In this post I would like to demonstrate the usage of Certificate based Authentication from a deployed App Service in Azure & thereby accessing Azure Key Vault.
Control Flow
Following picture depicts the entire Control Flow.
Follow the steps for Certificate creation: LINK 1
- Create Certificate
- Export to .CER format
- Export to .PFX format
Following are the App Service & App Registration activities LINK 2
- Create App Service
- Associate the .PFX Certificate
- Create App Registration
- Associate the .CER Certificate
Following are the Key Vault Activities LINK 3
- Create Key Vault
- Create Secret
- Provide necessary permissions to the App Registration
Create the Code LINK 4
- Create Web API Project
- Load the certificate
- Access the Key Vault
- Deploy the Application
Test the application
- Access the URL https://jp-app-svc.azurewebsites.net/keyvault
- Validate the Secret
Note This is a real-world scenario & hence steps & complexities are high.
Certificate vs Password
Certificate based Authentication is more secured than Password because:
- Certificate is difficult to copy, re-generate & install – hence more security
- Certificate based Authentication enforces that the Token is only provided to Certificate holder
- Password can be copied easily & played back – hence less security
Common Errors
- Forbidden – Add necessary permission for App Registration in the Key Vault
- Not Found – This should be Key Vault Secret Name is invalid
Contact
For any information OR consulting please contact me through Linked-in.
References
https://docs.microsoft.com/en-us/azure/key-vault/key-vault-group-permissions-for-apps