In ASP .NET Core Web Applications I have noticed that the connection string can be put into apsettings.json or secret.json file as follows:
appsettings.json
{
"ConnectionStrings": {
"DBConnectionString": "DefaultEndpointsProtocol=https;AccountName=name;AccountKey=the_key;EndpointSuffix=core.windows.net"
}
}
secret.json
{
"ConnectionStrings:DBConnectionString": "DefaultEndpointsProtocol=https;AccountName=name;AccountKey=the_key;EndpointSuffix=core.windows.net"
}
And, it is used in the startup.cs.
public class startup
{
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext<AppDBContext>(options =>
options.UseSqlServer(
Configuration.GetConnectionString("DBConnectionString")));
}
}
Problem:
In the same way the following is a how the connection string is passed in one of the controllers in the ASP .NET Core web Application:
BlogUploadController.cs
AccountName = "MyAccount";
AccountKey = "DGKC5745dfdG_+dkfkld";
string UserConnectionString = string.Format("DefaultEndpointsProtocol=https;AccountName=name;AccountKey=DGAKSECCDI654D_FGd;EndpointSuffix=core.windows.net", AccountName, AccountKey);
You can see that I have put the "connection string", and the "AccountKey" directly in the code (which is vulnarable for security threats). Can anybody how to put in the apsettings.json or Secret.json like I have put the database connection string in the above exmple.
Thanks in advance.
Adding things to the
appsettings.jsonis a simple as editing the JSON. Take the customappsettings.jsonbelow:In order to get the custom values from the above, you can use the Configuration variable in the
setup.csfile in APS.NET Core.To get a value such as
Config.Key, you separate the names with a colon:, such as this:Do be aware that using
appsettings.jsonto hold secrets is a bad idea, asappsettings.jsonis usually a public document and not a secrets file.