Quote of the Day

more Quotes

Categories

Recent Posts

Top Posts

Buy me a coffee

Tag Archives for " X.509 certificate "

Access azure key vault from an ASP.NET core app on IIS using X.509 certificate

Published August 31, 2019 in .NET core , ASP.NET core , Azure , Azure Active Directory , IIS - 0 Comments

In this post, I go over in more details the steps of retrieving secrets from an azure key vault using client id and secret. This approach is one of the three ways to authenticate a Windows virtual machine against azure key vault. It is suitable if your app runs on a virtual machine which is not an azure resource and so cannot use azure managed identity.

At the high level, the process involves these steps:

  • Register the application in azure.
  • Generate and add a X.509 certificate into a certificate store.
  • Grant IIS_IUSRS user permission to access the private key of the certificate.
  • Upload the public key of the certificate to the app’s registration.
  • Grant the app access to the key vault.
  • Add codes to Startup file to authenticate against AD using the certificate.

You can find the sample project for this post here.

Continue reading

Tags: Azure Key Vault , GetPrivateKey , New-SelfSignedCertificate , ssl , X.509 certificate

Three ways of authenticating a Windows virtual machine against Azure Key Vault.

Published April 13, 2019 in .NET core , ASP.NET core , Azure , security - 2 Comments

In this post, I share three ways of gaining a Windows virtual machine access to a key vault. The machine can be an azure virtual machine or a non-azure machine such as your personal computer or a on premise server.

Continue reading

Tags: app id/secret , Azure Key Vault , Managed identity , system-assigned identity , user-assigned identity , X.509 certificate