Add ASP.NET Core section to demo DI #21740
Conversation
lilyjma
requested review from
arv100kri,
bleroy,
brjohnstmsft,
Mohit-Chakraborty and
tg-msft
as code owners
ghost
added
the
| { | ||
| "Search": { | ||
| "endpoint": "https://<resource-name>.search.windows.net", | ||
| "credential": { "key": "resource key" }, |
There was a problem hiding this comment.
Is there a way to achieve this without hardcoding the API key in a config file? Or is "resource key" the name of an environment variable...?
There was a problem hiding this comment.
It's not the name of the environment variable. It is the key of the resource. @pakrym is the way to do what Bruce is asking?
There was a problem hiding this comment.
The IConfiguration system uses many sources of configuration, in ASP.NET Core one of them is environment variables. You can define the same key as SEARCH__CREDENTIAL__KEY="..." environment variable (the __ is used as a section separator). https://docs.microsoft.com/en-us/aspnet/core/fundamentals/configuration/?view=aspnetcore-5.0
There was a problem hiding this comment.
Thanks for the context. Can we clarify the example to make it clear that it follows that pattern? We don't want to encourage customers to hard-code secrets in config.
There was a problem hiding this comment.
I wonder if this feedback should apply to the other libraries as well, i.e. should we apply this to the Service Bus readme also?
There was a problem hiding this comment.
@joshfree I'm adding this to all the libraries that have the extension method for DI (some libraries don't have it based on my investigation. I'll create issues for them.) I've added the section for SB already :)
There was a problem hiding this comment.
But the Service Bus readme uses the connection string in the config. In this Readme, it sounds like we are going to be updating it to not include secrets in the config. That is what I am wondering about.
updated where secrets should be stored
removed en-us in link
|
@pakrym and @brjohnstmsft: sorry for the delay. I've made the changes. Please take a look. |
| } | ||
| } | ||
| ``` | ||
| When running in production, it's preferable to use [environment variables](https://docs.microsoft.com/aspnet/core/security/app-secrets?view=aspnetcore-5.0&tabs=windows#environment-variables): |
There was a problem hiding this comment.
We might want to add this information to docs.microsoft.com/en-us/dotnet/azure/sdk/dependency-injection#store-configuration-separately-from-code as well.
| } | ||
| } | ||
| ``` | ||
| You'll also need to provide your resource key to authenticate the client, but you shouldn't be putting that information in the configuration. Instead, when in development, use [User-Secrets](https://docs.microsoft.com/aspnet/core/security/app-secrets?view=aspnetcore-5.0&tabs=windows#how-the-secret-manager-tool-works). Add the following to `secrets.json`: |
There was a problem hiding this comment.
Is "resource key" common terminology across the Azure SDK? In Search REST API docs, we call these "API keys".
Context:
Since Dependency Injection is a key workflow for .NET developers and we've seen requests from customers (twitter, stackoverflow) requesting for DI related content for the new SDKs, we're adding a section about DI for ASP.NET Core in the readme. This has been discussed various folks (David Fowler, David Pine, Scott Addie etc.), and they think it'll be helpful to users.
cc @maggiepint