public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureWebHostDefaults(webBuilder =>
webBuilder.ConfigureAppConfiguration((hostingContext, config) =>
{
var originalConfig = config.Build();
var azureAppConfigurationConnection = originalConfig.GetConnectionString("AppConfig");
var env = hostingContext.HostingEnvironment;
var configurationRoot = config.Sources.ElementAt(0);
config.Sources.Clear();
config.Add(configurationRoot);
config.AddJsonFile("appsettings.json",
optional: false,
reloadOnChange: true
);
config.AddJsonFile($"appsettings.{env.EnvironmentName}.json",
optional: true,
reloadOnChange: true
);
config.AddAzureAppConfiguration(options =>
{
options.Connect(azureAppConfigurationConnection)
.ConfigureKeyVault(options =>
{
options.SetCredential(AzureCredentialProvider.GetAzureCredential(env, originalConfig));
});
});
if (env.IsDevelopment())
{
config.AddUserSecrets(Assembly.GetExecutingAssembly());
}
config.AddEnvironmentVariables();
config.AddCommandLine(args);
}).UseStartup <Startup>());
private void ConfigureDataProtection(IServiceCollection services)
{
if (environment.IsProduction() == false)
{
return;
}
var azureCredential = AzureCredentialProvider.GetAzureCredential(environment, configuration);
var client = new BlobServiceClient(
configuration.GetValue <Uri>("DexStorageContainer:BaseUrl"),
azureCredential
);
var blobContainerName = configuration.GetValue <string>("DexStorageContainer:DexIdentityBlobContainer:ContainerName");
var blobContainerClient = client.GetBlobContainerClient(blobContainerName);
var blobName = configuration.GetValue <string>("DexStorageContainer:DexIdentityBlobContainer:KeysBlobName");
var blobClient = blobContainerClient.GetBlobClient(blobName);
services.AddDataProtection()
.PersistKeysToAzureBlobStorage(blobClient)
.ProtectKeysWithAzureKeyVault(configuration.GetValue <Uri>("AspNetCoreDataProtectionKeyUri"), azureCredential);
}