Skip to main content

Azure key vault with .net framework 4.8



Azure Key Vault  With .Net Framework 4.8


I was asked to migrate asp.net MVC 5 web application to Azure and I were looking for the key vault integrations and access all the secrete out from there.

Azure Key Vault Config Builder


Configuration builders for ASP.NET are new in .NET Framework >=4.7.1 and .NET Core >=2.0 and allow for pulling settings from one or many sources. Config builders support a number of different sources like user secrets, environment variables and Azure Key Vault and also you can create your own config builder, to pull in configuration from your own configuration management system.

Here I am going to demo Key Vault integrations with Asp.net MVC(download .net framework 4.8). You will find that it's magical, without code, changes how your app can read secretes from the key vault. Just you have to do the few configurations in your web config file.

Prerequisite:
Following resource are required to run/complete this demo
·        Azure subscription
o   Create an Azure web app
o   Create a key vault resource
§  Add a couple of secretes
·        Visual studio 2019 ready to use on your machine
·        .Net Framework 4.8 installed

Configuration Details

I have ready code/running for you that you can download code from Git Hub

The NuGet package  “Microsoft.Configuration.ConfigurationBuilders.Azure” version 2.0.0. It will facilitate to access the give secretes from the azure key vault. when you will install this package it will install all the required other packages.


When you will install it will make the following changes in your web.config file. you need to update your key vault name here.

  <add name="AzureKeyVault"  vaultName="demo-dotnet47-kv
  • Above highlighted key vault name you need to replace with yours once.
if you want to render and read connection string to decore with

<connectionStrings configBuilders="AzureKeyVault">

if you want to render your app setting from key vault so decorate with same like connection sting you can see the highlighted in green color

You need to add the empty connection string and add secrete with the same name, see the highlighted items in orange color

web.config



Let's see the Key Vault and Secretes

If you are new to the azure key vault please visit this tutorial so learn around and provision steps

here is the one that we have used in this demo. 
If you are running the app from your local machine so make sure that you logged with the same principle(user Id) that you added under the azure key vault access policy otherwise your app will be unable to access the secretes

if you are running you this demo after publishing the azure web app, make sure that you have added Managed Identity on and you have granted access to it under key vault access policy.

in this demo we are trying access only below highlighted secretes from key vault no all because of the default config builder behavior mode="strict". if you want to read/add all the secrets then set up the mode = "Greedy"  in the above config file 

  <add name="AzureKeyVault" mode="Greedy" vaultName="demo-dotnet47-kv" 


azure key vault


Key Vault Access Policy Settings

key-vault-access-policy

Managed Identity setup for your web app:


web-app-manged-identity


Asp.net MVC 5 Code and Neuget Packages Details


once you will download this code from Git Hub, you will notice the following changes

NuGet Packages:
config-builder-nuget-packages.JPG


Code demo to read secretes:

read-secretes-value


Show these values on view: not best practices its a just for the demo and with demo secretes.



show-secretes-over-view.JPG



Finally, we have done with all the required changes so let's run the app and see the result.

A result from the local machine 

Before running this app lets do the last thing. Open Azure CLI(CMD) and run the command "az login" because managed Identity use azure CLI to get generate token to connect with Azure resources.


AzureKeyVaultConfigBuilder demo local

Let's have demo app running over the azure

azure-app-demo.JPG

Comments

Popular posts from this blog

How to Make a Custom URL Shortener Using C# and .Net Core 3.1

C# and .Net Core 3.1:  Make a Custom URL Shortener Since a Random URL needs to be random and the intent is to generate short URLs that do not span more than 7 - 15 characters, the real thing is to make these short URLs random in real life too and not just a string that is used in the URLs Here is a simple clean approach to develop custom solutions Prerequisite:  Following are used in the demo.  VS CODE/VISUAL STUDIO 2019 or any Create one .Net Core Console Applications Install-Package Microsoft.AspNetCore -Version 2.2.0 Add a class file named ShortLink.cs and put this code: here we are creating two extension methods. public   static   class   ShortLink {      public   static   string   GetUrlChunk ( this   long   key ) =>            WebEncoders . Base64UrlEncode ( BitConverter . GetBytes ( key ));      public   static   long   GetKeyFromUrl ( this   string   urlChunk ) =>            BitConverter . ToInt64 ( WebEncoders . Base64UrlDecode ( urlChunk )); } Here is the Calling Sampl

AWS FREE ASP.NET CORE (.NET 6.0) HOSTING WITH FREE SSL

  FREE ASP.NET CORE (.NET 6.0) Hosting on AWS (Amazon Web Services) Today I was able to host my asp.net 6.0  + ANGULAR 14 application  on AWS Free  Initial Setup of your AWS Account and your Computer Get ready with your asp.net core 3.1 /.net 6 application Install  "AWS toolkit for visual studio 2022" as  visual studio extensions :  it will be required to deploy smoothly from Visual Studio 2022 itself, your life will be easy. Let's finish the AWS account setup  Get signed up with: its free but it will be required a valid credit card or debit card, they will charge nothing for the free services for 1 year * https://portal.aws.amazon.com/billing/signup#/start/email AWS console  for services and offering http://console.aws.amazon.com/ Create a user in AWS Console:  IAM With the help of AWS Identity and Access Management (IAM), you can control who or what has access to the services and resources offered by AWS, centrally manage fine-grained permissions, and adjust permission