how to use appsettings or azure keyvault in imageprocessorsecurityconfig - Using Umbraco and getting started

Go to solution

Press Ctrl / CMD + C to copy this to your clipboard.

Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

Jonathan Kirkegaard 2 posts 92 karma points

Nov 10, 2021 @ 15:04

How to use appsettings or azure keyvault in Imageprocessor/security.config?

Hi,

I'm integrating Azure Blob storage in an umbraco, which has been pretty smooth. The solution already uses Azure Keyvault.

It's running on the .net framework in Umbraco version 8+.

I'd like my container name to be read from app settings but how can this be achieve? Right now I have my storageAccount hardcoded in

"config/imageprocessor/security.config"

My entire security.config looks like this:

<?xml version="1.0" encoding="utf-8"?>
<security>
  <services>
    <!--<service name="LocalFileImageService" type="ImageProcessor.Web.Services.LocalFileImageService, ImageProcessor.Web" />-->
    <service prefix="media/" name="CloudImageService" type="ImageProcessor.Web.Services.CloudImageService, ImageProcessor.Web">
      <settings>
        <setting key="Container" value="[storageAccount]"/>
        <setting key="MaxBytes" value="8194304"/>
        <setting key="Timeout" value="30000"/>
        <setting key="Host" value="https://[storageAccount].blob.core.windows.net/"/>
      </settings>
    </service>
    <service prefix="remote.axd" name="RemoteImageService" type="ImageProcessor.Web.Services.RemoteImageService, ImageProcessor.Web">
      <settings>
        <setting key="MaxBytes" value="4194304" />
        <setting key="Timeout" value="3000" />
        <setting key="Protocol" value="http" />
      </settings>
      <whitelist>
        <!--<add url="https://[your Azure CDN].vo.msecnd.net/" />-->
        <add url="https://[storageAccount].blob.core.windows.net/" />
        <add url="http://localhost" />
        <add url="http://127.0.0.1" />
      </whitelist>
    </service>
  </services>
</security>

Is this possible? :)

Thanks a lot!

Copy Link

Jonathan Kirkegaard 2 posts 92 karma points

Nov 11, 2021 @ 07:04

100

I have figured it out. It is actually documented in here

https://our.umbraco.com/Documentation/Extending/FileSystemProviders/Azure-Blob-Storage/index-v8

However there seems to be a styling bug, which I found quite amusing :)

By inspecting the HTML I was able to see the appsetting keys.

I still wonder if it is possible to add whitelists from appsetting as well or one should just resort to whitelisting the full azure domain

This works because the imageprocessor parses the url from right to left - so any subdomain is automatically valid. Arguably it would be a little more secure to narrow it down to a single storage container, but I'd rather not have these names float around in my security.config file :)

Copy Link
is working on a reply...

Please Sign in or register to post replies