1. 首頁
  2. 問答
  3. 具有實體框架「DefaultConnection」應用程序設置的Azure密鑰保險庫

具有實體框架「DefaultConnection」應用程序設置的Azure密鑰保險庫

2017-09-20 31 views
1

我試圖使用Azure密鑰保管庫來存儲我的實體框架的web api連接字符串。理想情況下,我想避免將密鑰庫nuget包與我的數據訪問代碼結合在一起。我的DbContext類有兩個構造函數:具有實體框架「DefaultConnection」應用程序設置的Azure密鑰保險庫

public MyDbContext() : base("DefaultConnection") 
{ . . . } 

public MyDbContext(string connectionString) : base(connectionString) 
{ . . . }

我的代碼使用參數的構造函數後者從web配置的連接字符串。有一些地方我實例化一個新的MyDbContext對象,它禁止使用注入的解決方案。

我所走的路線是建立在我的DbContext的靜態屬性與連接字符串定位:

public interface IConnectionStringLocator 
{ string Get(); } 

public class DefaultConnectionStringLocator : IConnectionStringLocator 
{ 
    public string Get() 
    { 
     return "DefaultConnection"; 
    } 
} 

public static IConnectionStringLocator ConnectionStringLocator { get; set; } = 
    new DefaultConnectionStringLocator();

我的網頁API項目具有的NuGet包檢索關鍵金庫的祕密。所以在我的Global.asax文件我有這樣的:

protected void Application_Start() 
{ 
    MyDbContext.ConnectionStringLocator = new ConnectionStringLocator("DefaultConnection"); 
} 

public class ConnectionStringLocator : IConnectionStringLocator 
{ 
    private readonly string _connectionStringName; 

    public ConnectionStringLocator(string connectionStringName) 
    { 
     this._connectionStringName = connectionStringName; 
    } 
    public string Get() 
    { 
     var keyVaultName = WebConfigurationManager.AppSettings.Get("KeyVaultName"); 
     if (keyVaultName == "develop") 
      return _connectionStringName; 
     else 
     { 
      AzureServiceTokenProvider azureServiceTokenProvider = new AzureServiceTokenProvider(); 
      var keyVaultClient = 
       new KeyVaultClient(
        new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback)); 
      var defaultConnectionSecret = 
       keyVaultClient.GetSecretAsync($"https://{keyVaultName}.vault.azure.net/secrets/{this._connectionStringName}"); 

      return defaultConnectionSecret.Result.Value; 
     } 
    } 
}

我出版這和它的作品,但它並沒有「感覺」的權利。

另一種選擇是遵循這篇文章https://blog.falafel.com/keeping-secrets-with-azure-key-vault/,但它需要我將KeyVault API包與我的數據訪問結合起來。

我在尋找反饋和方向。我應該補充一點,我想使用密鑰保管庫的原因是,它允許我有天藍色的管理員,他們可以在線查看應用程序設置,而無需通過連接字符串訪問sql數據庫。新MSI實現

KeyVault資源:https://github.com/Azure-Samples/app-service-msi-keyvault-dotnet/

來源

2017-09-20 Chad Bengen

回答

0

以下是我解決了這個,在這情況下,任何人絆倒。

創建了一個ConfigurationManager類,它首先嚐試從密鑰庫中獲取值,但在失敗時使用WebConfigurationManager讀取應用程序設置。

public static class ConfigurationManager 
{ 
    public static string KeyVaultName => WebConfigurationManager.AppSettings.Get("KeyVaultName"); 
    private static readonly Dictionary<string, string> ConfigurationCache = new Dictionary<string, string>(); 
    private static SecretBundle GetSecret(string secretName, string vaultName = null) 
    { 
     AzureServiceTokenProvider azureServiceTokenProvider = new AzureServiceTokenProvider(); 
     var keyVaultClient = 
      new KeyVaultClient(
       new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback)); 
     var secretUri = $"https://{vaultName ?? KeyVaultName}.vault.azure.net/secrets/{secretName}"; 
     var secret = keyVaultClient.GetSecretAsync(secretUri); 
     return secret.Result; 
    } 

    public static string GetAppSettingValue(string secretName, string vaultName = null) 
    { 
     vaultName = vaultName ?? KeyVaultName; 
     string key = $"{vaultName}:{secretName}"; 
     string value; 

     if (ConfigurationCache.TryGetValue(key, out value)) 
      return value; 

     if (string.IsNullOrEmpty(vaultName) || vaultName == "develop") 
     { 
      value = WebConfigurationManager.AppSettings.Get(secretName); 
      ConfigurationCache.Add(key, value); 
      return value; 
     } 

     var secret = GetSecret(secretName); 
     value = secret.Value; 
     ConfigurationCache.Add(key, value); 
     return value; 
    } 

    public static void SetAppSettingValue(string secretName, string value, string vaultName = null) 
    { 
     vaultName = vaultName ?? KeyVaultName; 
     string key = $"{vaultName}:{secretName}"; 

     if (ConfigurationCache.ContainsKey(key)) 
      ConfigurationCache[key] = value; 
     else 
     { 
      WebConfigurationManager.AppSettings[key] = value; 
      ConfigurationCache.Add(key, value); 
     } 


    } 
    public static string GetConnectionStringValue(string secretName, string vaultName = null) 
    { 
     vaultName = vaultName ?? KeyVaultName; 
     string key = $"{vaultName}:{secretName}"; 
     string value; 

     if (ConfigurationCache.TryGetValue(key, out value)) 
      return value; 

     if (string.IsNullOrEmpty(vaultName) || vaultName == "develop") 
     { 
      value = WebConfigurationManager.ConnectionStrings[secretName].ConnectionString; 
      ConfigurationCache.Add(key, value); 
      return value; 
     } 

     var secret = GetSecret(secretName); 
     value = secret.Value; 
     ConfigurationCache.Add(key, value); 
     return value; 
    } 
}

然後在我的DbContext類我呼籲Configurationmanager.GetConnectionStringValue( 「DefaultConnection」)。

public MyDbContext() 
     : base(ConfigurationManager.GetConnectionStringValue("DefaultConnection")) 
    {...}

來源

2017-10-25 21:35:41

相關問題

 相關問題