Login/Register
Azure Key Vault Connection Strings and N-Layered Design
Asked Answered
Solved c#entity-frameworkazureazure-keyvaultn-layer
N

1

0

This question relates to the following post which maybe helpful: Azure DevOps CI/CD and Separating Connection Strings from Source Control

I'm currently working on an N-Layered project based off of an article by Imar Spaanjaars named ASP.NET N-Layered Applications

I'm trying to implement Azure Key Vault to, I guess you can say, abstract secrets from the application itself.

Goal

I want implement Azure Key Vault using this N-Tier concept. I have a sample project located at NLayer-Spaanjaars.ContactManager

Problem

I'm try to figure out how to use Key Vault Syntax Reference to properly retrieve the secret(s) (connection string) with Entity Framework.

Update 2019/2/22

As stated in the comments, I'm trying to find out how to inject or override the connection string at runtime with values for the Key Vault on a non-Core .Net Web API app.

Neomaneomah answered 21/2, 2019 at 14:47 Comment(10)
this feature is in preview and i doubt you can use with feature with enitity frame work. this feature is designed only for app services where you can use this syntax in application settings config.Somersomers
Thanks! Actually, I'm creating a Web API (similar structure except without the Wcf, WebForms, and MVC apps) where I want to use this which will run as an App Service. I did try it in app settings config, and didn't get it to work (yet). So I figured I was doing something wrong and thought to use a sample I'm referencing for help. I'll have to create a new sample with exactly what I'm doing then. However, I still will use EF, so if that's not supported or I can find a workaround then I guess its moot at the moment.Neomaneomah
I was hoping to somehow create an interceptor class that can redefine the connection string just before EF tries communicate, but I'm still researching this option.Neomaneomah
you can access azure key vault using manage identity service. look into manage identity service its a different way to do things but it may solve your problem.Somersomers
I have, and I'm able to access the keys via code. What I'm not sure is the best way to pass them through to the DBContext.Neomaneomah
you need to do this at application start up . load connection staring from key vault and inject into your application configuration system.Somersomers
Interesting. I'l look into that, unless you want to provide a solution as a starting pint.Neomaneomah
It's available in 4.7.1 onwards . Have a look @ second section learn.microsoft.com/en-us/azure/key-vault/…Somersomers
Thanks @Imran. While I have already followed those resources, I've kept getting errors. When I created a new blank project, I used the Connected Services feature in VS instead of adding the NuGet package Microsoft.Configuration.ConfigurationBuilders.UserSecrets only (as described in the tutorial) and it worked! Maybe it was missing other packages but I didn't bother figuring out which. Though this helped, it hasn't helped answer my question yet. Can you help point me in the right direction to, as you mentioned, "load connection staring and inject into your application configuration system"Neomaneomah
Keep in mind, this is a .Net Web API, not a .Net Core Web ApiNeomaneomah
N
0

I managed to get this working by modifying my DbContext like so:

public class MyContext : BaseDataContext {
    public MyContext()
            : this(GetDbConnection()) {
    }

    public MyContext(string connectionString)
            : base(connectionString) {
    }

    public static string GetDbConnection() {
        // Get the value from the AppSettings section in the Web.config file that will be updated by Key Vault
        var connectionString = ConfigurationManager.AppSettings["{key-vault-secret-name}"];
        // Return the connection string value above, if blank, use the connection string value expected in the Web.config
        return string.IsNullOrWhiteSpace(connectionString) ? "MyContext" : connectionString;
    }
}
Neomaneomah answered 7/3, 2019 at 16:5 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.