What's the best/latest approach to authenticate access to Azure Key Vault using Certificate from an non-azure application

Question

I would like to retrieve Azure Key Vault secrets from a client application(outside of Azure) using certificate authentication for Azure Key Vault through Azure AD. My initial development is done through a dotnet console application, and eventually, I would like to use similar logic within a WCF web service hosted on an IIS server outside Azure (an on-premise server). I have everything set up on cloud side: Azure Key Vault set up, client application registration, and a certificate within Azure Key Vault for client Application authentication. I also install the same certificate in my local machine current user certificate store and the certificate on the windows service server hosting my WCF web service. So that I can retrieve the certificate from the certificate by using its thumbprint value:

var certCollection = certStore.Certificates.Find(X509FindType.FindByThumbprint, certificateThumbprint, onlyAllowValidCerts);

I tried a couple of approaches to access Azure Key Vault secrets, but nothing has met the expectations I set up initially. I would like to know what is the best/latest approach to achieve what I want without compromising response time and using deprecated APIs

1. Use AzureKeyVaultConfigurationProvider to retrieve secrets

Issues: 1.1)I have to use a few deprecated packages for this purpose. 1.2)Also, the performance (response time) to retrieve the secrets from Azure Key Vault and populate the AzureKeyVaultConfiguration is not ideal...

Code Example:

 // create IConfigurationRoot to read Azure key vault
            IConfigurationRoot config = new ConfigurationBuilder()
                                                      .AddAzureKeyVault(
                                                         keyVaultUrl,
                                                         CLIENT_ID,
                                                         KeyVaultUtility.AssertionCert2,
                                                         new DefaultKeyVaultSecretManager())
                                                      .Build();

2. Use AzureKeyVault package to create a KeyVault Utility. Then use GetSecretAsync method: Issues: 1)Azure Key Vault package is deprecated 2)When I use this logic with WCF service, and test locally, I run into following error: Method not found: 'Void Microsoft.Azure.KeyVault.KeyVaultClient..ctor(AuthenticationCallback, System.Net.Http.DelegatingHandler[])'.

Code Example:

 var client = KeyVaultUtility.GetClient();
 var secret = Task.Run(async () => await client.GetSecretAsync(keyVaultUrl, "Jon--Test")).Result.Value;

---

KeyVaultUtility logic:

 public  static KeyVaultClient GetClient()
        {
            if (AssertionCert == null)
            {
                throw new Exception("Call Initialise before calling GetClient.");
            }

            return new KeyVaultClient(new KeyVaultClient.AuthenticationCallback((a, r, s) => GetAccessToken(a, r, s, AssertionCert)));
        }

        private static async Task<string> GetAccessToken(string authority, string resource, string scope, ClientAssertionCertificate cert)
        {
            var context = new AuthenticationContext(authority, TokenCache.DefaultShared);
            var result = await context.AcquireTokenAsync(resource, cert).ConfigureAwait(false);
            return result.AccessToken;
        }