How to secure smtp info with Azure and Github?

Question

I have a small website which has a Contact Me page, for this page I use System.Net.Mail and I followed this tutorial.

My problem now is that I host my website on Azure and use Github as source control and deployment.

The problem is of course that all of my code would be public on Github and that the credentials are out in the open.

How can I secure this info from the public with Azure? I have been looking into the App Settings section but I'm not 100% sure how to handle this properly.

  <system.net>
    <mailSettings>
      <smtp from="mail@outlook.com">
        <network host="smtp-mail.outlook.com"
                 port="587"
                 userName="mail@outlook.com"
                 password="notarealpassword"
                 enableSsl="true" />
      </smtp>
    </mailSettings>
  </system.net>

score 1 · Answer 1 · answered Mar 08 '17 at 13:13

1

So the easiest way would be to use App Settings (just like you said). You would create several app settings like username = mail@outlook.com and those will become environment variables on the VM's hosting your WebApp. You could grab the value or those environment variables by the name of the variable in any way that you like.

I was doing this:

Environment.GetEnvironmentVariable("StorageConnectionString")

answered Mar 08 '17 at 13:13

4c74356b41

69,186
6
100
141

This is indeed the idea that i was also entertaining, but that means i would have to take the settings out of the config file and place it in the code again, right? – Vahx Mar 08 '17 at 13:16
if I understand correctly, you can access those in web.config http://stackoverflow.com/questions/32301840/how-to-set-asp-net-5-environment-variables-on-production-environment – 4c74356b41 Mar 08 '17 at 13:18

score 0 · Accepted Answer · edited May 23 '17 at 12:09

I based my solution on the advice from 4c74356b41's answer.

Step 1: Add keys to your Web.config file

Leave the value's empty.

  <appSettings>
    <add key="webpages:Version" value="3.0.0.0" />
    <add key="webpages:Enabled" value="false" />
    <add key="ClientValidationEnabled" value="true" />
    <add key="UnobtrusiveJavaScriptEnabled" value="true" />

    <add key="EmailAccount" value=""/>
    <add key="EmailPassword" value=""/>
  </appSettings>

Step 2: Use the keys in your code

With ConfigurationManager you can call AppSettings and retrieve the value based on the key name.

       using (var smtp = new SmtpClient())
        {
            var credential = new NetworkCredential
            {
                UserName = ConfigurationManager.AppSettings["EmailAccount"],  
                Password = ConfigurationManager.AppSettings["EmailPassword"]  
            };
            smtp.Credentials = credential;
            smtp.Host = "smtp-mail.outlook.com";
            smtp.Port = 587;
            smtp.EnableSsl = true;
            await smtp.SendMailAsync(message);
            return RedirectToAction("Sent");
        }

Step 3: Add your Key Value's to your App settings on Azure

In your Web App, go to Application Settings under the Settings and add your key/value's

How to secure smtp info with Azure and Github?

2 Answers2

Step 1: Add keys to your Web.config file

Step 2: Use the keys in your code

Step 3: Add your Key Value's to your App settings on Azure