Integrating Azure Secrets into your .NET Web Application

sarahs

Sarah Schlueter

Posted on January 26, 2024

Integrating Azure Secrets into your .NET Web Application

I recently was tasked with building a boilerplate application to serve as a starting point for new applications for the University of Wisconsin - Superior. Since working with the application development team, I've learned so much about development in C# and using the .NET framework, as well as getting to work more with Microsoft Azure.

I plan to write more tutorials as I progress and learn more, but I wanted to quickly share this info since I really struggled with it, and I did not find any helpful resources online that were straightforward.

The application referenced in this tutorial is an ASP.NET Web Forms Application (.NET Framework).

What you’ll need:

  • Key vault created in Azure
  • Vault URI (https://<your-key-vault-name>.vault.azure.net/)
  • The connection string for your database added as a secret in your key vault
  • Name of the Secret that stores your connection string

Prerequisites:

  • Ensure you are logged into Visual Studio with the same user account that is used for the database connection.
  • Ensure there are no other database connections active (i.e. under connected services, etc.)
  • Install the following packages:
    • Azure.Core
    • Azure.Identity
    • Azure.Security.KeyVault.Keys
    • Azure.Security.KeyVault.Secrets

Depending on your individual project needs you may need other packages installed as well, but these are the ones required to integrate Azure Key Vault.

Add your Azure Key Vault URI in Web.config file

In the web.config file under <appSettings> you’ll need to add the following code:



<add key="KeyVaultUrl" value="<https://your-keyvault-name.vault.azure.net/>" />


Enter fullscreen mode Exit fullscreen mode

Feel free to change the key to whatever you like, and replace the value with your specific Key Vault URI.

You do have the option to skip this step and just use the URI in your code each time, but I find this is less hassle to save it here and just use the key in the rest of your code where you need it.

Using your secret in the code:

In the boilerplate code, you can see two examples of secret integration in the Contact.aspx.cs file. These are implemented in the btnSend_Click() and btnRetrieve_Click() methods.

In this case, the key value in <appSettings> is the same as the variable name created here.

Example code:

Example Code

Step 1. In your method, create a variable of type string to store your key vault URI:



string KeyVaultUrl = ConfigurationManager.AppSettings["<your-appsettings-key-name>"];


Enter fullscreen mode Exit fullscreen mode

Step 2. Create another variable of type string to store the name of your secret containing the connection string:



string secretName = "<your-secret-name>";


Enter fullscreen mode Exit fullscreen mode

Step 3. Create a new SecretClient that takes your Key Vault URI and a new DefaultAzureCredential() as parameters. For the new URI() enter your KeyVaultUrl variable from step 1. Create a variable of type KeyVaultSecret and assign to your SecretClient calling GetSecret() on your secretName from step 2.

Step 4. Finally, create a variable of type string to store your connection string by grabbing the value of your KeyVaultSecret from step 3.

That's it! The rest of the code would be tailored to your specific project needs.

Thank you for reading! Hope this was helpful. Please feel free to leave any feedback or questions in the comments.

Connect with me:
Twitter: @sarah_schlueter

Discord: sarahmariedev

💖 💪 🙅 🚩
sarahs
Sarah Schlueter

Posted on January 26, 2024

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related