So I've always wanted to participate in a Microsoft Hackathon and seeing the name Identity for All, I wasn't sure if I had any project in mind that I could use to participate. But fortunately, the motivation to learn more about Azure Active Directory and Microsoft Identity came upon me. I decided to create a GitHub Repository Cleaner in Asp.Net (razor pages) using various Microsoft Identity technology.

What it does

GitHub doesn't allow you to delete multiple repositories at once on their website, so my application had to leverage GitHub APIs to automate the process. With my application, you can easily delete multiple repositories at once. And the good thing about my application is that you don't need to manually copy your access tokens from GitHub in order to have access or permission to delete your repositories. It uses OAuth 2.0 to essentially enable the retrieval of your access tokens to be easy.

How I built it

Below is a step-by-step summary of the build process:

  • I went to to register my OAuth application. After the registered I obtained ClientId and ClientSecret for my application.
  • I used the secret to build the web application using ASP.NET razor pages locally
  • I decided to secure my GitHub OAuth ClientId and ClientSecret in Azure Key Vault.
  • I registered an Azure AD application which enabled access to the Azure Key Vault. During the registration process, I assigned the contributor role to the application.
  • I first tried both the x509 certificate and the C# DefaultAzureCredential class to access my my registered application which would grant me access to the key vault during development.
  • I created a User Assigned Managed Identity which I used to grant hosted Azure Web app access to my Azure key Vault secret
  • I used GitHub Actions for Continuous Integration and Continuous Development.
  • To grant the GitHub actions runner access to deploy in my Azure account, I decided to use the OpenId Connect technique via Workload Identity federation. This made the YAML setup easy.
  • For the CI/CD I configured it in a way that for every push to GitHub the action would run the build process and deploy if no error is encountered.

    Challenges we ran into

    I really learned a lot from participating in this hackathon but I also ran into some challenges that I successfully came out of. Some of the challenges were:

  • I initially had issues installing my x509 certificate after generating it with the New-SelfSignedCertificate PowerShell command.

  • I also ran into issues of assigning a role to my registered application because I thought by default it should bear the role of the user creating it 😅

    Accomplishments that I'm proud of

    I'm glad to have this system running using CI/CD via GitHub actions. It looks like magic and having my secrets secured properly in the Azure Key Vault.

    What I learned

    I learnt a couple of things like:

  • Workload Identity Federation

  • Managed Identity

  • MSAL Libraries for authentication

  • Continuous Access Evaluation

  • Authentication via OpenId and Authorization via OAuth2.0

  • Creating x509 certificates and their installation

  • Some new PowerShell commands

  • How to use the x509 certificates to access Azure services

  • How to use Managed Identity to access Azure services

  • How to use GitHub Actions for CI/CD in an ASP.NET framework

  • How to consume GitHub API in ASP.NET Framework

Thanks for this opportunity, I've learnt a lot🚀

Built With

  • asp-razor-pages
  • azure-key-vault
  • azure-web-app
  • c#
  • continuous-access-evaluation
  • github-actions
  • github-api
  • managed-identity
  • oauth
  • workload-identity-federation
  • x509-certificates
Share this project: