|
1. The lounge is for the CodeProject community to discuss things of interest to the community, and as a place for the whole community to participate. It is, first and foremost, a respectful meeting and discussion area for those wishing to discuss the life of a Software developer.
The #1 rule is: Be respectful of others, of the site, and of the community as a whole.
2. Technical discussions are welcome, but if you need specific programming question answered please use Quick Answers[^], or to discussion your programming problem in depth use the programming forums[^]. We encourage technical discussion, but this is a general discussion forum, not a programming Q&A forum. Posts will be moved or deleted if they fit better elsewhere.
3. No sys-admin, networking, "how do I setup XYZ" questions. For those use the SysAdmin[^] or Hardware and Devices[^] forums.
4. No politics (including enviro-politics[^]), no sex, no religion. This is a community for software development. There are plenty of other sites that are far more appropriate for these discussions.
5. Nothing Not Safe For Work, nothing you would not want your wife/husband, your girlfriend/boyfriend, your mother or your kid sister seeing on your screen.
6. Any personal attacks, any spam, any advertising, any trolling, or any abuse of the rules will result in your account being removed.
7. Not everyone's first language is English. Be understanding.
Please respect the community and respect each other. We are of many cultures so remember that. Don't assume others understand you are joking, don't belittle anyone for taking offense or being thin skinned.
We are a community for software developers. Leave the egos at the door.
cheers,
Chris Maunder
The Code Project | Co-founder
Microsoft C++ MVP
modified 16-Sep-19 9:31am.
|
|
|
|
|
#Worldle #433 1/6 (100%)
🟩🟩🟩🟩🟩🎉
https://worldle.teuteuf.fr
easy one
"A little time, a little trouble, your better day"
Badfinger
|
|
|
|
|
Hi all,
I have a question based on the below hypothetical scenario.
I have an Azure based system comprised of:
Web app (Blazor)
Multiple Azure functions
A set of C# library NuGets written to support shared code
Azure SQL
Internal-only APIM
External APIM (for mobile apps and third Party subscriptions)
Azure Front Door
Various Azure services, like Key Vault, Azure Storage, etc.
ADO DevOps (incl. ADO Git repos, not GitHub, pipelines, artifacts, testing, etc.)
ADO Boards for case management
Developers use VS 2022 with access
Secure information that apps use like keys, usernames/passwords, etc. are stored in a key vault.
Now, for the question. What process do you recommend for the apps (not directly publicly accessible other than port 80 HTTP for the web UI) to access the key vault without leaving any keys in config files that could be compromised?
I know what I think, but if I knew everything 100% correctly, I probably wouldn’t be here. 🙂
Thanks in advance.
|
|
|
|
|
In a domain? Doesn't Azure use SQL Server?
We have some data encrypted in SQL Server, with keys and certificates, etc.
Only a user authenticated on the domain with access to the SQL Server database with access to the keys and certificates can decrypt the encrypted values.
|
|
|
|
|
That is certainly a common practice.
Where is the username and password stored for the user you mentioned?
If the app uses that type of user login, doesn’t it have to get the username and password from somewhere outside the DB?
|
|
|
|
|
The domain performs authentication for the user.
The user provides the username and password to the domain.
|
|
|
|
|
Have the app read from the key vault when it starts, and then cache the value.
You don't want to constantly read from the key vault, as it is not a high throughput service.
|
|
|
|
|
And by what is the app validated to the KV, and where is that stored outside the KV where the app can access it?
|
|
|
|
|
Quote: To securely access the Key Vault from your applications without exposing the secrets in config files, you can leverage Azure Managed Service Identity (MSI) feature.
Managed Service Identity (MSI) is a feature of Azure Active Directory that provides Azure services with an automatically managed identity in Azure AD. With MSI, Azure services can authenticate with other Azure services that support Azure AD authentication, without requiring you to manage any secrets or credentials.
The process for accessing the Key Vault using MSI can be summarized in the following steps:
Enable the MSI feature for your Azure App Service/Web App: Enable the system assigned identity for your Web App by turning it on in the Identity blade of your Web App.
Add access policy to Key Vault: Once MSI is enabled, navigate to your Key Vault, select the Access policies blade, and add the necessary permissions to allow your Web App to access the Key Vault.
Modify your code to use MSI to authenticate with the Key Vault: In your code, you can use the Azure.Identity NuGet package to authenticate with the Key Vault using the MSI endpoint. Here's some sample code that demonstrates how to access a secret in a Key Vault using MSI:
var credential = new DefaultAzureCredential();
var client = new SecretClient(new Uri("https://{keyvault-name}.vault.azure.net/"), credential);
KeyVaultSecret secret = await client.GetSecretAsync("secret-name");
string secretValue = secret.Value;
|
|
|
|
|
Maybe you shouldn't hide the key, just encrypt it. The apps should know where the keys are and how to decrypt them.
As a real-world example, I need the ability for hundreds of customer desktop apps to be able to utilize one or more FTP resources, and also need the ability to change the credentials for those resources 'on the fly'. Those credentials are actually stored on a publicly accessible website in an XML file with very unassuming names/tags and, of course, encrypted. My 2 cents. 
"Go forth into the source" - Neal Morse
"Hope is contagious"
|
|
|
|
|
|
The ancient Greeks figured out that the erth wasn't flat. It's a shame hat the flat-earthers haven't caught up with them.
|
|
|
|
|
NO
I like that one!
modified 8hrs ago.
|
|
|
|
|
|
I guess it was a Freudian slip since I live in FL
|
|
|
|
|
The picture is wrong.
All of them are flat. But only the earth is shown edge on.
|
|
|
|
|
very clever those flat earthers
|
|
|
|
|
We are quite smart. No way you can fool us.
"If we don't change direction, we'll end up where we're going"
|
|
|
|
|
|
Pull out
sketch DRAW
first - letter A
learner L
to start with WITH
WITHDRAWAL
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
I think the hyphen would throw people off 
In a closed society where everybody's guilty, the only crime is getting caught. In a world of thieves, the only final sin is stupidity. - Hunter S Thompson - RIP
|
|
|
|
|
That's what punctuation is there for! 
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
I'm keen to guess. Does someone with a learner's permit in the UK have an "L" decal on their car?
|
|
|
|
|
Yep, and Hong Kong, India, Ireland, parts of Canadia, Israel, Malaysia, Spain, Oz, NZ, Switzerland, Poland, parts of the USA, ... loads of places!
In Wales, we have a Red 'L' for Learner, Green 'L' for recently passed, Green 'D' for "Disqualified", and Red 'D' for "Drunk"*
* That's a lie: the D is "Dysgwr", the Welsh for "Learner" but you wouldn't know that from the way they drive ... 
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
modified 6hrs 5mins ago.
|
|
|
|
|
Not in Minnesota USA anyway. Some families add a rear window sticker stating that there is a Student Driver - but this isn't required by law.
|
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
