CODEWITHSUNDEEP
asp.netvisual-studio-2019azure-keyvault
john paz
john paz

Reputation: 328

On-prem ASP.NET Framework web app with Azure Key Vault

We're in the process of trying to secure our application secrets in our internal ASP.NET Framework web applications. The initial plan offered to me was to use Azure Key Vault. I began development work using my Visual Studio Enterprise subscription, and that seems to work fine, locally.

We've created a second Key Vault in our company's production environment, and again, I can use it locally, because my own AAD account has access to the vault. However, in this project (4.7.2 Web Forms web application), I don't see any means of specifying the Access Policy principal that we've created for the application.

My google-fu is failing me: is there any documentation that explains how to do this? Is this scenario -- an on-prem, ASP.NET Framework app outside of the Azure environment, accessing Key Vault for confiugation values -- even possible?

Thanks.

UPDATE: I was unable to find a solution that would allow me to use the Access Policy principal from within the "Add Connected Service" dialog. I'm somewhat surprised it's not in there, or is hidden enough to elude me. So I ended up writing my own Key Vault Secret-Reader function, similar to the marked answer. Hope this helps someone...

Upvotes: 2

Views: 4051

Answers (1)

Joy Wang
Joy Wang

Reputation: 42043

In this scenario, your option is to use the service principal to access the keyvault, please follow the steps below, my sample get the secret from the keyvault.

1.Register an application with Azure AD and create a service principal.

2.Get values for signing in and create a new application secret.

3.Navigate to the keyvault in the portal -> Access policies -> add the correct secret permission for the service principal.

4.Then use the code below, replace the <client-id>, <tenant-id>, <client-secret> with the values got before.

using System;
using Microsoft.Azure.KeyVault;
using Microsoft.Azure.Services.AppAuthentication;

namespace test1
{
    class Program
    {
        static void Main(string[] args)
        {
            var azureServiceTokenProvider = new AzureServiceTokenProvider("RunAs=App;AppId=<client-id>;TenantId=<tenant-id>;AppKey=<client-secret>");
            var kv = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
            var secret = kv.GetSecretAsync("https://keyvaultname.vault.azure.net/", "mySecret123").GetAwaiter().GetResult();
            Console.WriteLine(secret);

        }
    }
}

enter image description here

Upvotes: 5

Related Questions