Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Azure Active Directory Application Key Renewal

Tags:

azure

azure-active-directory

When configuring an application in Azure Active Directory you can create keys which are valid for either 1 or 2 years. In an organization with many services and clients, how do you manage key renewal?

Does Azure Active Directory tell you when a key is approaching expiry? Is there a way to generate a key with a longer lifetime or even an indefinite lifetime?

Azure Active Directory Key Duration

like image 734
Muhammad Rehan Saeed Avatar asked Dec 22 '15 11:12

Muhammad Rehan Saeed

3 Answers

Update September 2016: it is now possible to chose an infinite expiration date from the New Portal. Behind the scenes, it’s actually not infinite but it sets a date very far in the future.

source: https://stephaneeyskens.wordpress.com/2016/01/14/managing-expiration-of-azure-active-directory-application-client-secrets/

like image 168
discy Avatar answered Oct 09 '22 10:10

discy

Unfortunately, the only way to find out when the Azure Active Directory (AAD) application key/client secret's expiry period is through the Azure old portal as of today.

Besides, as you can see in the Azure old portal, there are only 2 options available for the key duration, i.e. 1 year or 2 years.

enter image description here

Hope this helps!

like image 23
juvchan Avatar answered Oct 09 '22 10:10

juvchan

For the application that I am writing I have managed to set the expire time 99 years by manually creating an application. You can also update existing applications with new Keys using the AppId.

To do this I used a Native application;

var app = (Application)await GraphAPI.NativeConnection.Applications.Where(a => a.AppId.Equals(appClientId)).ExecuteSingleAsync();
string clientSecert = Guid.NewGuid().ToString();
DateTime exipre = DateTime.UtcNow.AddYears(99);
PasswordCredential pwc = new PasswordCredential
{
    StartDate = DateTime.UtcNow,
    EndDate = exipre,
    KeyId = Guid.NewGuid(),
    Value = clientSecert
};

app.PasswordCredentials.Add(pwc);
await app.UpdateAsync();

return new AppData { ClientId = appClientId, ClientSecert = clientSecert, ExpireDate = exipre };

GraphAPI.NativeConnection is a singleton instance of a native application via the graph API for azure.

Edit, this singleton is my own implementation

Since you normally see the new secret in the web page of the management portal you will need to store the secret and show it to the user to write down.

When creating a new application you will need to ResourceAccess as well. These items can be found in the manifest of other applications.

like image 28
Bobo Avatar answered Oct 09 '22 10:10

Bobo
Sign in to Comment

Related questions

How to get the stream for a Multipart file in webapi upload?
Is it possible to set the content disposition of an existing Azure blob?
LINQ to Azure Search
Could not load file or assembly 'System.Web.Mvc, Version=3.0.0.0
Cannot connect PlainText (JSON) to Dataset at Azure Machine Learning
ConnectionString configSource not found when deployed to Azure
Change Accepted MIME Type on Azure without Web.Config
Can't get Move-AzureResource working
Is AKKA trying to do in memory the same as Azure Service Bus Queue does on disk?
Method not found: 'System.String RazorEngine.Templating.ITemplate.Run
How to avoid a 404 when deleting batches from Azure Table Storage
Support both HTTP and HTTPS Web.Config WCF Service
Is it possible to edit an Azure Automation Schedule?
Send message to azure queue Microsoft.ServiceBus.Messaging.MessagingEntityNotFoundException
pymssql: Connection to the database only works sometimes
Azure PDF Sharp not using Unicode font
How to call update-database from package manager console in Visual Studio against SQL Azure?
Hosted build on VSO with Azure SDK 2.8 fails
UseWindowsAzureActiveDirectoryBearerAuthentication does not exist in ASP.NET 5 RC1-Final
Sign in to Nodejs web app, using Azure AD

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!