Add a provider that supports machineKey, specially:

• validationKey
• decryptionKey

<machineKey validationKey="****" decryptionKey="***" decryption="***" validation="***" />

please delete. thx.

Describe the bug
The DNN application being used to apply Dnn.KeyMaster to contained some additional app settings which had an _ in the name Ie. "Portal_1". When Dnn.KeyMaster was applied these app settings were not transferred to Azure Key Vault and no warning was given.

To Reproduce
Steps to reproduce the behavior:
See description above

Expected Behavior
Vaues should be transferred to Azure Key Vault (if this is allowed) otherwise a warning should be given.

Actual Behavior
Values are lost with no warning given.

Version:

• DNN: [e.g. 9.3.0]
• Dnn.KeyMaster: [eg. 1.0.0]

Additional context
Add any other context about the problem here.

Describe the bug
Unable to test or save secrets on first load

To Reproduce
Steps to reproduce the behavior:

1. Create a new DNN 9.2.2 instance
2. Install 1.0.0.48
3. Enter valid secrets (used from another side)
4. Unable to save

Expected behavior
Expected the secrets to validate

Version:

• DNN: 9.2.2
• Dnn.KeyMaster: 1.0.0.48

Describe the bug
Unable to Save when installing Key Master for the First Time

To Reproduce
Steps to reproduce the behavior:

1. Create clean install of DNN
2. Log in as host user
3. Go to extensions and install the key master
4. Go to Azure and configure your key vault correctly
5. Enter the credentials and test the configuration
6. Attempt to Save the credentials

Expected behavior
Credentials saved correctly to secrets.json.resources

Actual Behavior
The save hangs and doesn't properly save to file

Version:

• DNN: 9.2.2
• Dnn.KeyMaster: 1.0.0.51

Describe the bug
If using a DNN database with an object qualifier Eg. DNN_{TableName}, the object qualifier is lost when KeyMaster is applied.

To Reproduce
Steps to reproduce the behavior:

1. Setup a DNN database with an object qualifer to prefix all the database objects.
2. Install and run Dnn.KeyMaster.

Expected Behavior
App should reload with values in Azure Key Vault

Actual Behavior
App tries to redirect to /InstallWizard as it cannot connect to the database.
To fix issue objectQualifier="DNN" needs to be set in the web.config in the SqlDataProvider.

Version:

• DNN: [e.g. 9.3.0]
• Dnn.KeyMaster: [eg. 1.0.0]

If the key vault denies the app from downloading the secrets there should be a useful exception message

• Useful Exception Message
• Log a useful message to log4net
• Add trouble shooting documentation

The alpha build allows anyone to update the configuration and it needs to be locked down to host only

Is your feature request related to a problem? Please describe.
The secrets.json.resources file is stored in plain text and should be encrypted. This will add another layer of security to the Key Master

Describe the bug
The key master is currently incompatible with 2sxc structured content

To Reproduce
Steps to reproduce the behavior:

1. Install the Key Master on a new DNN site
2. Configure the Key Master
3. Start the Key Master
4. Install 2sxc v9.32 LTS
5. Add a 2sxc Content or App to any page

Expected behavior
The 2sxc Content or App should be created and start the standard behavior of 2sxc

Screenshots

Version:

• DNN: 9.2.2
• Dnn.KeyMaster: 1.0.0

Additional context
Stack Trace:
Error: App is currently unavailable. DotNetNuke.Services.Exceptions.ModuleLoadException: A suitable constructor for type 'ToSic.Eav.Apps.Interfaces.IEnvironmentFactory' could not be located. Ensure the type is concrete and services are registered for all parameters of a public constructor. ---> System.InvalidOperationException: A suitable constructor for type 'ToSic.Eav.Apps.Interfaces.IEnvironmentFactory' could not be located. Ensure the type is concrete and services are registered for all parameters of a public constructor. at Microsoft.Extensions.Internal.ActivatorUtilities.CreateInstance(IServiceProvider provider, Type instanceType, Object[] parameters) at Microsoft.Extensions.Internal.ActivatorUtilities.CreateInstance[T](IServiceProvider provider, Object[] parameters) at ToSic.Eav.Factory.Resolvet in C:\Projects\eav-server\ToSic.Eav.Core\Factory.cs:line 79 at ToSic.SexyContent.ContentBlocks.ModuleContentBlock..ctor(IInstanceInfo instanceInfo, Log parentLog, ITenant tenant, IEnumerable`1 overrideParams) in C:\Projects\2sxc-dnn742\Website\DesktopModules\ToSIC_SexyContent\ToSic.Sxc\SexyContent\ContentBlocks\ModuleContentBlock.cs:line 43 at ToSic.SexyContent.View.get_SxcInstance() in C:\Projects\2sxc-dnn742\Website\DesktopModules\ToSIC_SexyContent\View.ascx.cs:line 24 at ToSic.SexyContent.View.Page_PreRender(Object sender, EventArgs e) in C:\Projects\2sxc-dnn742\Website\DesktopModules\ToSIC_SexyContent\View.ascx.cs:line 54 --- End of inner exception stack trace ---

When using Environment Variables configuration such as Azure App Settings there should be a configuration setting to allow updating the variables from the DNN UI. This was discussed in RFC #54

Add getting started guide into persona bar menu

There should be some kind of configuration wizard so the user doesn't have to create the key vault and app registration manually

This can be a 2.0 feature

Given the website is hosted by Azure you can specify app secrets in the App Settings feature. This will remove any hard coded secrets on disk.

For background if you are not using Azure Env Vars the secrets are stored in a file that contain the following important Vars

• Client ID
• Client Secret
• Secret Name
• Tenant I'd
• Key Vault URL

Question

If the website is configured as stated above should we allow the host user ability to override from the DNN Website?

My Argument

If the user chooses to manage their secrets from the Azure Env Vars I think they should be locked out from managing their secrets. It should only be managed from the Azure interface. This will increase the website security significantly as there will be no way to get the secrets without azure portal access.

In the scenario of a module installing and automatically adding new AppSettings these keys should automatically be updated.

We need to verify that the AppSettings providers and proxies properly update the AppSettings in memory and then update the appropriate vault

When the Key Master is toggled on/off the entire page needs to be reloaded. Currently this automatically happens but the User Experience is kind of clunky since the page load takes a long time. We should add an alert/modal that notifies the user that the process is complete and the website will be reloaded.

The current release is built targeting Dnn 9.2 but there are no 9.2 NuGets. When this gets resolved we can remove the lib folder

This is generated out of the question about testing different versions of 9.x.x and upgrade scenarios.
#27

Goal

Create a build pipeline that accomplishes the following:

• Tests installation of the module on each version of 9.x.x

If the user enters empty strings for any of the input fields, it is not communicating correctly to the user

• Split API calls into Secrets and Home
• Update DnnApiControllers to inherit from PersonaBar API Controllers
• Refactor response object to match best practices in the persona bar

Currently the Key Master installs as a Persona Bar Extension but it is more than just that

• Data Provider
• SQL Membership Provider
• Connects with azure key vault using a specified configuration
• Persona Bar UI
  • Controls Azure Config
  • Controls App Settings Config
  • Future - will control other settings as added

Currently the extension installs as 1 Persona Bar extension. Would this be better marked under another category such as:

• Providers
• Connectors

• Investigate Dnn upgrade path from 9.2.x -> 9.3 with the extension installed
• Investigate the Dnn Data Provider for all versions of 9.x
• Investigate how hard it will be to add data provider logic to decide the correct data provider given the current installed version of dnn
• Investigate how hard it will be to automate testing of upgrade paths using this extension
• Investigate how hard it will be to automate testing installation of changes to every version of dnn at 9.x.x so it can be certified on the readme

This could be after initial 1.0.0 release

• Verify the extension passes the EVS

https://evs.dnnsoftware.com

This will prevent people from downloading the file

• Bug
• Question or Comments
• Feature
• Pull Request