Setting up Azure KeyVault in ASP.net MVC Web App

Question

I am new to Web development and ASP.net. I am trying to figure out how to implement the Azure KeyVault to securely fetch ConnectionStrings as a secret in my Web.Config file. I am confused as to how to go about this.

I used the following guide to setup my basic CRUD application: https://docs.microsoft.com/en-us/aspnet/mvc/overview/getting-started/getting-started-with-ef-using-mvc/implementing-basic-crud-functionality-with-the-entity-framework-in-asp-net-mvc-application

Currently, I am using SQL database on Azure and have my connectionStrings working perfectly. Everything works and is functional. However, now I want to go from having my credentials in the connectionString to having the whole connectionString be fetched from the KeyVault as a secret. All the guides I'm finding are about ASP.net core apps but my app is ASP.net MVC web App. Can someone please provide guidelines on how to get started?

Additional stuff I did: 1. Created ASP.net Core web app so I would have program.cs file and appsettings.json. However, I don't know how to connect the two projects together to fetch the connectionString.

Program.cs from ASP core web app:

namespace KeyVaultTest
{
    public class Startup
    {
        public Startup(IConfiguration configuration)
        {
            Configuration = configuration;
        }

        public IConfiguration Configuration { get; }

        // This method gets called by the runtime. Use this method to add services to the container.
        public void ConfigureServices(IServiceCollection services)
        {
            services.Configure<CookiePolicyOptions>(options =>
            {
                // This lambda determines whether user consent for non-essential cookies is needed for a given request.
                options.CheckConsentNeeded = context => true;
                options.MinimumSameSitePolicy = SameSiteMode.None;
            });


            services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IHostingEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }
            else
            {
                app.UseExceptionHandler("/Error");
                app.UseHsts();
            }

            app.UseHttpsRedirection();
            app.UseStaticFiles();
            app.UseCookiePolicy();

            app.UseMvc();
        }
    }
}

startup.cs from ASP core web app:

namespace KeyVaultTest
{
    public class Program
    {
        public static void Main(string[] args)
        {
            CreateWebHostBuilder(args).Build().Run();
        }

        public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
            WebHost.CreateDefaultBuilder(args)
                .UseStartup<Startup>();
    }
}

Answer 1

You are on the right path, you just need to:

• Add your connection strings to KeyVault
• Add the KeyVault nuget package
• Configuration Asp.Net core app to recognise KeyVault as a config store

Azure Key Vault Configuration Provider in ASP.NET Core - goes through this, in much more detail:
https://docs.microsoft.com/en-us/aspnet/core/security/key-vault-configuration?view=aspnetcore-2.2

Answer 2

I've built an extension for IHostBuilder (used in Program.cs ) to configure the key vault settings accordingly, see here: github

It also considers the environments and uses the users secrets in development environment.