What would be the best practice to update the connection string from Key vault secret at runtime in ASP.NET MVC 4.xx

Question

I want to mention at first. I went through the other blogs to find the answer but I could not get the clear answer to my questions that I am looking for.

I am getting Key Vault secret from Azure AD at runtime which store the connection strings. My current program has the hardcoded connection string but it has to be change and need to be updated from the keyvault secret. I am able to get the connection string programmatically from Azure. The the point is how should I update in the configuration file so it only runs once per application.

The purpose of my question is to know what would be the best practice to update the connection string at runtime and how I can do it. As I mentioned currently it is hardcoded in the web.config file so without disturbing much of the code updating it in web.config file would be good for me however, if it is not a good idea then what would be an alternate?

Please if providing code example that would be highly appreciated based on ASP.NET MVC on .NET 4.8.

Code to get the secret in ASP.NET MVC; assumption is that the secret has been created:

 public string ViewDataWithKeyVault()
 {
        var AzureKeyVaultName = "MyDbConnectionString";//get this from app settings. You can pass it as param to this method

        var secretClient = new SecretClient(new Uri($"https://{AzureKeyVaultName}.vault.azure.net/"), new DefaultAzureCredential());
        var secretVaults = secretClient.GetPropertiesOfSecrets().AsPages().ToList();

        var listName = new List();
        string keyVaultName = "";

        foreach (var sV in secretVaults)
        {
            var keyVaultProp = sV.Values;

            foreach (var prop in keyVaultProp)
            {
                listName.Add(prop.Name);

                if (prop.Name.ToLower().Contains("mydb"))
                {
                    keyVaultName = prop.Name;
                }
            }
        }

        var sec = secretClient.GetSecret(keyVaultName);
        var connstring = sec.Value.ToString();

        return connstring;
    }

Thanks

Harshitha · Accepted Answer

Check the below workaround to read the Connection String from Azure KeyVault. I have stored the Connection string in Azure Secret and set the Secret in Azure App Configuration Section and retrieve the same with key-value in MVC

In Azure Portal,create an Azure Key Vault. Provide the required info and click on Review + create.

enter image description here

In Azure Key Vault, create secrets and copy the Secret Identifier for future reference

enter image description here

We need to give access rights to retrieve secrets. Azure KeyVault => Access Policies => Create => select Get,List and click on Review + create For principal, search with the name of the Azure App Service and select

enter image description here

In Visual Studio => right click on the project folder => click on Add => Connected Service => Add a service dependency => Add Azure Key Vault

enter image description here

Sign into Azure Account and select the Subscription and Azure Key Vault which you have created in previous steps.
After configuring the Key Vault your web.config will be added with new settings.

Web.config file

In Azure App Service, create a new Connection String settings with the same name as in web.config.Replace the Uri with the Secret Identifier from KeyVault Secret

Key - MYconn
Value - @Microsoft.KeyVault(SecretUri=Uri)

enter image description here In HomeController, add the below code to get the Connection String

 public ActionResult Index()
        {
            var conn = ConfigurationManager.ConnectionStrings["MYconn"];        
            ViewBag.myConnectionstring = conn;
            return View();
        }

Index.cshtml

 @ViewBag.myConnectionstring

What would be the best practice to update the connection string from Key vault secret at runtime in ASP.NET MVC 4.xx

Answers (1)

Related Questions