Connect to APIView app config using managed identity (#9731)

praveenkuttappan · web-flow · commit 25226b74c996 · 2025-01-29T15:15:48.000-05:00
* Connect to APIView app config using managed identity
diff --git a/src/dotnet/APIView/APIViewWeb/CONTRIBUTING.md b/src/dotnet/APIView/APIViewWeb/CONTRIBUTING.md
@@ -118,20 +118,21 @@ Following configuration is required to connect local debug instance to Azure res
     "ApiKey": "",
     "PYTHONEXECUTABLEPATH": "<Full path to python executable>",
     "BackgroundTaskDisabled": true,
-    "APPCONFIG": "<connection string to app configuration>"
+    "APPCONFIG_URL": "https://<your-app-config-name>.azconfig.io"
   }
 
 Note: User requires following role based access to storage account and cosmos DB for local debugging and make sure that user is logged in to Azure from Visual studio to access Azure resources.
 
 - `Storage Blob Contributor` to access storage account
 - `Cosmos DB Built-in Data Contributor` to access Cosmos DB
 
-### Role based access requierd for deployed instances
+### Role based access required for deployed instances
 
 APIView Azure web app instance requires role based access to storage and cosmos DB instances to access using managed identity. Following are the required RBAC roles.
 
 - `Storage Blob Contributor` to access storage account
 - `Cosmos DB Built-in Data Contributor` to access Cosmos DB
+- `App Configuration Data Reader` to access App configuration.
 
 ### Compile TypeScript code
 
diff --git a/src/dotnet/APIView/APIViewWeb/Program.cs b/src/dotnet/APIView/APIViewWeb/Program.cs
@@ -1,8 +1,10 @@
+using System;
 using Azure.Identity;
 using Microsoft.AspNetCore;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Server.Kestrel.Core;
 using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.Configuration.AzureAppConfiguration;
 
 namespace APIViewWeb
 {
@@ -19,11 +21,15 @@ public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
                 {
                     config.AddEnvironmentVariables(prefix: "APIVIEW_");                  
                     IConfiguration settings = config.Build();
-                    string connectionString = settings.GetValue<string>("APPCONFIG");
+                    string appConfigUrl = settings.GetValue<string>("APPCONFIG_URL");
+                    if(string.IsNullOrEmpty(appConfigUrl))
+                    {
+                        throw new InvalidOperationException("App Configuration URL is not set in APIView environment variable. This should be set using environment name APIVIEW_APPCONFIG_URL and value 'https://<your-app-config-name>.azconfig.io'");
+                    }
                     // Load configuration from Azure App Configuration
                     config.AddAzureAppConfiguration(options =>
                     {
-                        options.Connect(connectionString).ConfigureKeyVault(kv => 
+                        options.Connect(new Uri(appConfigUrl), new DefaultAzureCredential()).ConfigureKeyVault(kv => 
                         { 
                             kv.SetCredential(new DefaultAzureCredential());
                         });
