stackoom
  简体   繁体   中英

Problem with configuring Azure KeyVault in ASP.net app

 原文  2019-07-16 00:24:55       c#/ asp.net/ .net/ azure/ azure-keyvault

Question

I'm trying to use Azure KeyVault to fetch connectionStrings that have been stored as a secret in a KeyVault. I'm trying to do this in a ASP.net MVC Web app instead of ASP .net Core. Currently, I'm unable to do this and the error is:

( https://imgur.com/lWhoVGA )

I've been following this guide to use KeyVault to mask connectionStrings in ASP.net:

https://peterbozso.github.io/2019/03/18/key-vault-asp-net.html

I did the following: - Created a KeyVault and stored the secret in it. - Published my MVC ASP.net Web app. - Gave permissions to the MVC ASP.net Web App to be able to access the secret from the KeyVault using the Access policies. - Added a connected service for KeyVault in my ASP.net MVC project. - Once successfully added, I removed the vaultURI attribute that was added by the connected Service and made sure the vault name was correct. - I replaced the appSettings tag in the Web.Config to be:

HOWEVER: 1. I published the app and I no longer get that error. However, I'm not quite sure if the app is actually fetching the connetionString from the KeyVault or not.

This is the code from the Web.Config file: 

<?xml version="1.0" encoding="utf-8"?>
<!--
  For more information on how to configure your ASP.NET application, please visit
  http://go.microsoft.com/fwlink/?LinkId=301880
  -->
<configuration>
  <configSections>
    <!-- For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 -->
    <section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
    <section name="configBuilders" type="System.Configuration.ConfigurationBuildersSection, System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" restartOnExternalChanges="false" requirePermission="false" />
  </configSections>
  <configBuilders>
    <builders>
      <add name="AzureKeyVault" vaultName="kv-TEST" type="Microsoft.Configuration.ConfigurationBuilders.AzureKeyVaultConfigBuilder, Microsoft.Configuration.ConfigurationBuilders.Azure, Version=1.0.0.0, Culture=neutral"  />
    </builders>
  </configBuilders>
  <!--<connectionStrings>
    <add name="SchoolContext" connectionString="Data Source=(LocalDb)\v11.0;Initial Catalog=ContosoUniversity2;Integrated Security=SSPI;" providerName="System.Data.SqlClient" />
  </connectionStrings>-->
  <!--Azure connection string-->
  <connectionStrings>
    <add name="SchoolContext" connectionString="" providerName="System.Data.SqlClient" />

   <!-- <add name="ContosoUniversityLogin" connectionString="" providerName="System.Data.EntityClient" />
   -->
  </connectionStrings>
  <appSettings configBuilders="AzureKeyVault">
    <add key="webpages:Version" value="3.0.0.0" />
    <add key="webpages:Enabled" value="false" />
    <add key="ClientValidationEnabled" value="true" />
    <add key="UnobtrusiveJavaScriptEnabled" value="true" />
  </appSettings>
  <!--
    For a description of web.config changes see http://go.microsoft.com/fwlink/?LinkId=235367.

    The following attributes can be set on the <httpRuntime> tag.
      <system.Web>
        <httpRuntime targetFramework="4.7.2" />
      </system.Web>
  -->
  <system.web>
    <compilation debug="true" targetFramework="4.7.2" />
    <httpRuntime targetFramework="4.5" />
    <httpModules />
  </system.web>
  <runtime>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="Newtonsoft.Json" culture="neutral" publicKeyToken="30ad4fe6b2a6aeed" />
        <bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="6.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Optimization" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="1.1.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="WebGrease" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="0.0.0.0-1.5.2.14234" newVersion="1.5.2.14234" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="0.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="0.0.0.0-5.2.0.0" newVersion="5.2.0.0" />
      </dependentAssembly>
    </assemblyBinding>
  </runtime>
  <system.webServer>
    <validation validateIntegratedModeConfiguration="false" />
  </system.webServer>
  <entityFramework>
    <!--<contexts>
      <context type="ContosoUniversity.DAL.SchoolContext, ContosoUniversity">
        <databaseInitializer type="ContosoUniversity.DAL.SchoolInitializer, ContosoUniversity" />
      </context>
    </contexts>-->
    <defaultConnectionFactory type="System.Data.Entity.Infrastructure.LocalDbConnectionFactory, EntityFramework">
      <parameters>
        <parameter value="v11.0" />
      </parameters>
    </defaultConnectionFactory>
    <providers>
      <provider invariantName="System.Data.SqlClient" type="System.Data.Entity.SqlServer.SqlProviderServices, EntityFramework.SqlServer" />
    </providers>
  </entityFramework>
</configuration>

2 answers

solution1
 0  2019-07-16 10:18:50

If you just want to verify that if it is coming from Azure key vault then you can simply remove the connection string from web.config and see if it works.

Also you can try accessing your key vault keys in your controller and see if it is getting the desired result. You can simply update Azure key vault key value pair and can print to understand.Also if you can share the code will update.

Hope it helps.

solution2
 0  2019-09-10 19:54:22

Taking a look at the sample configuration you gave in your question, I think the problem is that you haven't actually applied the config builder to your connectionStrings section. You need to do the same as you did with the appSettings, something like this: 

  <connectionStrings configBuilders="AzureKeyVault">
    <add name="SchoolContext" connectionString="" providerName="System.Data.SqlClient" />
  </connectionStrings>

And it'll be all fine! You can find more info/examples about this in the official docs.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Setting up Azure KeyVault in ASP.net MVC Web App Accessing certificate in Azure KeyVault from ASP.NET Core app Configuring Azure Blob access in ASP.Net 5 Problem deploying ASP.NET CORE 3.1 MVC app to azure Asp.Net MVC 5 - how to Implement Azure.Security.KeyVault.Secrets code Configuring an asp.net project Problem with SmtpClient in ASP.NET web app Azure Mobile App with ASP.NET Identity ASP.NET MVC Core app in Azure Is there a way to import certificate from azure keyvault to azure web app in .NET?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM