I need to disable Local Authentication Methods (Access Keys) for Azure App Configuration Stores. Currently for an ASP.NET Framework application, I am using the following for accessing the App Configuration Store from my application:
<configSections>
<section name="configBuilders" type="System.Configuration.ConfigurationBuildersSection, System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" restartOnExternalChanges="false" requirePermission="false" />
</configSections>
<configBuilders>
<builders>
<add name="MyConfigStore" mode="Greedy" connectionString="${ConnectionString}" type="Microsoft.Configuration.ConfigurationBuilders.AzureAppConfigurationBuilder, Microsoft.Configuration.ConfigurationBuilders.AzureAppConfiguration" />
<add name="Environment" mode="Greedy" type="Microsoft.Configuration.ConfigurationBuilders.EnvironmentConfigBuilder, Microsoft.Configuration.ConfigurationBuilders.Environment" />
</builders>
</configBuilders>
Here the value of ${ConnectionString} = "Endpoint=https://<app_config>.azconfig.io;Id=<Id>;Secret=<Access Key>"
Now in order to access the App Configuration through the ASP.NET application, I created a Service Principal, generated a secret to use.
I have stored the CLIENT_ID , TENANT_ID and CLIENT_SECRET values. I have also assigned the App Configuration Data Reader role to the Service Principal.
I also have a managed identity which I can use.
Now what change do I need to make at the application side in order to access the App Configuration through the ASP.NET application?
Check the below Workaround to access the App Configuration
in the .NET Framework
Application.
In Azure Portal
=> App Configuration
=> Configuration explorer
, create new Key-value
.
NuGet Packages
Microsoft.Configuration.ConfigurationBuilders.AzureAppConfiguratio - Version 1.0.0
Microsoft.Configuration.ConfigurationBuilders.Environment - Version 2.0.0
System.Configuration.ConfigurationManager - Version 7.0.0
Configuration Section from my Web.config
file:
<configSections>
<section name="configBuilders" type="System.Configuration.ConfigurationBuildersSection, System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" restartOnExternalChanges="false" requirePermission="false" />
</configSections>
<configBuilders>
<builders>
<add name="AzureAppConfig" mode="Greedy" connectionString="Endpoint=https://AppConfigName.azconfig.io;Id=XqdS-l2-s0:****/;Secret=****" type="Microsoft.Configuration.ConfigurationBuilders.AzureAppConfigurationBuilder, Microsoft.Configuration.ConfigurationBuilders.AzureAppConfiguration" />
<add name="Environment" mode="Greedy" type="Microsoft.Configuration.ConfigurationBuilders.EnvironmentConfigBuilder, Microsoft.Configuration.ConfigurationBuilders.Environment" />
</builders>
</configBuilders>
<appSettings configBuilders="Environment,AzureAppConfig">
<add key="AppName" value=".NET Framework Sample" />
</appSettings>
Reading Config Value:
In Controller,
public ActionResult Index()
{
string FromAppConfig = System.Configuration.ConfigurationManager.AppSettings["TestApp:Settings:Message"];
string FromWebConfig = System.Configuration.ConfigurationManager.AppSettings["AppName"];
ViewBag.FromAppConfig = FromAppConfig;
ViewBag.FromWebConfig = FromWebConfig;
return View();
}
In View.cshtml:
@{
ViewBag.Title = "Home Page";
}
<div>
<h2> Value from App Configuration - @ViewBag.FromAppConfig</h2>
<h2> Value from Web.Config File - @ViewBag.FromWebConfig</h2>
</div>
References taken from MSDoc
You should use the endpoint
instead of the connectionString
parameter when you config your builders. This will tell the system to use the DefaultAzureCredential
to connect to Azure App Configuration.
I would also put the "Environment" builder before the "AzureAppConfig" builder, so environment variables are available to the AppConfig builder during loading. It looks something like this:
<configBuilders>
<builders>
<add name="Environment" mode="Greedy" type="Microsoft.Configuration.ConfigurationBuilders.EnvironmentConfigBuilder, Microsoft.Configuration.ConfigurationBuilders.Environment" />
<add name="AzureAppConfig" mode="Greedy" endpoint="https://<AppConfigName>.azconfig.io" type="Microsoft.Configuration.ConfigurationBuilders.AzureAppConfigurationBuilder, Microsoft.Configuration.ConfigurationBuilders.AzureAppConfiguration" />
</builders>
</configBuilders>
Given you want to use the service principal, you should make CLIENT_ID
, TENANT_ID
and CLIENT_SECRET
available as environment variables, so the DefaultAzureCredential
will pick them up automatically.
You should NEVER put any secrets in the web.config file. You can find more information about the App Configuration builder library from the link below.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.