I load the keyvault secrets when the app starts and the configuration has the vault secrets added as we can see here. I am using the Microsoft.Identity.Web for adding the AD SSO and registers the AddSignin() as mentioned in the samples. But the secret is not getting serialized as expected at this point. However if the secrets are kept in appsettings.json it works fine. How can I make this work? An explicit deserialization is required?
Please find below the entire code setup
1.Program.cs has the below code.
ConfigureAppConfiguration((hostingCtx, config) =>
{
if (hostingCtx.HostingEnvironment.IsProduction())
{
var builtConfig = config.Build();
AzureKeyVaultConfigurationExtensions.AddAzureKeyVault(config, builtConfig["AppConfiguration:KeyVaultUrl"]);
}
})
{"CallbackPath":"/home/index","ClientId":"######","ClientSecret":"#######","Domain":"######","Instance":"######","TenantId":"######"}
Added a reference to Microsoft.Identity.Web
Registered the below service in Startup.cs->ConfigureService
services.AddAuthentication(sharedOptions =>
{
sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddSignIn("AzureAd1", configuration, options => configuration.Bind("AzureAd1", options));
File - WebAppServiceCollectionExtensions.cs
public static AuthenticationBuilder AddSignIn(
this AuthenticationBuilder builder,
string configSectionName,
IConfiguration configuration,
string openIdConnectScheme,
string cookieScheme,
Action<OpenIdConnectOptions> configureOptions,
bool subscribeToOpenIdConnectMiddlewareDiagnosticsEvents = false)
{
builder.Services.Configure(openIdConnectScheme, configureOptions);
builder.Services.Configure<MicrosoftIdentityOptions>(options => configuration.Bind(configSectionName, options));
var microsoftIdentityOptions = configuration.GetSection(configSectionName).Get<MicrosoftIdentityOptions>();
.......
......
}
Any help deeply appreciated.
Thank you
The answer is right here https://learn.microsoft.com/en-us/aspnet/core/security/key-vault-configuration?view=aspnetcore-2.2#bind-an-array-to-a-class
Create secrets in the key vault as name-value pairs.
Azure Key Vault secret names are limited to alphanumeric characters and dashes. Hierarchical values (configuration sections) use -- (two dashes) as a separator. Colons, which are normally used to delimit a section from a subkey in ASP.NET Core configuration, aren't allowed in key vault secret names. Therefore, two dashes are used and swapped for a colon when the secrets are loaded into the app's configuration.
Instead of keeping all the secrets inside a single json, each property should be added as a single secret.
For eg "AzureAd1--TenantId" should be the name of the key where AzureAd1 denotes the section