How do I access an Azure KeyValut from an .Net Framework Asp.Net application hosted in an Azure App Service?

Question

I'm relatively new to Azure and I'm working to figure out how to integrate usage into our legacy applications. There no plans to rewrite/migrate these applcations to.Net Core.

I have a.Net Framework (Not Core) Asp.Net web application. I have it hosted in an Azure App Service. I've created an Azure Key Vault service and secret. Using the App Service's system defined identity, I've added access to the Key Vault instance.

How do I access the Key Vault and contained secret from an Asp.Net application? Pretty much all the examples/samples I've seen were.Net Core based.

Would a similar approach work with a.Net Framework console application?

Answer 1

Yes, the .NET core examples should be the same for C# as in .NET Framework. When you use the DefaultAzureCredential(s), it will use the managed identity from Azure to access your keyvault. If you are developing locally in VS, it will use your VS logged in user. Or it can also use your CLI, or VS Code credentials as well, it goes thru a list.

I used the following code as an example to get it to work:

SecretClientOptions options = new SecretClientOptions()
        {
            Retry =
            {
                Delay= TimeSpan.FromSeconds(2),
                MaxDelay = TimeSpan.FromSeconds(16),
                MaxRetries = 5,
                Mode = RetryMode.Exponential
             }
        };

        var client = new SecretClient(new Uri("https://YOUR_KEY_VAULT_NAME.vault.azure.net/"), new DefaultAzureCredential(), options);

        KeyVaultSecret secret = client.GetSecret("Test");