Azure Key Vault Authentication

When I first started developing this blog, I was experimenting with Azure B2C for authentication.  I was able to get it to work, but it was overly complicated for what I actually needed.  As I was the only person that was going to be writing posts and logging in I didnt need all the overhead that comes with the B2C authentication.  Additionally I didnt want a database solution since I am using Azure Table Storage for this blog.  I also didnt want to implement Identity for table storage, again, way more than what I needed.  So I started looking at other options.  I eventually came across cookie authentication with a hard coded username/password in the web.config.  At first blush, this would solve my problem.  It was a light weight way to authenticate myself, and it didnt require a bunch of stuff to make it work.  My big issue with it was the hard coded nature of storing the username and password, and the fact that it was in the config file in plain text.  

While talking with a co-worker about my dilemma, and he suggested using the Azure Key Vault.  For those that arent aware, Azure Key Vault provides a secure way to store keys and small secrets.  The values are stored encrypted as key value pairs.  You can generate certificates and hardware storage is also available.  After a little thought,  I decided this was the solution.  Key Vault would store my username and password, all I needed to write a service to access it and then I can finish off with cookie authentication.  

So first up, the Key Vault Service.  Microsoft provides two thing that make this easy to work with.  The first is the Connected Services built into Visual Studio.  This allows you to connect to you Azure Account and use the services that are there.  In this case we are using the Key Vault Service.  I am not going to go into detail on how to setup the Key Vault or the connected service, you can find those detail here.  The second thing that Microsoft gives us are some nice classes to use in order to work with the Azure Platform, in this case Key Vault.  You will need to install Microsoft.Azure.KeyVault and Microsoft.Azure.Services.AppAuthentication from nuget.