I was following some instructions on how to develop ASP.NET MVC applications, and I am adding the ability to log in using Facebook or Google.

I was reading this document: http://www.asp.net/identity/overview/features-api/best-practices-for-deploying-passwords-and-other-sensitive-data-to-aspnet-and-azure and I modified my Web.config file like so:

<appSettings file="..\..\AppSettingsSecrets.config">
  <add key="webpages:Version" value="3.0.0.0" />
  <add key="webpages:Enabled" value="false" />
  <add key="ClientValidationEnabled" value="true" />
  <add key="UnobtrusiveJavaScriptEnabled" value="true" />  
</appSettings>

which enabled me to store my actual secrets in a separate file (which is not inside the solution directory, as suggested in the page I linked) like so:

<appSettings>
   <add key="GoogClientID" value="XXXXXXXXXXXXXXXXX.apps.googleusercontent.com" />
   <add key="GoogClientSecret" value="XXXXXXXXXXXXXXXXXXXXX" />

   <add key="FbAppID" value="XXXXXXXXXXXXXXXXX" />
   <add key="FbAppSecret" value="XXXXXXXXXXXXXXXXXX" />
</appSettings>

I couldn't find any clear documentation on how to use this for Startup.Auth.cs, so I came up with the code below - which may or may not be right. When I debugged this locally, it seemed to work fine. However, when I try to publish it to azure, it seems as though

        //load from Web.config, to get app secrets.
        //These are stored in an external file so as to not be included in the source.
        System.Configuration.Configuration WebConfigForSecrets = System.Web.Configuration.WebConfigurationManager.OpenWebConfiguration("~/");

        //google
        System.Configuration.KeyValueConfigurationElement GoogClientID = WebConfigForSecrets.AppSettings.Settings["GoogClientID"];
        System.Configuration.KeyValueConfigurationElement GoogClientSecret = WebConfigForSecrets.AppSettings.Settings["GoogClientSecret"];
        app.UseGoogleAuthentication(
            clientId: GoogClientID.ToString(),
            clientSecret: GoogClientSecret.ToString());

        //facebook
        System.Configuration.KeyValueConfigurationElement FbAppID = WebConfigForSecrets.AppSettings.Settings["FbAppID"];
        System.Configuration.KeyValueConfigurationElement FbAppSecret = WebConfigForSecrets.AppSettings.Settings["FbAppSecret"];
        app.UseFacebookAuthentication(
            appId: FbAppID.ToString(),
            appSecret: FbAppSecret.ToString());


        ////this method doesn't generate errors when running on the server, but it doesn't display the log in services since
        ////load from Web.config, to get app secrets.
        ////These are stored in an external file so as to not be included in the source.
        //System.Configuration.Configuration WebConfigForSecrets = System.Web.Configuration.WebConfigurationManager.OpenWebConfiguration("~/");
        //if (WebConfigForSecrets.AppSettings.Settings.Count > 0)
        //{

        //    //google
        //    System.Configuration.KeyValueConfigurationElement GoogClientID = WebConfigForSecrets.AppSettings.Settings["GoogClientID"];
        //    if (GoogClientID != null)
        //    {
        //        System.Configuration.KeyValueConfigurationElement GoogClientSecret = WebConfigForSecrets.AppSettings.Settings["GoogClientSecret"];
        //        if (GoogClientSecret != null)
        //        {
        //            //never reached when hosted on azure               
        //            app.UseGoogleAuthentication(
        //                clientId: GoogClientID.ToString(),
        //                clientSecret: GoogClientSecret.ToString());
        //        }
        //    }

        //    //facebook
        //    System.Configuration.KeyValueConfigurationElement FbAppID = WebConfigForSecrets.AppSettings.Settings["FbAppID"];
        //    if (FbAppID != null)
        //    {
        //        System.Configuration.KeyValueConfigurationElement FbAppSecret = WebConfigForSecrets.AppSettings.Settings["FbAppSecret"];
        //        if (FbAppSecret != null)
        //        {
        //            //never reached when hosted on azure     
        //            app.UseFacebookAuthentication(
        //               appId: FbAppID.ToString(),
        //               appSecret: FbAppSecret.ToString());
        //        }
        //    }

        //}





        //These are the samples provided by visual studio
        // Uncomment the following lines to enable logging in with third party login providers
        //app.UseMicrosoftAccountAuthentication(
        //    clientId: "",
        //    clientSecret: "");

        //app.UseTwitterAuthentication(
        //   consumerKey: "",
        //   consumerSecret: "");

        //app.UseFacebookAuthentication(
        //   appId: "",
        //   appSecret: "");

        //app.UseGoogleAuthentication(
        //    clientId: "",
        //    clientSecret: "");

I tried to add the same key/value pairs to the "Application Settings" > "App settings" menu in the azure portal for my web application. It still acts as if it is not finding them.

Does anyone know how to do this / what the best practice is when it comes to this?

Related posts

Recent Viewed