<\/span><\/h2>\nValdomos tapatyb\u0117s paslaugos<\/strong> \u201eAzure\u201c, kurie leid\u017eia autentifikuoti bet kuri\u0105 paslaug\u0105 ar program\u0105, nereikalaujant ai\u0161kiai tvarkyti kredencial\u0173. Tai taip pat suteikia j\u016bs\u0173 programos tapatyb\u0119, kad gal\u0117tum\u0117te saugiai pasiekti Azure i\u0161teklius. Tai pa\u0161alina poreik\u012f tvarkyti kredencialus programos kode.<\/span> <\/span><\/p>\n<\/span>Valdomos tapatyb\u0117s privalumai <\/strong><\/span><\/span><\/h3>\nPagrindiniai privalumai:<\/span> <\/span><\/p>\nTaip i\u0161vengiama kredencial\u0173 saugojimo j\u016bs\u0173 kode ir neleid\u017eiama atsitiktinai atskleisti.<\/span> <\/span><\/p>\n\u201eManaged Identity\u201c automati\u0161kai valdo ir kei\u010dia kredencialus, kad supaprastint\u0173 prieigos valdymo gyvavimo cikl\u0105.<\/span> <\/span><\/p>\nBet kuri \u201eAzure\u201c paslauga, palaikanti \u201eManaged Identity\u201c, gali b\u016bti lengvai integruota \u012f \u201eApp Service\u201c arba \u201eKey Vault\u201c ne\u012fdiegus pasirinktini\u0173 sprendim\u0173.<\/span> <\/span><\/p>\n<\/span>Valdomos tapatyb\u0117s tipai <\/strong><\/span><\/span><\/h3>\nAzure palaiko dviej\u0173 tip\u0173 valdomas tapatybes:<\/span> <\/span><\/p>\n\n- Sistema priskirta<\/span><\/b>: automati\u0161kai sukurta ir susieta su konkre\u010diu Azure \u0161altiniu.<\/span> <\/span><\/li>\n<\/ul>\n
\n- Vartotojo priskirta<\/span><\/b>: sukurtas atskirai ir gali b\u016bti bendrinamas keliuose \u0161altiniuose.<\/span> <\/span><\/li>\n<\/ul>\n
\u201eXavor\u201c \u0161iandien gali pad\u0117ti \u012fdiegti \u201eManaged Identity\u201c j\u016bs\u0173 \u201eAzure\u201c aplinkoje, kad i\u0161naudotum\u0117te \u0161iuos privalumus ir padidintum\u0117te program\u0173 saugum\u0105.<\/span> <\/span><\/p>\n<\/span>Kas yra \u201eAzure Key Vault\u201c?<\/span> <\/span><\/span><\/span><\/h2>\n\u201eAzure Key Vault\u201c yra \u201eMicrosoft Azure\u201c teikiama debesies paslauga, skirta saugiai saugoti ir tvarkyti paslaptis, \u0161ifravimo raktus ir sertifikatus. Jame numatyta:<\/span> <\/span><\/p>\nGalite naudoti \u201eKey Vault\u201c, kad saugiai saugotum\u0117te ir gautum\u0117te paslaptis (pvz., ry\u0161io eilutes, API raktus ar slapta\u017eod\u017eius). Paslaptys yra u\u017e\u0161ifruotos ramyb\u0117s b\u016bsenoje ir gabenant, o j\u016bs gaunate papildom\u0105 saugumo lyg\u012f.<\/span> <\/span><\/p>\nNaudodami Key Vault galite generuoti ir valdyti kriptografinius raktus. \u0160ie raktai gali palaikyti \u0161ifravimo, i\u0161\u0161ifravimo ar pasira\u0161ymo operacijas.<\/span> <\/span><\/p>\n\u201eKey Vault\u201c palaiko X.509 sertifikat\u0173 saugojim\u0105 ir valdym\u0105, o sertifikatus galite importuoti, kurti ir atnaujinti tiesiai i\u0161 paslaugos.<\/span> <\/span><\/p>\n\u201eKey Vault\u201c suteikia prieigos valdym\u0105, pagr\u012fst\u0105 tiksliu detalumu pagal politik\u0105 arba RBAC. Tai leid\u017eia vartotojams ir programoms suteikti konkre\u010dias prieigos teises.<\/span> <\/span><\/p>\n\u201eXavor\u201c gali pad\u0117ti integruoti \u201eKey Vault\u201c su \u201eManaged Identity\u201c; galite saugiai gauti paslaptis i\u0161 \u201eKey Vault\u201c, ne\u012fd\u0117dami slapt\u0173 duomen\u0173 \u012f program\u0105.<\/span> <\/span><\/p>\n<\/span>\u017dingsnis po \u017eingsnio saugumo didinimo vadovas<\/span> <\/span><\/span><\/span><\/h2>\n<\/span>1 veiksmas. \u012egalinkite \u201eAzure App Service\u201c valdom\u0105 tapatyb\u0119 <\/strong><\/span><\/span><\/h3>\n\n- Eikite \u012f \u201eAzure App Service\u201c Azure portale.<\/span> <\/span><\/li>\n
- Eikite \u012f <\/span>Tapatyb\u0117 skyri\u0173.<\/span> <\/span><\/li>\n
- \u012egalinti <\/span>Sistema priskirta valdom\u0105 tapatyb\u0119 ir i\u0161saugokite pakeitimus.<\/span> <\/span><\/li>\n<\/ol>\n
\n- Azure automati\u0161kai sukurs j\u016bs\u0173 programos tapatyb\u0119.<\/span> <\/span><\/li>\n<\/ul>\n
<\/span>2 veiksmas. Sukurkite ir sukonfig\u016bruokite \u201eAzure Key Vault\u201c. <\/strong><\/span><\/span><\/h3>\nSukurkite rakt\u0173 saugykl\u0105<\/span><\/b>:<\/span> <\/span><\/p>\n\n- Azure portale eikite \u012f <\/span>Key Vaults ir sukurti nauj\u0105 Key Vault.<\/span> <\/span><\/li>\n<\/ul>\n
Prid\u0117ti paslap\u010di\u0173<\/span><\/b>:<\/span> <\/span><\/p>\n\n- Eikite \u012f <\/span>Paslaptys skyri\u0173 \u201eKey Vault\u201c ir sukurkite nauj\u0105 paslapt\u012f (pvz., DatabaseConnectionString).<\/span> <\/span><\/li>\n<\/ul>\n
<\/span>3 veiksmas. Suteikite prieig\u0105 prie valdomos tapatyb\u0117s <\/strong><\/span><\/span><\/h3>\n\n- Key Vault eikite \u012f <\/span>Prieigos politika.<\/li>\n
- Prid\u0117ti an <\/span>Prieigos politika ir suteikti valdomos tapatyb\u0117s leidimus <\/span>Gaukite ir \u012ftraukite \u012f s\u0105ra\u0161\u0105 paslap\u010di\u0173.<\/span> <\/span><\/li>\n
- I\u0161saugokite pakeitimus.<\/span> <\/span><\/li>\n<\/ol>\n
<\/span>4 veiksmas. Prisijunkite prie paslap\u010di\u0173 savo programoje <\/strong><\/span><\/span><\/h3>\nProgramoje gaukite paslaptis naudodami Azure SDK. Toliau pateikiamas .NET programos kodo fragmento pavyzdys:<\/span> <\/span><\/p>\nnaudojant Azure.Identity;<\/span><\/i> <\/span><\/p>\nnaudojant Azure.Security.KeyVault.Secrets;<\/span><\/i> <\/span><\/p>\nvie\u0161osios klas\u0117s KeyVaultService<\/span><\/i> <\/span><\/p>\n{<\/span><\/i> <\/span><\/p>\n privatus, tik skaitomas SecretClient _secretClient;<\/span><\/i> <\/span><\/p>\n vie\u0161a KeyVaultService (eilut\u0117 keyVaultUri)<\/span><\/i> <\/span><\/p>\n {<\/span><\/i> <\/span><\/p>\n _secretClient = new SecretClient(new Uri(keyVaultUri), new DefaultAzureCredential());<\/span><\/i> <\/span><\/p>\n }<\/span><\/i> <\/span><\/p>\n vie\u0161a eilut\u0117 GetSecret(eilut\u0117s slaptasis pavadinimas)<\/span><\/i> <\/span><\/p>\n {<\/span><\/i> <\/span><\/p>\n var secret = _secretClient.GetSecret(slaptasPavadinimas);<\/span><\/i> <\/span><\/p>\n gr\u0105\u017einti paslapt\u012f.Vert\u0117.vert\u0117;<\/span><\/i> <\/span><\/p>\n }<\/span><\/i> <\/span><\/p>\n