Azure connection string best practices
Asked Answered
G

5

50

I have an application that I am just migrating to Azure. Currently I use web.config transformation to manage changing the database connecting string dev/staging/prod environments. How is it best to manage these multiple connection strings in Azure?

Guadalquivir answered 16/11, 2010 at 3:31 Comment(1)
No answer includes Azure Key Vault which definitely should be mentioned here to secure your credentials (or an encryption key) for said credentials. What is interesting is that you can register your Azure app with the Key Vault directly and do not need to use any credentials for your keyVault Client while being sure that the only one to be able to read your connection strings (or relevent encryption keys) is the app itself.Elliott
E
28

In cases where it doesn't matter if the developer can see production credentials, you can use the built-in Visual Studio 10 config transformations. If this is what you're looking for, follow these steps:

1.Navigate to your Azure project folder in file explorer
2. Make a copy of ServiceConfiguration.cscfg
3. Rename copy to ServiceConfiguration.Base.cscfg
4. For each build configuration (e.g. Dev, Staging, Production), create a ServiceConfiguration.<build config name>.cscfg file. In these files, you can use the normal config transformation syntax
5. Open your .ccproj file in a text editor
6. Find the following node,

<ItemGroup>
    <ServiceDefinition Include="ServiceDefinition.csdef" />
    <ServiceConfiguration Include="ServiceConfiguration.cscfg" />
</ItemGroup>

and replace it with this (you will have to edit this block to match your build configs):

<ItemGroup>
    <ServiceDefinition Include="ServiceDefinition.csdef" />
    <ServiceConfiguration Include="ServiceConfiguration.cscfg" />
    <None Include="ServiceConfiguration.Base.cscfg">
        <DependentUpon>ServiceConfiguration.cscfg</DependentUpon>
    </None>
    <None Include="ServiceConfiguration.Dev.cscfg">
        <DependentUpon>ServiceConfiguration.cscfg</DependentUpon>
    </None>
    <None Include="ServiceConfiguration.Staging.cscfg">
        <DependentUpon>ServiceConfiguration.cscfg</DependentUpon>
    </None>
    <None Include="ServiceConfiguration.Production.cscfg">
        <DependentUpon>ServiceConfiguration.cscfg</DependentUpon>
    </None>
</ItemGroup>

7.Add the following at the end of the .ccproj file, just above </Project>:

<Import Project="$(MSBuildExtensionsPath)\Microsoft\VisualStudio\v10.0\Web\Microsoft.Web.Publishing.targets" />
<Target Name="BeforeBuild">
    <TransformXml Source="ServiceConfiguration.Base.cscfg" Transform="ServiceConfiguration.$(Configuration).cscfg" Destination="ServiceConfiguration.cscfg" />
</Target>

8.If you're using a CI server that doesn't have Visual Studio 10 installed, you'll probably have to copy the C:\Program Files\MSBuild\Microsoft\VisualStudio\v10.0\Web folder and its contents from a development machine to the server.

Update: As @SolarSteve noted, you might have to add a namespace to your ServiceConfiguration.*.cscfg files. Here's an example of ServiceConfiguration.Base.cscfg:

<sc:ServiceConfiguration serviceName="MyServiceName" osFamily="1" osVersion="*" xmlns:sc="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceConfiguration" xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
  <sc:Role name="MyRoleName">
    <sc:Instances count="1" />
    <sc:ConfigurationSettings>
      <sc:Setting name="DataConnectionString" value="xxx" />
    </sc:ConfigurationSettings>
  </sc:Role>
</sc:ServiceConfiguration>
Eugeniusz answered 3/3, 2011 at 19:16 Comment(2)
I get a "WAT020: Only one service definition can be active." error when building using the above... any ideas what I've done wrong?Tyler
Hey jmac, I've created a VS addin (visualstudiogallery.msdn.microsoft.com/…) which uses TransformXml a bunch of ppl asked for Azure project support. This looks like it would be a good starting point for me. If I implement it can u ensure I got it right? You can contact me by email: sayedha [at] {MICROSOFTdotCOM}.Kitts
J
14

Personally we:

  1. Dropped web config transformations completely.
  2. Setting is retrieved from cscfg.
  3. Development version of cscfg points to local development environment (that's stored in version control).
  4. While deploying to production, we supply secure credentials for production SQL Azure and storage.

For sample of the settings management class that scans application settings and cloud environment for configuration values, you can check out open source Lokad.CQRS for Windows Azure project (see CloudSettingsProvider)

Jannelle answered 16/11, 2010 at 7:59 Comment(0)
S
7

You can use CloudConfigurationManager in Azure SDK 1.7 http://msdn.microsoft.com/en-us/LIBRARY/microsoft.windowsazure.cloudconfigurationmanager

This starts by looking in the ServiceConfiguration.cscfg e.g. ServiceConfiguration.Cloud.cscfg for config setting. If it isn't there it falls back to web.config and app.config

For example

CloudConfigurationManager.GetSetting("StorageConnectionString")

Will look in the appropriate cscfgfile for StorageConnectionString setting, then it will search the web.config and then app.config.

Singsong answered 26/6, 2012 at 13:48 Comment(0)
C
6

We have a number of environments (local dev inside dev fabric, local dev outside dev fabric, testing, release which has 2 versions: release/prod and release/staging and 20 projects some of which need some variability in configure settings. We solved this problem by creating a tiny "config" project, included subfolders there that match the environments. We copy files from the subfolder depending on which build we're doing into root folder of the config project, during every compile.

All other projects link to the config project for .config files. We also use partial config files to keep the insanity of repeating the same info all the time across various environments.

Hope this helps

Couteau answered 16/11, 2010 at 13:50 Comment(4)
Finally published a blog on this at paraleap.com/blog/post/…Couteau
If all of your solutions reuse the same configuration project, how do you handle solution-specific configuration properties?Sunken
If all your your solutions share the same config files and SolutionA needs an extra config property (i.e. <Setting name="NewSettingProperty" value="123" />, how do you give that to SolutionA without also giving it to every other solution?Sunken
You can create subfolders in the Config project to segregate different projects from one another, if I understood you correctlyCouteau
P
6

I had the same requirement for transforming ServiceConfiguration.

I went with the answer from jmac (thank you!), but had trouble with the namespace in the Base version:

<ServiceConfiguration serviceName="TestCloud2" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceConfiguration" osFamily="1" osVersion="*">

after a bit more poking around found this by Andrew Patterson (Thank You).

so my resulting transform file:

<asc:ServiceConfiguration serviceName="TestCloud2" xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform" xmlns:asc="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceConfiguration" osFamily="1" osVersion="*">
<asc:Role name="WebRole1">
    <asc:Instances count="1" />
    <asc:ConfigurationSettings>
        <asc:Setting name="LoggingStorage" value="UseDevelopmentStorage=true" xdt:Transform="SetAttributes" xdt:Locator="Match(name)"/>
    </asc:ConfigurationSettings>
</asc:Role>

Piety answered 31/5, 2011 at 12:24 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.