Developing an e-Commerce Web App with Azure Key Vault and Azure App Service Authentication

Securing Sign-ins with Azure Key Vault and Azure Active Directory (AAD)

Question

You are developing an e-Commerce Web App.

You want to use Azure Key Vault to ensure that sign-ins to the e-Commerce Web App are secured by using Azure App Service authentication and Azure Active Directory (AAD)

What should you do on the e-Commerce Web App?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

C.

A managed identity from Azure Active Directory allows your app to easily access other AAD-protected resources such as Azure Key Vault.

https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity https://docs.microsoft.com/en-us/samples/azure-samples/app-service-msi-keyvault-dotnet/keyvault-msi-appservice-sample/

To ensure that sign-ins to the e-Commerce Web App are secured by using Azure App Service authentication and Azure Active Directory (AAD), you can use Azure Key Vault to store your application secrets such as authentication keys, connection strings, and other sensitive information. Azure Key Vault provides a secure and centralized storage for your application secrets and provides a way to access them securely from your application code.

To use Azure Key Vault in your e-Commerce Web App, you need to perform the following steps:

  1. Enable Managed Service Identity (MSI) for your App Service. MSI allows your App Service to authenticate with Azure services like Key Vault without storing any secrets or credentials in your code or configuration.

  2. Create an Azure AD service principal for your App Service. This service principal represents your App Service in Azure AD and provides the necessary permissions to access the Key Vault.

  3. Grant access to the Key Vault to the service principal. This step ensures that the service principal has the necessary permissions to access the secrets stored in the Key Vault.

  4. Retrieve the secrets from the Key Vault in your application code. You can use the Azure Key Vault SDKs or REST APIs to retrieve the secrets from the Key Vault.

Given the options, the correct answer is C. Enable Managed Service Identity (MSI). This is because enabling MSI allows your App Service to authenticate with Azure services like Key Vault without storing any secrets or credentials in your code or configuration. Option A, running the az keyvault secret command, is not a relevant step in this scenario. Option B, enabling Azure AD Connect, is not relevant as it is used to synchronize your on-premises identities with Azure AD. Option D, creating an Azure AD service principal, is only part of the solution and not the complete solution.