We have created a web app and it stores the user name and password for user authentication in database right now. So those credentials can I stored in keyvault for more secure instead of storing in database. Or else can you please tell me the right place to store those details for authorization in very secure manner? P.s : we don't like to authorize the user by Oauth providers
Thanks in advance.
On
Take a look at MSI (Machine Services Identity). AWS has been doing this for some time under a different acronym. I've just started using it in Azure and it works really well and keeps everything secure, it looks like it should ready for web apps now as well.
As far as I know, we could store the username and password to the keyvault.
You could store the user name as the key, the password as the vault.
In the web app, you could use AD auth to connect to the azure keyvault. Then you could install Microsoft.Azure.KeyVault package and use KeyVaultClient class to CURD the key vault.
More details about how to use it in the C#, you could refer to this article.
But, I don't suggest you use key vault to store the user name and password.
Azure keyvault is used to store the vault, it will provide a URL to access the vault. So that your application will will not see the customers’ vault.
But in your web application, the web app will still get the password from the key vault and compare the user name and password which the user typed in.
So, the main idea is keep your web application be security. Because, we could store the encoded user name and password to the database. So that if someone access the database, it still couldn't get the right information.
In my opinion, I suggest you could still use the database to store the username and password.
You could encode the user and password before store to the database like identity does. If user pass the auth, you could generate a token for user to access your web app.
Besides, if you use azure web app, the web app provide multiple auth to protect your web app. I suggest you could also try azure AD. More details, you could refer to this article.