Figure 3 Insurance Policies List on the Contoso Insurance Admin Portal Landing Page
App Service Creation The admin and customer portal appli- cations are deployed as Azure App Service Web apps using the built-in tools in Visual Studio 2017. Both Web apps are hosted inside a sin- gle App Service Plan.
During development, the ASP.NETCoreMVCapplications can be deployed locally using Visual Studio 2017. When the PowerShell scripts I discussed ear- lier are run, two digital certificates
BoththeadminandcustomerportalsarebuiltusingASP.NET Core 2.0, which supports dependency injection to add framework services—like Entity Framework integration and custom service modules to access the Azure Key Vault APIs—to the application in the start-up class.
Visual Studio 2017 project templates provide turnkey integration with Azure AD and Azure AD B2C for user sign-in and sign-up experiences to secure access to the portal applications.
The connection string for the Azure SQL Database is stored in Azure Key Vault and is retrieved by the portal Web application at start up.
The code snippet in Figure 2 shows how dependency injection in ASP.NET 2.0 Core is added for Entity Framework Azure AD authentication and for the access provider, Azure Key Vault Ser- vice API, access and to read application configuration data from the appsettings.json file.
The Azure Key Vault configuration provider for ASP.NET Core 2.0 (bit.ly/2DfOXeq), available as a NuGet package, provides a turnkey implementation to retrieve all secrets from Azure Key Vault at application start. However, this feature is not used in the solution to avoid loading all the business data unnecessarily on application start, that is, the insurance policy secrets, along with other secrets that application requires, such as the connection string to access the Azure SQL Database. This feature could be used when one key vault instance is used to store all connec- tion strings required by the application, and a separate key vault instance is used for the business data.
Figure 4 Different Versions of the Insurance Policy Data Stored as a Secret, as Seen on the Azure Portal msdnmagazine.com
March 2018 49
aregenerated,oneforeachportalapplication.The.pfxfilesare added to the current user’s certificate store. These are embedded in the requests that the ASP.NET MVC applications make to access the Azure Key Vault APIs. The thumbprints of these certificates are added to the appsettings.json file in the Visual Studio 2017 solution of the respective ASP.NET MVC applications.
When deploying the application to Azure App Service, you must: • Upload both.pfx files to the Azure App Service instance
from the Azure Portal.
• Create the entry “WEBSITE_LOAD_CERTIFICATES” in the
App Settings blades of both the admin and customer portal Web apps in the Azure Portal, and add the thumbprint of the respective .pfx file.
Refer to the documentation at bit.ly/2mVEKOq for more details on the steps to be performed.