4.7.1中的Azure Key Vault Config生成器 [英] Azure Key Vault Config Builder in 4.7.1
问题描述
我们公司还不能使用.net core.我正在尝试研究如何最好地使用azure密钥保管库为我们的api应用程序服务存储配置项.
我有一个简单的webapi项目,其中包含以下global.asax文件:
使用系统;使用System.Collections.Generic;使用System.Linq;使用System.Web;使用System.Web.Http;使用System.Web.Http.WebHost;使用System.Web.Routing;使用Microsoft.Azure.KeyVault;使用Microsoft.Azure.Services.AppAuthentication;使用Microsoft.Extensions.Configuration;使用Microsoft.Extensions.Configuration.AzureKeyVault;命名空间kv.api{公共类WebApiApplication:System.Web.HttpApplication{受保护的void Application_Start(){GlobalConfiguration.Configure(WebApiConfig.Register);LoadAzureKeyVaultSettings();}受保护的void LoadAzureKeyVaultSettings(){var tokenProvider = new AzureServiceTokenProvider("RunAs = CurrentUser;");var kvClient = new KeyVaultClient((authority,resource,scope)=> tokenProvider.KeyVaultTokenCallback(authority,resource,scope));var builder = new ConfigurationBuilder().AddAzureKeyVault("https://mykvurihere.vault.azure.net/",kvClient,新的DefaultKeyVaultSecretManager());builder.Build();}}} 然后我在这里有一个简单的webapi端点:
使用系统;使用System.Collections.Generic;使用System.Configuration;使用System.Linq;使用System.Net;使用System.Net.Http;使用System.Web.Http;使用kv.api.Models;命名空间kv.api.Controllers{公共类SettingsController:ApiController{///< summary>///从Configuration Manager的应用程序设置"中返回所有键的方法.可以使用此端点来测试KeyVault集成.///</summary>///< returns>设置列表</returns>公共IEnumerable< Setting>GetAllSettings(){var settings = ConfigurationManager.AppSettings.AllKeys选择(键=>新的设置(){键=键,值= ConfigurationManager.AppSettings [键]}).ToList();返回设置;}}} 它可以编译,我没有运行时异常,但是此端点没有从密钥库中产生我的配置(我确实在我的web.config中获得了appSettings).我在这里想念什么?
-更新看来,azure门户中报告的关键文件库指标显示我的应用程序已成功检索了机密,但未将其添加到应用程序的AppSettings中.
谢谢!
我为弄清楚这一点做了很多工作,所以我决定写一篇关于它的篇幅很长的博客文章,您可以找到 然后,如果您在Key Vault和应用之间正确设置了身份验证,将名称为"MyValue"的机密添加到Key Vault中,它将在运行时被替换,您将能够从Key中访问该机密像这样在您的应用程序中放置保险柜: We can't go to .net core yet in my company. I'm trying to investigate how to best use the azure key vault to store configuration items for our api app services. I have a simple webapi project with this global.asax file: Then i have a simple webapi endpoint here: It compiles, I get no runtime exception, but this endpoint isn't yielding my configs from the key vault (I do get the appSettings defined in my web.config). What am I missing here? --- UPDATE
It appears that the key vault metrics reported in the azure portal are showing that my app is successfully retrieving the secrets, but they are not being added to the app's AppSettings... Thanks! I did my fair share of figuring this one out so I decided to write a quite lengthy blog post about it which you can find here. In a nutshell, in my opinion the best way to integrate the Key Vault config builder is not through .NET code, but simply by adding Key Vault as a connected service, then set it up in your Web.config, like this: Then if you set up authentication properly between your Key Vault and your app, add a secret to your Key Vault with the name of "MyValue", it will be replaced at runtime and you will be able to access the secret from Key Vault in your application like this:
这篇关于4.7.1中的Azure Key Vault Config生成器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
ConfigurationManager.AppSettings ["MyValue"] using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Http;
using System.Web.Http.WebHost;
using System.Web.Routing;
using Microsoft.Azure.KeyVault;
using Microsoft.Azure.Services.AppAuthentication;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.Configuration.AzureKeyVault;
namespace kv.api
{
public class WebApiApplication : System.Web.HttpApplication
{
protected void Application_Start()
{
GlobalConfiguration.Configure(WebApiConfig.Register);
LoadAzureKeyVaultSettings();
}
protected void LoadAzureKeyVaultSettings()
{
var tokenProvider = new AzureServiceTokenProvider("RunAs=CurrentUser;");
var kvClient = new KeyVaultClient((authority, resource, scope) => tokenProvider.KeyVaultTokenCallback(authority, resource, scope));
var builder = new ConfigurationBuilder()
.AddAzureKeyVault("https://mykvurihere.vault.azure.net/", kvClient, new DefaultKeyVaultSecretManager());
builder.Build();
}
}
}
using System;
using System.Collections.Generic;
using System.Configuration;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Web.Http;
using kv.api.Models;
namespace kv.api.Controllers
{
public class SettingsController : ApiController
{
/// <summary>
/// Method that returns all the keys out of the Configuration Manager's App Settings. Can use this endpoint to test KeyVault integrations.
/// </summary>
/// <returns>List of Settings</returns>
public IEnumerable<Setting> GetAllSettings()
{
var settings = ConfigurationManager.AppSettings.AllKeys
.Select(key => new Setting()
{
Key = key,
Value = ConfigurationManager.AppSettings[key]
})
.ToList();
return settings;
}
}
}
<configuration>
<configSections>
<section name="configBuilders" type="System.Configuration.ConfigurationBuildersSection, System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" restartOnExternalChanges="false" requirePermission="false" />
</configSections>
<configBuilders>
<builders>
<add name="AzureKeyVault" vaultName="your vault's name" type="Microsoft.Configuration.ConfigurationBuilders.AzureKeyVaultConfigBuilder, Microsoft.Configuration.ConfigurationBuilders.Azure, Version=1.0.0.0, Culture=neutral" />
</builders>
</configBuilders>
<appSettings configBuilders="AzureKeyVault">
<add key="MyValue" value="Value from Web.config" />
</appSettings>
...
</configuration>
ConfigurationManager.AppSettings["MyValue"]
