I'm making an asp.net core application and using user secrets. User secrets are set properly and I can see them when I right click the project -> Manage user secrets. Everything works fine inside Visual Studio when I hit "Debug". But when I build my app and launch the .dll file, it is not retrieving the user secret properly and is getting an empty string from it.
If you're building the app and deploying it, the secret manager will not work. The Secret Manager tool for development purposes only. The Secret Manager tool doesn't encrypt the stored secrets and shouldn't be treated as a trusted store. The keys and values are stored in a JSON configuration file in the user profile directory. More details on Safe storage of app secrets in development in ASP.NET Core. If you're deploying to Azure use Azure Vault or Azure App Configuration for managing secrets.
Related
We have a dotnet core 3.1 console application. It is deployed to on-premise Windows server. There is some sensitive information that we would like to keep in Azure Key Vault. However, instead of accessing Key Vault directly, we would like to access it via App Configuration service.
https://learn.microsoft.com/en-us/azure/architecture/solution-ideas/articles/appconfig-key-vault
Above article mentions that any application can use Azure App Configuration (under Potential use cases).
Does "any" include application hosted outside of Azure? If so, can you share high level steps on how to access App Configuration service from dotnet core app that is not running in Azure.
it seems that any means any, looks like the steps remains the same as long as the connection string to config services work, i'll do some testing with quick start material and let you know..
Best!
Here's the situation: I have an account in the azure active directory of my company with several subscriptions. I am building an ASP.NET Framework application for a client. This application is going to be hosted in their own azure environment, so to set this up, they added my email address to their azure active directory. Now in the azure portal I can use the button "change active directory" to either view my company's resources or my client's.
I set up a keyvault in my client's azure environment and I added keyvault as connected service to my application using these instructions. My application is running locally in local IIS, so I set up the application pool to use my user account so it has access to my azure subscriptions.
The issue here is that I still get an error when I try to run the application. The ysod says that azure gives a 401 response when trying to access the keyvault. I see that it's trying to use the guid that is associated with my company's azure active directory (I don't know what the name of this guid is). Obviously, I can't access resources from my client's azure environment with my company's azure active directory.
As an attempt to get more information, I built a small console application and used the same procedure to add keyvault as a connected service, since the internet says that the console application gives more details than the ASP.NET application. However, when I run my console application, I don't get any errors at all and I can access my client's keyvault just fine.
This makes me believe that there is some setting in my user account or IIS that I need to change to make this work, but I can't find what it is.
How can I make my ASP.NET Framework application, running locally in IIS, access a keyvault as connected service in my client's azure environment?
This should work, try to follow this to re-login your user account in VS and make sure you have modified your ASP.NET Framework project.
If it still not work, you could ask your client to create a work account for you in their Azure AD tenant and add it to the keyvault access policy, then use the account to login VS and test.
Hy Guys,
I'm new to Asp.net and Azure. I was working on ASP.NET with the help of this documentation link, When I publish my project on Azure by creating the Web App with latest portal on Azure, but it is only my application host on the Azure. And now i need to publish the my project database to Azure. In the present portal, the database option is not present there when we create the Web App on Azure to host the database as well with the Web project. But in the old portal as the documentation link guides us the database option is also present there when we publish our Web project on Azure.
Can anyone explain me how can i deploy my Web App existing database to Azure even if my Project has been deployed on Azure?
How can I deploy my existing Web App Database to Azure on the new portal.
If you use Code First Model of Entity Framework, you could just configure the connection string for your web application when you publish your web application. Entity Framework will generate tables for you automatically.
If there are existing data in your database which you want to migrate to Azure SQL Database. You could download a tool named Migration Assistant which will help you do it. For detail steps, link below is for your reference.
SQL Server database migration to SQL Database in the cloud
In the documentation he is using the old dashboard of Azure in which database option is attached with the Web App Publish procedure.
A small difference between old dashboard and new dashboard is that the creating Azure SQL Database feature is hidden when you create your app service. You need to click Explorer additional Azure services link to open the a new window for creating Azure SQL Database.
After creating a database, you could choose the database in the Setting tab when you publish your web application.
You also could create a database directly in Azure portal. After creating a database, you could get the connection string from the overview page.
If you make changes to a database schema and are using code first EF, will EF update your database schema when you redeploy your web app?
It depends whether you have enabled and run the migration. In the publish setting window, we could click the [Execute Code First Migrations] button to update the database schema .
If this button is disabled in the setting window, we need to run Enable-Migrations command in Package Manager Console.
In Visual Studio click menu Tool -> NuGet Package Manager -> Package Manager Console, input Enable-Migrations and run it.
I'm working in VS2015 and have a ASP.NET Core solution with two projects - an API Web Project and a Class Library that holds all the data entities, context and Entity Framework migrations. The API project references the class library and all works well on my local machine.
I now want to deploy the solution to Azure and this is where I'm hitting the problem. If I right click on the API project and go through the Azure App Service publish wizard, on the Settings tab I expand Databases and the message is "No databases found for this project" - which I'm guessing is because it can't find a context as it's not in this project.
If I do the same on the CL project though, there is no Azure App Service deployment option, the only option is File System and clearly there's no option to create the database there either.
So, in summary, my question is how I can deploy this type of solution to Azure and have the database created and migrations applied?
I think you need to create the DB first in the azure and then try to publish your application through the wizard. The database is on your local machine and the application will work just fine on your local environment. But on the cloud you have to first create the database on Azure SQL. Then you need to get the SQL connection string from the portal and update your config file accordingly. Once this is done you can then publish your application from Visual Studio. Please note that the wizard will still not show you the databases, but the application, when configured properly will run fine.
NOTE: This question is for a .net core console application, not ASP.NET Core.
I am confused on the proper use of a Profile on AWS. What I understand is that AWS would prefer that a profile name is used instead of a file containing AWS credentials (aws_access_key_id, aws_secret_access_key) values.
With .net core, how will I know how to navigate to the users home directory where the credentials file should be stored? (According to this reference: http://docs.aws.amazon.com/sdk-for-net/v3/developer-guide/net-dg-config-creds.html#using-a-credentials-file
I am creating a .net Core application to connect to Amazon Kinesis and will be deploying it in a Docker container. I want to be able to deploy and have the application find the credentials on its own using .CreateServiceClient<IAmazonKinesis>(). From what I understand, this approach allows AWSOptions to lookup/find the credentials under the covers by locating the credentials file.
Please help me understand how to approach this.
Is the docker container you will be deploying to hosted in ECS? If so, using the IAM Roles for Tasks feature in ECS will be the simplest solution to your question.
Essentially, you can configure an IAM role that the task/container will run under, and configure it's permissions by assigning an IAM policy to that role. ECS manages the process of providing credentials for that role to the docker container. The SDKs will all pick up the credentials ECS provides by default, unless you explicitly override them by providing credentials while creating a client or change your credential provider chain.
We published a blog post about ECS IAM roles for tasks when we launched the feature:
https://aws.amazon.com/about-aws/whats-new/2016/07/amazon-ec2-container-service-now-supports-iam-roles-for-tasks/