Reputation: 211
Setting up Azure KeyVault in ASP.net MVC Web App
I am new to Web development and ASP.net. I am trying to figure out how to implement the Azure KeyVault to securely fetch ConnectionStrings as a secret in my Web.Config file. I am confused as to how to go about this.
I used the following guide to setup my basic CRUD application: https://learn.microsoft.com/en-us/aspnet/mvc/overview/getting-started/getting-started-with-ef-using-mvc/implementing-basic-crud-functionality-with-the-entity-framework-in-asp-net-mvc-application
Currently, I am using SQL database on Azure and have my connectionStrings working perfectly. Everything works and is functional. However, now I want to go from having my credentials in the connectionString to having the whole connectionString be fetched from the KeyVault as a secret. All the guides I'm finding are about ASP.net core apps but my app is ASP.net MVC web App. Can someone please provide guidelines on how to get started?
Additional stuff I did: 1. Created ASP.net Core web app so I would have program.cs file and appsettings.json. However, I don't know how to connect the two projects together to fetch the connectionString.
Program.cs from ASP core web app:
namespace KeyVaultTest
{
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Error");
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseMvc();
}
}
}
startup.cs from ASP core web app:
namespace KeyVaultTest
{
public class Program
{
public static void Main(string[] args)
{
CreateWebHostBuilder(args).Build().Run();
}
public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
WebHost.CreateDefaultBuilder(args)
.UseStartup<Startup>();
}
}
Upvotes: 2
Views: 3069
Answers (2)
Reputation: 781
I've built an extension for IHostBuilder (used in Program.cs) to configure the key vault settings accordingly, see here: github
It also considers the environments and uses the users secrets in development environment.
Upvotes: 1
Reputation: 12163
You are on the right path, you just need to:
- Add your connection strings to KeyVault
- Add the KeyVault nuget package
- Configuration Asp.Net core app to recognise KeyVault as a config store
Azure Key Vault Configuration Provider in ASP.NET Core - goes through this, in much more detail:
https://learn.microsoft.com/en-us/aspnet/core/security/key-vault-configuration?view=aspnetcore-2.2
Upvotes: 0
Related Questions
- Integrate Azure Key Vault in .NET Web API application using Secret URL
- How to access an azure keyvault from an non registeres app (.net framework webapp)
- Asp.Net MVC 5 - how to Implement Azure.Security.KeyVault.Secrets code
- Connect to Azure KeyVault from WPF app Net Core 3.1
- Azure vault key using .Net 4.5
- Integrate Azure Key Vault with ASP.NET 4.0
- On-prem ASP.NET Framework web app with Azure Key Vault
- Accessing AzureKeyVault
- Problem with configuring Azure KeyVault in ASP.net app
- asp.net secrets in PROD