Quote of the Day

more Quotes

Categories

Recent Posts

Top Posts

Get notified of new posts

Buy me coffee

  • Home>
  • New-SelfSignedCertificate
Tag Archives for " New-SelfSignedCertificate "

Access azure key vault from an ASP.NET core app on IIS using X.509 certificate

Published August 31, 2019 in .NET core , ASP.NET core , Azure , Azure Active Directory , IIS - 0 Comments

In this post, I go over in more details the steps of retrieving secrets from an azure key vault using client id and secret. This approach is one of the three ways to authenticate a Windows virtual machine against azure key vault. It is suitable if your app runs on a virtual machine which is not an azure resource and so cannot use azure managed identity.

At the high level, the process involves these steps:

  • Register the application in azure.
  • Generate and add a X.509 certificate into a certificate store.
  • Grant IIS_IUSRS user permission to access the private key of the certificate.
  • Upload the public key of the certificate to the app’s registration.
  • Grant the app access to the key vault.
  • Add codes to Startup file to authenticate against AD using the certificate.

You can find the sample project for this post here.

Continue reading

Tags: Azure Key Vault , GetPrivateKey , New-SelfSignedCertificate , ssl , X.509 certificate