2

I am new to Web development and ASP.net. I am trying to figure out how to implement the Azure KeyVault to securely fetch ConnectionStrings as a secret in my Web.Config file. I am confused as to how to go about this.

I used the following guide to setup my basic CRUD application: https://learn.microsoft.com/en-us/aspnet/mvc/overview/getting-started/getting-started-with-ef-using-mvc/implementing-basic-crud-functionality-with-the-entity-framework-in-asp-net-mvc-application

Currently, I am using SQL database on Azure and have my connectionStrings working perfectly. Everything works and is functional. However, now I want to go from having my credentials in the connectionString to having the whole connectionString be fetched from the KeyVault as a secret. All the guides I'm finding are about ASP.net core apps but my app is ASP.net MVC web App. Can someone please provide guidelines on how to get started?

Additional stuff I did: 1. Created ASP.net Core web app so I would have program.cs file and appsettings.json. However, I don't know how to connect the two projects together to fetch the connectionString.

Program.cs from ASP core web app:

namespace KeyVaultTest
{
    public class Startup
    {
        public Startup(IConfiguration configuration)
        {
            Configuration = configuration;
        }

        public IConfiguration Configuration { get; }

        // This method gets called by the runtime. Use this method to add services to the container.
        public void ConfigureServices(IServiceCollection services)
        {
            services.Configure<CookiePolicyOptions>(options =>
            {
                // This lambda determines whether user consent for non-essential cookies is needed for a given request.
                options.CheckConsentNeeded = context => true;
                options.MinimumSameSitePolicy = SameSiteMode.None;
            });


            services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IHostingEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }
            else
            {
                app.UseExceptionHandler("/Error");
                app.UseHsts();
            }

            app.UseHttpsRedirection();
            app.UseStaticFiles();
            app.UseCookiePolicy();

            app.UseMvc();
        }
    }
}

startup.cs from ASP core web app:

namespace KeyVaultTest
{
    public class Program
    {
        public static void Main(string[] args)
        {
            CreateWebHostBuilder(args).Build().Run();
        }

        public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
            WebHost.CreateDefaultBuilder(args)
                .UseStartup<Startup>();
    }
}
Improve this question

2 Answers 2

Reset to default
1

I've built an extension for IHostBuilder (used in Program.cs) to configure the key vault settings accordingly, see here: github

It also considers the environments and uses the users secrets in development environment.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Hi Peter can you help answer how connectionstring can be configured in Visual Studio to get the secret as connection string at runtime from key vault secret for ASP.Net MVC 4.8.
Hi @Jashvita, in classic .NET, it works differently. You need to configure the key vault access in the web.config. See here: learn.microsoft.com/en-us/azure/key-vault/general/…
0

You are on the right path, you just need to:

  • Add your connection strings to KeyVault
  • Add the KeyVault nuget package
  • Configuration Asp.Net core app to recognise KeyVault as a config store

Azure Key Vault Configuration Provider in ASP.NET Core - goes through this, in much more detail:
https://learn.microsoft.com/en-us/aspnet/core/security/key-vault-configuration?view=aspnetcore-2.2

Improve this answer

2 Comments

I have gone through that but I don't understand where to begin. Sorry, I'm very new to all of this. I have setup the KeyVault and it does have my connection string. I also have the NuGet packages installed. Just need to figure out the "Configuration Asp.Net core app to recognise KeyVault as a config store" step.
The question is exactly about finding out how to do what's explained in the docs for .NET Core but in .NET Framework web apps instead.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.