1

I'm trying to use Azure KeyVault to fetch connectionStrings that have been stored as a secret in a KeyVault. I'm trying to do this in a ASP.net MVC Web app instead of ASP .net Core. Currently, I'm unable to do this and the error is:

(https://i.sstatic.net/xltNd.jpg)

I've been following this guide to use KeyVault to mask connectionStrings in ASP.net:

https://peterbozso.github.io/2019/03/18/key-vault-asp-net.html

I did the following: - Created a KeyVault and stored the secret in it. - Published my MVC ASP.net Web app. - Gave permissions to the MVC ASP.net Web App to be able to access the secret from the KeyVault using the Access policies. - Added a connected service for KeyVault in my ASP.net MVC project. - Once successfully added, I removed the vaultURI attribute that was added by the connected Service and made sure the vault name was correct. - I replaced the appSettings tag in the Web.Config to be:

HOWEVER: 1. I published the app and I no longer get that error. However, I'm not quite sure if the app is actually fetching the connetionString from the KeyVault or not.

This is the code from the Web.Config file:

<?xml version="1.0" encoding="utf-8"?>
<!--
  For more information on how to configure your ASP.NET application, please visit
  http://go.microsoft.com/fwlink/?LinkId=301880
  -->
<configuration>
  <configSections>
    <!-- For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 -->
    <section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
    <section name="configBuilders" type="System.Configuration.ConfigurationBuildersSection, System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" restartOnExternalChanges="false" requirePermission="false" />
  </configSections>
  <configBuilders>
    <builders>
      <add name="AzureKeyVault" vaultName="kv-TEST" type="Microsoft.Configuration.ConfigurationBuilders.AzureKeyVaultConfigBuilder, Microsoft.Configuration.ConfigurationBuilders.Azure, Version=1.0.0.0, Culture=neutral"  />
    </builders>
  </configBuilders>
  <!--<connectionStrings>
    <add name="SchoolContext" connectionString="Data Source=(LocalDb)\v11.0;Initial Catalog=ContosoUniversity2;Integrated Security=SSPI;" providerName="System.Data.SqlClient" />
  </connectionStrings>-->
  <!--Azure connection string-->
  <connectionStrings>
    <add name="SchoolContext" connectionString="" providerName="System.Data.SqlClient" />

   <!-- <add name="ContosoUniversityLogin" connectionString="" providerName="System.Data.EntityClient" />
   -->
  </connectionStrings>
  <appSettings configBuilders="AzureKeyVault">
    <add key="webpages:Version" value="3.0.0.0" />
    <add key="webpages:Enabled" value="false" />
    <add key="ClientValidationEnabled" value="true" />
    <add key="UnobtrusiveJavaScriptEnabled" value="true" />
  </appSettings>
  <!--
    For a description of web.config changes see http://go.microsoft.com/fwlink/?LinkId=235367.

    The following attributes can be set on the <httpRuntime> tag.
      <system.Web>
        <httpRuntime targetFramework="4.7.2" />
      </system.Web>
  -->
  <system.web>
    <compilation debug="true" targetFramework="4.7.2" />
    <httpRuntime targetFramework="4.5" />
    <httpModules />
  </system.web>
  <runtime>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="Newtonsoft.Json" culture="neutral" publicKeyToken="30ad4fe6b2a6aeed" />
        <bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="6.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Optimization" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="1.1.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="WebGrease" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="0.0.0.0-1.5.2.14234" newVersion="1.5.2.14234" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="0.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="0.0.0.0-5.2.0.0" newVersion="5.2.0.0" />
      </dependentAssembly>
    </assemblyBinding>
  </runtime>
  <system.webServer>
    <validation validateIntegratedModeConfiguration="false" />
  </system.webServer>
  <entityFramework>
    <!--<contexts>
      <context type="ContosoUniversity.DAL.SchoolContext, ContosoUniversity">
        <databaseInitializer type="ContosoUniversity.DAL.SchoolInitializer, ContosoUniversity" />
      </context>
    </contexts>-->
    <defaultConnectionFactory type="System.Data.Entity.Infrastructure.LocalDbConnectionFactory, EntityFramework">
      <parameters>
        <parameter value="v11.0" />
      </parameters>
    </defaultConnectionFactory>
    <providers>
      <provider invariantName="System.Data.SqlClient" type="System.Data.Entity.SqlServer.SqlProviderServices, EntityFramework.SqlServer" />
    </providers>
  </entityFramework>
</configuration>
Improve this question
2
  • 1
    how do you want us to verify that for you? Commented Jul 16, 2019 at 5:15
  • I wanted help on how to verify it myself. Just any leads but the user below helped! Thanks Commented Jul 16, 2019 at 16:51

2 Answers 2

Reset to default
2

Taking a look at the sample configuration you gave in your question, I think the problem is that you haven't actually applied the config builder to your connectionStrings section. You need to do the same as you did with the appSettings, something like this:

  <connectionStrings configBuilders="AzureKeyVault">
    <add name="SchoolContext" connectionString="" providerName="System.Data.SqlClient" />
  </connectionStrings>

And it'll be all fine! You can find more info/examples about this in the official docs.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

If you just want to verify that if it is coming from Azure key vault then you can simply remove the connection string from web.config and see if it works.

Also you can try accessing your key vault keys in your controller and see if it is getting the desired result. You can simply update Azure key vault key value pair and can print to understand.Also if you can share the code will update.

Hope it helps.

Improve this answer

2 Comments

I commented out the connectionStrings and that resulted in me not being able to retrieve any data from the database. I believe this is happening because the connectionStrings part is being over-written from the external configurations being provided AzureKeyVault. So I just changed the connectionString part to " " and that produces the same error which leads me to believe that I am not correctly retrieving the connectionString from the KeyVault. Any ideas on what to do?
Updated the code! Hope this makes it easier for anyone who'd like to help

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.