EPiServer in Azure with managed identity

Vote:
 

I'm trying to solve a customer case where they would like no sensitive data stored in the file system. They ideally would like to use Managed Identities in Azure for all connections between resources e.g. SQL access. I've tried to dig into the EPiServer internals to check if this is possible at all, but it seems like a task that requires changes to many internal classes.

Is there a way to accomplish this without overriding all the DBFactory/ConnectionContext internals in EPiServer? What I need is to have an SQLConnection where I can place the access token - but down low EPiServer mainly use DBConnection and assue I can cast it to SQLConnection I counted at least 5 different classes that needs to be overriden to solve this issue.

If not, is there a plan for the future to make this work? 

#229505
Oct 16, 2020 12:37
Vote:
 

Hi Vegard

As you state, using Managed Identity for SQL connections might be hard to implement in Episerver. Especially if it is a Commerce site.

As an alternative, you can just remove the regular connection strings from your config files, and define them in the Azure Web App configuration. This way no passwords are stored in the file system or version control system.

#229560
Oct 18, 2020 11:38
Vote:
 

Thanks. I am aware of these options, but the customer really wants to use managed identity. Our interim solution is to store the connection strings in Key Vault and set them on the App Service configuration from the release pipeline. The downside to this is that the few people who can access the App Service, also can read the connection string secrets.

#229584
Oct 19, 2020 6:01
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.