如何从Azure KeyVault中获取连接字符串? [英] How to get connection string out of Azure KeyVault?

问题描述

假设的网站当前使用以下方式进行连接:

A hypothetical web-site currently connects using:

public SqlConnection CreateConnection()
{
   DbConnection connection = new SqlConnection();
   connection.ConnectionString = GetConnectionString();
   connection.Open();

   return connection;
}

神奇的连接字符串存储在web.config中的位置:

Where the magical connection string is stored in web.config:

String GetConnectionString()
{
   //Get the connection string info from web.config
   ConnectionStringSettings cs = ConfigurationManager.ConnectionStrings["db"];

   if (cs == null)
      throw new Exception("Could not locate DB connection string");

   return cs.ConnectionString;
}

现在，我想将连接字符串从web.config文件中移出到Azure KeyVault中.您如何从Azure密钥库中检索任何内容?

Now i'd like to move the connection string out of the web.config file into Azure KeyVault. How do you retrieve anything out of the Azure key vault?

String GetConnectionString()
{
   //Get the connection string info from Azure KeyVault
   String connectionString = GetAzureSecret("dbConnectionString");

   if (String.IsNullOrWhitespace(connectionString)
      throw new Exception.Create("Could not connection string of Azure Key Vault");

   return connectionString;
}

除了我刚刚组成了易于使用的Azure API.什么是 actual api?

Except i just made up the easy-to-use Azure API. What is the actual api?

string GetAzureSecret(string key)
{
    KeyVaultClient vault = new KeyVaultClient();
    vault.OnAuthenticate += VaultClientAuthenticate;

    var sec = await vault.GetSecretAsync(Key);
    return sec.Value;
}

public static async Task<string> VaultClientAuthenticate(string authority, string resource, string scope)
{
   String clientID = "8675209";
   String clientSecret = "correct battery horse pencil";

   var authContext = new AuthenticationContext(authority);
   ClientCredential clientCred = new ClientCredential(clientID, clientSecret);
   AuthenticationResult result = await authContext.AcquireTokenAsync(resource, clientCred);

   if (result == null)
      throw new Exception("Could not acquire token");

   return result.AccessToken;
}

奖金阅读

• 如何在Azure中正确存储连接字符串?
• 轻松将发布时的ConnectionString切换到Azure

Bonus Reading

• MSDN Forums: Storing sql connection string passwords in Key Vault for my Cloud Services
• How to properly store connection strings in Azure?
• Easily switching ConnectionStrings on publish to Azure

推荐答案

实际的api是什么?

What is the actual api?

我们可以使用 GetSecret API 来获取价值.

We could use the GetSecret API to get value.

准备工作

步骤:

1.创建KeyVault并从Azure门户添加机密

1.Create KeyVault and add secret from Azure portal

2.Config访问策略

2.Config Access policy

3.获取访问令牌

 var context = new AuthenticationContext("https://login.windows.net/" + tenantId);
            ClientCredential clientCredential = new ClientCredential(appId, secretKey);
            var tokenResponse =await context.AcquireTokenAsync("https://vault.azure.net", clientCredential);
            var accessToken = tokenResponse.AccessToken;
            return accessToken;

注意:Keyvault的资源为https://vault.azure.net

Note: The resource for Keyvault is https://vault.azure.net

4.用Fiddler进行测试

4.Test with Fiddler

我们还可以使用SDK轻松做到这一点:

1.创建一个控制台项目和一个Utils.cs文件

1.Create a console project and a Utils.cs file

public static string EncryptSecret { get; set; }
        static string appId = "Application ID";
        static string secretKey = "Secert key";
        static string tenantId = "TenantId";

        public static async Task<string> GetAccessToken(string azureTenantId,string azureAppId,string azureSecretKey)
        {

            var context = new AuthenticationContext("https://login.windows.net/" + tenantId);
            ClientCredential clientCredential = new ClientCredential(appId, secretKey);
            var tokenResponse =await context.AcquireTokenAsync("https://vault.azure.net", clientCredential);
            var accessToken = tokenResponse.AccessToken;
            return accessToken;
        }

2.在主函数中添加以下代码并对其进行测试.

2.Add the follow code in the main function and test it.

packages.config文件

packages.config file

<?xml version="1.0" encoding="utf-8"?>
<packages>
  <package id="Hyak.Common" version="1.0.2" targetFramework="net452" />
  <package id="Microsoft.Azure.Common" version="2.0.4" targetFramework="net452" />
  <package id="Microsoft.Azure.Common.Dependencies" version="1.0.0" targetFramework="net452" />
  <package id="Microsoft.Azure.KeyVault" version="1.0.0" targetFramework="net452" />
  <package id="Microsoft.Bcl" version="1.1.9" targetFramework="net452" />
  <package id="Microsoft.Bcl.Async" version="1.0.168" targetFramework="net452" />
  <package id="Microsoft.Bcl.Build" version="1.0.14" targetFramework="net452" />
  <package id="Microsoft.IdentityModel.Clients.ActiveDirectory" version="3.13.9" targetFramework="net452" />
  <package id="Microsoft.Net.Http" version="2.2.22" targetFramework="net452" />
  <package id="Newtonsoft.Json" version="6.0.4" targetFramework="net452" />
</packages>

我们还可以从CtrlDot提及的文档.

We also can get more information from CtrlDot mentioned document.

这篇关于如何从Azure KeyVault中获取连接字符串?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！