1

How can I connect to SQL database hosted on Microsoft Azure without having credentials in plain text in my .asp files or config files in VBScript?

I want to have the database connection string stored in Azure Key Vault, and have the web app access the key vault to get the connection string and then connect to the database.

I have looked at a lot of Microsoft documentations but they are all in C#. My web app is all in VBScript and .asp files and I don't want to spend the time rebuilding the whole web app to ASP.NET/.aspx

Thank you

Sunny Yu
  • 13
  • 3

2 Answers2

0

You don't need Azure Key Vault in this case.

What you can do is to create a new App Setting in App Settings of Azure Web App, and make its value to be the connection string of your database. This will create an environment variable and you can access it with VBScript. This post shows how to access an environment variable with VBScript.

Chun Liu
  • 903
  • 5
  • 11
  • Thank you for the reply! However, I have a followup question/concern. I suppose environment variables aren't exposed to the client users correct? In other words, there is no way for a person to obtain the values of the environment variables, right? Thank you – Sunny Yu Nov 11 '18 at 21:37
  • Environment variables are the settings on the servers of your web app. It can only be accessed by the process or users that are on the servers. Your web app users won't be able to access it if you don't expose it via your web app. [Environment variable](https://en.wikipedia.org/wiki/Environment_variable) – Chun Liu Nov 12 '18 at 01:31
  • How can I access the variables that are set under Azure Application Settings in VBScript? Like the variables under Application Settings and Connection Strings. It didn't work with the WScript.Shell object from the post you gave – Sunny Yu Nov 13 '18 at 18:32
0

I found a way!

If I want to use the environment variables set under App Settings:

Set objWSH =  CreateObject("WScript.Shell")
Set objUserVariables = objWSH.Environment("Process") 
Response.Write(objUserVariables("APPSETTING_testAppSet"))

the prefix APPSETTING_ will be different if the variable is stored under Connection String

One other way I was able to use is to store the DB connection string in the Azure Key Vault. And then use OAuth access token to access Azure Key Vault. In this method, you have to send a POST request to Azure with ClientID and ClientSecret in the request body, then you will get an access token from the HTTP response. After that, send a GET request to the Key Vault endpoint with the access token in the request header. Then you will get the value of the key vault secret from the HTTP response.

Another way to do it is to use the MSI_ENDPOINT and MSI_SECRET and send the HTTP request to get the access token. And with that access token, you can access a key vault secret as well (you have to make sure that the Key Vault Access Policy is setup correctly).

Sunny Yu
  • 13
  • 3