private static IConfiguration BuildAppConfiguration(IConfigurationBuilder builder, WebHostBuilderContext hostingContext)
{
var environment = hostingContext.HostingEnvironment;
IConfiguration configuration = builder.Build();
if (environment.IsDevelopment())
{
builder.AddUserSecrets(Assembly.Load(new AssemblyName(environment.ApplicationName)), optional: true);
}
// TODO : Work out why the instrumentation key below is ignored, the correct instrumentation key seems to be only
// set if it is present in the appsettings.json or is passed to the overloaded extensions method on IWebHostBuilder called UseApplicationInsights.
var applicationInsightsSettings = new ApplicationInsightsSettings();
configuration.BindOrThrow("ApplicationInsights", applicationInsightsSettings);
builder.AddApplicationInsightsSettings(developerMode: environment.IsDevelopment(), instrumentationKey: applicationInsightsSettings.InstrumentationKey);
KeyVaultSettings keyVaultSettings = new KeyVaultSettings();
configuration.BindOrThrow("KeyVaultSettings", keyVaultSettings);
builder.AddAzureKeyVault(
keyVaultSettings.DnsName,
keyVaultSettings.AppUserClientId,
keyVaultSettings.AppUserClientSecret);
return(configuration);
}
public void Run(IConfigurationBuilder configBuilder, IServiceCollection services, IConfigurationRoot localConfig)
{
if (env.IsEnvironment("Development"))
{
configBuilder.AddApplicationInsightsSettings();
}
}
/// <summary>
/// Configures the application.
/// </summary>
/// <param name="builder">The <see cref="IConfigurationBuilder"/> to configure.</param>
/// <param name="context">The <see cref="HostBuilderContext"/> to use.</param>
/// <returns>
/// The <see cref="IConfigurationBuilder"/> passed as the value of <paramref name="builder"/>.
/// </returns>
public static IConfigurationBuilder ConfigureApplication(this IConfigurationBuilder builder, HostBuilderContext context)
{
builder.AddApplicationInsightsSettings(developerMode: context.HostingEnvironment.IsDevelopment());
// Build the configuration so far
IConfiguration config = builder.Build();
// Get the settings for Azure Key Vault
string vault = config["AzureKeyVault:Uri"];
string clientId = config["AzureKeyVault:ClientId"];
string clientSecret = config["AzureKeyVault:ClientSecret"];
// Can Managed Service Identity be used instead of direct Key Vault integration?
bool canUseMsi =
!string.Equals(config["WEBSITE_DISABLE_MSI"], bool.TrueString, StringComparison.OrdinalIgnoreCase) &&
!string.IsNullOrEmpty(config["MSI_ENDPOINT"]) &&
!string.IsNullOrEmpty(config["MSI_SECRET"]);
bool canUseKeyVault =
!string.IsNullOrEmpty(vault) &&
(canUseMsi || (!string.IsNullOrEmpty(clientId) && !string.IsNullOrEmpty(clientSecret)));
if (canUseKeyVault)
{
var manager = new AzureEnvironmentSecretManager(config.AzureEnvironment());
if (canUseMsi)
{
#pragma warning disable CA2000
var provider = new AzureServiceTokenProvider();
var client = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(provider.KeyVaultTokenCallback));
builder.AddAzureKeyVault(vault, client, manager);
#pragma warning restore CA2000
}
else
{
builder.AddAzureKeyVault(
vault,
clientId,
clientSecret,
manager);
}
}
return(builder);
}
/// <summary>
/// Configures the application.
/// </summary>
/// <param name="builder">The <see cref="IConfigurationBuilder"/> to configure.</param>
/// <param name="context">The <see cref="HostBuilderContext"/> to use.</param>
/// <returns>
/// The <see cref="IConfigurationBuilder"/> passed as the value of <paramref name="builder"/>.
/// </returns>
public static IConfigurationBuilder ConfigureApplication(this IConfigurationBuilder builder, HostBuilderContext context)
{
builder.AddApplicationInsightsSettings(developerMode: context.HostingEnvironment.IsDevelopment());
// Build the configuration so far
IConfiguration config = builder.Build();
// Get the settings for Azure Key Vault
string vault = config["AzureKeyVault:Uri"];
string clientId = config["AzureKeyVault:ClientId"];
string clientSecret = config["AzureKeyVault:ClientSecret"];
string tenantId = config["AzureKeyVault:TenantId"];
// Can Managed Service Identity be used instead of direct Key Vault integration?
bool canUseMsi =
!string.Equals(config["WEBSITE_DISABLE_MSI"], bool.TrueString, StringComparison.OrdinalIgnoreCase) &&
!string.IsNullOrEmpty(config["MSI_ENDPOINT"]) &&
!string.IsNullOrEmpty(config["MSI_SECRET"]);
bool canUseKeyVault =
!string.IsNullOrEmpty(vault) &&
(canUseMsi || (!string.IsNullOrEmpty(clientId) && !string.IsNullOrEmpty(clientSecret) && !string.IsNullOrEmpty(tenantId)));
if (canUseKeyVault)
{
var manager = new AzureEnvironmentSecretManager(config.AzureEnvironment());
TokenCredential credential;
if (canUseMsi)
{
credential = new ManagedIdentityCredential();
}
else
{
credential = new ClientSecretCredential(tenantId, clientId, clientSecret);
}
builder.AddAzureKeyVault(new Uri(vault), credential, manager);
}
return(builder);
}
public static IConfigurationBuilder AddApplicationInsightsSettings(this IConfigurationBuilder configurationSourceRoot, bool?developerMode = null, string endpointAddress = null, string instrumentationKey = null) => configurationSourceRoot.AddApplicationInsightsSettings(connectionString: null, developerMode: developerMode, endpointAddress: endpointAddress, instrumentationKey: instrumentationKey);