How to access key vault secret from .net code hosted on IIS

2
votes

I have a Scenario:

  1. Create Key vault with secret in Azure.

  2. Access this secret in Code.

    1. code is working in Local(tested using Azure CLI)
    2. Application hosted in Azure App service(MSI enable) working fine.
    3. We need to Host same application on Azure VM(MSI enable) IIS server-Not working

I want the solution and suggestions for above point(Last point)

Code to Access Key vault Secret value

     var azureServiceTokenProvider = new AzureServiceTokenProvider();
            var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
            ConfigurationApp.ClientId = keyVaultClient.GetSecretAsync("https://test.vault.azure.net/", "testid").Result.Value;

Follow this Article - https://kasunkodagoda.com/2018/04/28/allow-application-running-on-an-azure-virtual-machine-to-access-azure-key-vault-using-managed-service-identity/

https://azure.microsoft.com/en-us/resources/samples/app-service-msi-keyvault-dotnet/

1
c#azureiisazure-keyvault
Can you describe "not working"? Do you get an error? - Ron Beyer
Please share your error description. Also, the blog which you are referring is outdated, Microsoft has released a new way to access secret from azure keyvault. I've described in this article - Jayendran
I have not get any error just secret value return null.have checked secret value available on key vault. @RonBeyer - Priti kumari
@RonBeyer We have a requirement to host app on Azure VM-IIS server. in that case i am unable retrieve secret value using above code - Priti kumari
@Jayendran Yes i have used connected services option to get secret value. but our requirement is host app/.net code on Azure VM IIS. - Priti kumari

1 Answers

0
votes

I have fixed my issue:Access key vault secret from .net code hosted on Azure VM IIS

  public async Task getAppconfiguration2()
    {
        string URI = "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fvault.azure.net";
        Uri uri = new Uri(String.Format(URI));
        HttpClient _client = new HttpClient();
        _client.DefaultRequestHeaders.Add("Metadata", "true");
        HttpRequestMessage request = new HttpRequestMessage
        {
            // Content = new StringContent(body, Encoding.UTF8, "application/json"),
            Method = HttpMethod.Get,
            RequestUri = new Uri(URI)
        };


        var res = await _client.SendAsync(request);
        var content = res.Content.ReadAsStringAsync();
        JObject token = JsonConvert.DeserializeObject<JObject>(content.Result.ToString());
        string token1 = token["access_token"].ToString();
        ConfigurationApp.Encyptionkey = token1.ToString();

        HttpClient _client1 = new HttpClient();
        _client1.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", token1);
        HttpRequestMessage request1 = new HttpRequestMessage
        {

            Method = HttpMethod.Get,
            RequestUri = new Uri("https://test.vault.azure.net/secrets/clientid?api-version=2016-10-01")
        };


        var rs = _client1.SendAsync(request1);
        var rk = rs.Result.Content.ReadAsStringAsync();
        JObject clientjson = JsonConvert.DeserializeObject<JObject>(rk.Result.ToString());
        ConfigurationApp.ClientId = clientjson["value"].ToString();

    }