简体   繁体   中英

Use Azure Vault Secret from onpremise Web Application

I would like to use an Azure Key Vault secret from an on-premise web application.

I created a Key Vault with a Secret, but in Access Policies I should specify an Authorized Application and in the samples is used an Azure WebApp.

I want instead use the Secret from on-premise MVC web app: shoud i specify nothing and it works ? i specified the Azure Vault and as Principal myself but i'm not sure if this is correct.

Well, something will need to authenticate to access the secret. Either the current user, or you can use a service principal.

Since we are talking about an MVC app, the service principal is probably easier. You will need to register a new app in Azure Active Directory via the Azure Portal. Find Azure AD, and register a new app via App registrations.

The name and URLs don't really matter, but it needs to be of type Web app/API. The sign-on URL can be https://localhost for example. Then add a key in the Keys blade to the app (click Settings after the app is created, then Keys). Copy the client id (application id) and the key somewhere.

Now you can go to your Key Vault, and create a new access policy, and choose the app you created as the principal. Give it the rights you want, like Secrets -> Get. Then you can save the policy.

In your app, you can then use the Key Vault library + ADAL like so:

var kvClient = new KeyVaultClient(async (authority, resource, scope) =>
{
    var context = new AuthenticationContext(authority);
    var credential = new ClientCredential("client-id-here", "key-here");
    AuthenticationResult result = await context.AcquireTokenAsync(resource, credential);
    return result.AccessToken;
});

SecretBundle secret = await kvClient.GetSecretAsync("https://yourvault.vault.azure.net/", "secret-name");
string secretValue = secret.Value;

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM