Azure Key Vault Connection Strings and N-Layered Design

Question

This question relates to the following post which maybe helpful: Azure DevOps CI/CD and Separating Connection Strings from Source Control

I'm currently working on an N-Layered project based off of an article by Imar Spaanjaars named ASP.NET N-Layered Applications

I'm trying to implement Azure Key Vault to, I guess you can say, abstract secrets from the application itself.

Goal

I want implement Azure Key Vault using this N-Tier concept. I have a sample project located at NLayer-Spaanjaars.ContactManager

Problem

I'm try to figure out how to use Key Vault Syntax Reference to properly retrieve the secret(s) (connection string) with Entity Framework.

Update 2019/2/22

As stated in the comments, I'm trying to find out how to inject or override the connection string at runtime with values for the Key Vault on a non-Core .Net Web API app.

this feature is in preview and i doubt you can use with feature with enitity frame work. this feature is designed only for app services where you can use this syntax in application settings config. — Imran Arshad, Feb 21 '19 at 20:23
Thanks! Actually, I'm creating a Web API (similar structure except without the Wcf, WebForms, and MVC apps) where I want to use this which will run as an App Service. I did try it in app settings config, and didn't get it to work (yet). So I figured I was doing something wrong and thought to use a sample I'm referencing for help. I'll have to create a new sample with exactly what I'm doing then. However, I still will use EF, so if that's not supported or I can find a workaround then I guess its moot at the moment. — RoLYroLLs, Feb 21 '19 at 20:29
I was hoping to somehow create an interceptor class that can redefine the connection string just before EF tries communicate, but I'm still researching this option. — RoLYroLLs, Feb 21 '19 at 20:30
you can access azure key vault using manage identity service. look into manage identity service its a different way to do things but it may solve your problem. — Imran Arshad, Feb 21 '19 at 20:42
I have, and I'm able to access the keys via code. What I'm not sure is the best way to pass them through to the DBContext. — RoLYroLLs, Feb 21 '19 at 20:43
you need to do this at application start up . load connection staring from key vault and inject into your application configuration system. — Imran Arshad, Feb 21 '19 at 21:00
Interesting. I'l look into that, unless you want to provide a solution as a starting pint. — RoLYroLLs, Feb 21 '19 at 21:13
It's available in 4.7.1 onwards . Have a look @ second section https://learn.microsoft.com/en-us/azure/key-vault/vs-secure-secret-appsettings — Imran Arshad, Feb 22 '19 at 00:25
Thanks @Imran. While I have already followed those resources, I've kept getting errors. When I created a new blank project, I used the `Connected Services` feature in VS instead of adding the NuGet package `Microsoft.Configuration.ConfigurationBuilders.UserSecrets` only (as described in the tutorial) and it worked! Maybe it was missing other packages but I didn't bother figuring out which. Though this helped, it hasn't helped answer my question yet. Can you help point me in the right direction to, as you mentioned, "load connection staring and inject into your application configuration system" — RoLYroLLs, Feb 22 '19 at 16:41
Keep in mind, this is a `.Net Web API`, not a `.Net Core Web Api` — RoLYroLLs, Feb 22 '19 at 16:44

score 0 · Accepted Answer · answered Mar 07 '19 at 16:05

I managed to get this working by modifying my DbContext like so:

public class MyContext : BaseDataContext {
    public MyContext()
            : this(GetDbConnection()) {
    }

    public MyContext(string connectionString)
            : base(connectionString) {
    }

    public static string GetDbConnection() {
        // Get the value from the AppSettings section in the Web.config file that will be updated by Key Vault
        var connectionString = ConfigurationManager.AppSettings["{key-vault-secret-name}"];
        // Return the connection string value above, if blank, use the connection string value expected in the Web.config
        return string.IsNullOrWhiteSpace(connectionString) ? "MyContext" : connectionString;
    }
}

Azure Key Vault Connection Strings and N-Layered Design

1 Answers1

Linked