Introduction
This text offers a walkthrough on find out how to take an present ASP.NET utility working in Azure App Service, and with out touching the C# code, configure it in a method that it’s going to retrieve its delicate configuration values from a Key Vault as an alternative of its Internet.config or App.Config file.
The way in which how the applying reads the configuration, e.g. ConfigurationManager.AppSettings[“MyDatabaseConnectionString”] as we speak, that worth would come instantly from a secret in Key Vault, all with out modifying something within the precise supply code of your app.
That is additionally with out storing the Key Vault connection string or credentials in your utility configuration file and makes it very simply redeployable throughout environments.
Framework and Configuration Builder
This guideline is for an ASP.NET challenge focusing on .NET Framework 4.7.1 or later and Configuration Builders that are solely accessible in current variations of the framework.
Configuration builders in ASP.NET present a strategy to modify and/or override the values coming out of your configuration information (Internet.config within the case of ASP.NET) through the use of totally different sources (setting variables, Key Vault, and so on.). This implies you could retailer your config values in different places than these information with out modifying the elements of your utility which are depending on these values.
Implementation Steps
- Go to your Key Vault and navigate to Entry Insurance policies within the left navigation:
- Choose the required permissions. On this case, we have to Get and Listing secret permissions. Choose Principal and seek for the online utility to be granted entry. Click on add after which save entry.
Visual Studio and Azure Key Vault as Related Service: Proper click on the challenge within the resolution and add Key Vault as a related service to it. This can add a following of NuGet packages to your challenge:
Microsoft.Azure.KeyVault
Microsoft.Azure.KeyVault.WebKey
Microsoft.Azure.Providers.AppAuthentication
Microsoft.Configuration.ConfigurationBuilders.Azure
Microsoft.Configuration.ConfigurationBuilders.Base
Microsoft.IdentityModel.Purchasers.ActiveDirectory
Microsoft.Relaxation.ClientRuntime
Microsoft.Relaxation.ClientRuntime.Azure
Be aware
For Azure Internet Jobs challenge varieties, the place Azure Key Vault Related Service shouldn’t be accessible, the above NuGet Packages may be added instantly. Additionally added is a configuration builder – level to the Key Vault occasion chosen throughout the setup in Internet.config or App.config file. Subsequent, take away the vaultUri attribute of the freshly added Key Vault builder.
Then substitute the AppSettings and Connection String tag in your Internet.config with this:
Regionally Debugging Steps
Login to Visual Studio together with your Azure Account, which must be added to Key Vault, precisely the identical method we add the Internet App service principal earlier.
After this, at any time when we debug our utility domestically, it’s going to authenticate in opposition to Key Vault utilizing our personal Azure account and our app will have the ability to entry the secrets and techniques similar to when it’s working on App Service.
Deployment utilizing Azure DevOps
As we deploy our utility on a number of environments (Dev, QA, Prod..), we have to make sure the Key Vault Title related to the setting is added within the beneath configurations
We will use some XML transformation as a part of our CD pipeline to switch the title of the Key Vault earlier than every deployment, however beneath is an easy resolution to that is to
make sure the NuGet bundle ‘Microsoft.Configuration.ConfigurationBuilders.Azure’ is upgraded to 2.0.0.0
Within the configBuilders node, substitute the vaultName worth with ‘${Key_Vault_Name}’ (this may be any title)
Add an app setting with the identical title as beneath:
Substitute this App Setting worth in your CD pipeline utilizing Azure DevOps Variables with the respective setting Key Vault Title.
