Using Adal for accessing the Azure KeyVault on behalf of a user

Question

The following is in a console application and ClientID, RedirectUri is from the created native app in azure active directory.

var authContext = new Authenticatio         


        

Answer 1

Here is what you need to do:

• Create a service principal
• Register it in Azure AD
• Grant it access to the Azure KeyVault API

The steps were documented in an Azure article last September at

https://blogs.technet.microsoft.com/kv/2016/09/17/accessing-key-vault-from-a-native-application/

This article explains how to perform the above steps to access Azure KeyVault programmatically from a native application (as opposed to a service application) without having to rely on the Azure Powershell trick mentioned by @benv.

Answer 2

You're on the right track! You need to configure AAD to be able to authorize users specifically for access to KeyVault. Try adding the following to your manifest.

{
      "resourceAppId": "cfa8b339-82a2-471a-a3c9-0fc0be7a4093",
      "resourceAccess": [
        {
          "id": "f53da476-18e3-4152-8e01-aec403e6edc0",
          "type": "Scope"
        }
      ]
}

If that doesn't work, you can do this the old-fashioned way by visiting the old portal, navigating to AAD, your AAD Tenant, your application, and adding "Azure Key Vault" under the "permissions to other applications" section of the "Configure" tab.