ObjectId $principal).ApplicationId
The c# equivilent should be easy to figure out from this.
answered Nov 13 '18 at 20:53
MarkDMarkD
338314
answered Nov 13 '18 at 20:53
MarkDMarkD
338314
answered Nov 13 '18 at 20:53
MarkDMarkD
338314
answered Nov 13 '18 at 20:53
MarkDMarkD
338314
338314
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f52116811%2fretrieve-azure-data-factory-service-identity-application-id%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
