ASP.NET web app- ConfigurationBuilder in a web app to retrieve access keys

In this tutorial, you configure an existing ASP.NET web app to retrieve sensitive information, such as connection strings, from your Azure key vault. By using Azure Key Vault, you help protect security information that could otherwise be used by a malicious application to attack your system.

The scenario in this module involves an existing .NET Framework web app that runs on-premises. You start by migrating this application to a web app that’s built by using Azure App Service. Next, you store the secrets that are required by this application to connect to resources such as a database in your key vault. Finally, you configure the application by using a ConfigurationBuilder object that retrieves information from the key vault.

Use the ConfigurationBuilder type

Configuring the app is central to building it in a way that allows its dependencies to vary, based on the environment in which it’s deployed. In .NET Framework apps, the most common mechanism to customize app configuration is through the ConfigurationManager type. You can use a configuration manager to read settings that are often stored in the app.config file for desktop apps, or in the web.config file for ASP.NET web apps.

dot net

One of the challenges with storing configuration settings in this manner is that values to be kept secret often end up being stored as plain text somewhere. This practice creates a security vulnerability. You use the ConfigurationBuilder class to remove this vulnerability.

What is the ConfigurationBuilder class?

The ConfigurationManager approach that’s used by many traditional .NET Framework and ASP.NET web apps allows an administrator to store configuration information as a series of keys and values in a config file. ConfigurationManager has been the primary mechanism to avoid hard-wiring information into an app, and it’s well understood by most ASP.NET developers.

The simplicity of using ConfigurationManager can also be a significant shortcoming. It’s not easy to store and retrieve configuration information in sources other than the config file that’s associated with the app. Large-scale enterprise systems, especially those running in the cloud, frequently need to adapt their configuration dynamically, and they require other sources of configuration information.

Additionally, the config file that’s used by ConfigurationManager is typically held as plain text, although some encryption options are available. Encryption can be cumbersome, and it still requires an encryption key to be stored somewhere. Hard-coding the encryption key in app code isn’t a secure solution, even after the app is compiled. A determined attacker could disassemble your code and read the key. These issues can make using ConfigurationManager an unsuitable mechanism for storing sensitive configuration information, such as passwords and connection strings, unless a great deal of care is taken.

A ConfigurationBuilder object is designed to enable you to retrieve configuration information from a variety of sources.

The ConfigurationBuilder mechanism is an extension of the concepts implemented by the ConfigurationManager class. Rather than restricting configuration information to a strict XML grammar stored in a text file, you can use a variety of configuration builders, based on different configuration sources. A configuration builder provides its own specific means to access data. Currently available configuration builders include:

  • Microsoft.Configuration.ConfigurationBuilders.Environment: Adds settings from the environment variables of the current process
  • Microsoft.Configuration.ConfigurationBuilders.UserSecrets: Adds user secrets contained in an XML file external to the code base
  • Microsoft.Configuration.ConfigurationBuilders.Azure: Pulls items from key vault
  • Microsoft.Configuration.ConfigurationBuilders.KeyPerFile: File based, where the name of the file is the key, and the contents are the value
  • Microsoft.Configuration.ConfigurationBuilders.Json: Pulls key/value pairs from JSON files

You can also create your own custom ConfigurationBuilder class if you need to access configuration information that’s held in store and for which no builder is currently available.

The choice as to which configuration builder to use depends on the scenarios and the requirements of an individual app.

How ConfigurationBuilder objects work

An app reads information from a configuration builder object in exactly the same way as it would have previously, by using a ConfigurationManager object. You can continue to use the ConfigurationManager.AppSettings[“settingName”] idiom, and you don’t need to change your app code.

Instead, you provide the details of the configuration builders to use in the app config file on cloud or hosting. You specify which builders to apply to retrieve app settings and connection strings by using the configBuilders attribute of the appSettings and connectionStrings sections in the app config file.

You add ConfigurationBuilder types to the <configBuilders> section in the config. Each builder you add is assigned a name (a string that’s used to reference the builder from elsewhere in the config), and the full type name. Many builders take additional, builder-specific parameters. You also need to add the assembly that processes the <configBuilders> section.

The following example adds the builders for using environment variables and user secrets. The userSecretsId parameter indicates the identity of the user secret that contains the data. At runtime, the builder looks in the secrets.xml file, which is stored in a protected location (%APPDATA%\Microsoft\UserSecrets<userSecretsId>\secrets.xml in Windows), for the value to use:

<configuration>
  <configSections>
    <section name="configBuilders" type="System.Configuration.ConfigurationBuildersSection, System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" restartOnExternalChanges="false" requirePermission="false" />
    ...
  </configSections>
  <configBuilders>
    <builders>
      <add name="Environment" type="Microsoft.Configuration.ConfigurationBuilders.EnvironmentConfigBuilder, Microsoft.Configuration.ConfigurationBuilders.Environment, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
      <add name="Secrets" userSecretsId="c96e0578-6490-4a2d-b6c5-cb2b0baaeae8" type="Microsoft.Configuration.ConfigurationBuilders.UserSecretsConfigBuilder, Microsoft.Configuration.ConfigurationBuilders.UserSecrets, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
    </builders>
  </configBuilders>
  <appSettings configBuilders="Environment,Secrets">
    <add key="MySecretData" value="" />
    <add key="MyEnvironmentData" value="" />
  </appSettings>
  ...
<configuration>

In this example, when an app retrieves the value of the MySecretData key or the MyEnvironmentData key, the configuration entry is composed of values from the specified sources. The values are listed in the order in which they are stated. Here, entries from Environment are added first, followed by those from Secrets. This means that the last source that has a specified value is surfaced to the user. You can change the search order by switching the sequence in the configBuilders attribute.

Configuration is central to building an app in a way that allows its dependencies to vary, based on the environment in which it’s deployed.

In this post, you learned:

The purpose of the ConfigurationBuilder mechanism, which is to help avoid storing sensitive configuration information in easily accessible locations.
How to use ConfigurationBuilder in a web app to retrieve access keys from your Azure key vault at runtime.

When you’re working in your own subscription, it’s a good idea at the end of a project to identify whether you still need the resources you created. Resources left running can cost you money. You can delete resources individually or delete the resource group to delete the entire set of resources.

What are the best hosting service provider standards ?

These are the most important standards for choosing the best hosting sites for WordPress or any  website projects

Best web hosting company standards

  1. Servers with uptime guarantee: The closer you get to 100%, the better. Any server stop will stop your site, lose your visitors and google ranking
  2. Good price with great free service:  Some companies reduce accommodation prices and reduce some free features and turn them into payment, so watch out for the trap of my visiting brother’s hosting company!
  3. Strong and collaborative technical support: “Support Services Good”: Without a doubt, excellent technical integration will solve your future problems.
  4. Technical specifications of the hosting plan“Best Plans for the Hosting”: Each hosting company has its own plan, so you have to compare them, in particular: bandwidth or data volume (bandwidth), disk storage space (dedicated to hard drive size), SSD type or hard drive; ram speed, unlimited number of electronic accounts, daily or weekly backups of all your websites, each hosting different plans, so it’s best to choose a host that meets your web needs.
  5. Free domain name “Free Domain”: dot com for at least one year.
  6. Transfer your sites to new host servers for free: they provide great security and ensure that your site is not compromised when you go from server to server.
  7. Servers locations: If most of your visitors come from America: Make sure the server location and data center are available in the United States. If most of your visitors are in the Arab world, it is best to choose the server location in Europe.
  8. types of hosting: There are free, shared, cloud-cloud, VPS and your own server
  9. Upgrade to Your Plan: Check if your host can update or reduce your hosting plan as needed.
  10. Easy control panel and attractive interface: like cPanel.
  11.  User Reviews: It is important to know whether this company is the best company or should we look at the opinion of the experimenterin in front of you.
  12. Renewal rates: When your subscription expires, the company will increase your subscription price, or keep it as it is. Therefore, the first discount will be for you to eat the taste of your ignorance.
  13. The number of sites they are allowed: The higher the number, the better, especially for strong plans.
  14. Money back guarantee: You can subscribe to a company or plan, which you find wrong and want to exclude. The longer the recovery period, the better.

Summary
In our estimation we will help you as much as possible choose the cheapest and best plans,And we will give the best company at the cheapest price.

When purchasing a host, you may not look at the cheapest hosting without regard to the quality of their services, so you can buy the best WordPress hosting in addition to buying the cheapest hosting together.

How to Setup Batch and Storage accounts in the Azure portal

Before you manage the Azure Batch services from a .Net application, you have to create the Azure Batch account and Storage account. You can use the Azure portal, Powershell, Azure CLI, or the Batch Management API to create these accounts.

In this unit, you’ll create an Azure Batch and Azure Storage account using the Azure portal.

Create New Storage Account

  1. Navigate to the Azure portal  in your favorite browser.
  2. On the Azure portal menu or from the Home page, select Create a resource.
  3. In the Search the Marketplace search box type storage, then select Storage account.
  4. Select an existing resource group or create a new one.
  5. Select Create to open the Create storage account form, as shown in the following screenshot.storage-account
  6. In the Storage account name field, enter a unique name. An example might be cutifypets<date><your initials>.
  7. Select a location close to you from the available options.
  8. Leave all the other options as their defaults and select Review + create, followed by Create.
  9. Wait for the deployment to complete. We now have a storage account that we’ll use in our processing to store input and output files. We’ll associate this storage account with our Batch account shortly.

Create new Batch Account

In order to create Batch workloads, we need to create an account within the Batch service.

  1. In the left navigation bar, select Create a resource.
  2. In the Search the Marketplace search box type batch, then select Batch Service from the list.
  3. Select Create to open the New Batch account form.batch-service
  4. Select an existing resource group, or create a new one for the resource we are adding in this module. To simplify cleanup once you have finished with this module, we recommend creating a new resource group. Note the name of the resource group you are using – it will be needed throughout these exercises.
  5. In the Account account name, enter a unique name. For example, you could enter cutifypets<date><your initials>.
  6. Select the link called Select a storage account, and in the panel that opens select the storage account your created earlier.
  7. Leaving all the other options as their defaults, select Review + create.
  8. Select Create.

    1 batch service

  9. Wait for the deployment to complete.
  10. On the Your deployment is complete screen, select the link to the Batch account, as shown in the following screenshot.

Create an application package containing ffmpeg

For our scenario, we’ve decided to enlist the help of FFmpeg to do our video conversion. FFmpeg is a powerful open-source multimedia framework that can, among many other things, decode, encode and transcode multimedia files. it’s a great choice for making website animated GIFs from our pet videos. To use the framework, we’ll add it as an application package to our Batch account. First we need to download a copy from the official FFmpeg site so we can then upload it into our Batch account.

  1. Open a new tab in your browser, and navigate to https://ffmpeg.zeranoe.com/builds/win64/static/ffmpeg-3.4-win64-static.zip.
  2. Save the zip file locally.
  3. Back in the Batch account UI in the portal, select Applications under the Features section of the sidebar, and then select Add to open up the New application configuration form.add-application-to-batch
  4. In Application id type ffmpeg.
  5. In Version type 3.4.
  6. In Application package, select the folder icon to the right.
  7. Navigate to the folder containing ffmpeg-3.4-win64-static.zip that you downloaded, and select Open.
  8. Select Submit to upload the app to our Batch account. This step can take a few moments, so wait for it to complete.
  9. Leave the Azure portal open for the next exercise.