Publish Improvements in Visual Studio 2017 version 15.7

Today we released Visual Studio 2017 version 15.7. Our 15.7 update brings some exciting updates for publishing applications from Visual Studio that we’re excited to tell you about, including:

  • Ability to configure publish settings before you publish or create a publish profile
  • Publish to a fully managed App Service Linux environment
  • Create Azure Storage Accounts and automatically store the connection string for App Service
  • Automatic enablement of Managed Service Identity in App Service

Configure settings before publishing

When publishing your ASP.NET Core applications to either a folder or Azure App Service you can configure the following settings prior to creating your publish profile:

To configure this prior to creating your profile, click the “Advanced…” link on the publish target page to open the Advanced Settings dialog.

Advanced link on 'Pick a publish target' dialog

Publish to a fully managed Linux environment on Azure App Service

In the Visual Studio 15.7 update, we’ve now added support for publishing to fully managed Linux environments on App Service as well as bringing your own container.

Visual Studio 2017 previously offered support for building your own Docker container and publishing that to Azure App Service for Containers. Bringing your own container gives you full control of your application’s runtime environment, but it also means you are responsible for rebuilding and redeploying your container whenever there are updates available to the base images (e.g. security updates to the operating system or runtime). By contrast, in a fully managed environment, Azure automatically updates the hosting environment whenever updates are available without the need to rebuild and redeploy your app’s container.

To publish an ASP.NET Core application to a fully managed Linux App Service:

  • Right click on your project and choose “Publish”
  • Select “App Service Linux”
  • Choose “Create new”
    Note: If your application is Docker enabled, you’ll see a second option called “Create new App Service for Containers” which publishes your container.

clip_image002[1]

Create Azure Storage Accounts and automatically store the connection string in App Settings

When creating a new Azure App Service, we’ve always offered the ability to create a new SQL Azure database and automatically store its connection string in your app’s App Service Settings. With 15.7, we now offer the ability to create a new Azure Storage Account while you are creating your App Service, and automatically place the connection string in the App Service settings as well. To create a new storage account:

  • Click the “Create a storage account” link in the top right of the “Create App Service” dialog
  • Provide in the connecting string key name your app uses to access the storage account in the “(Optional) Connecting String Name” field at the bottom of the Storage Account dialog
  • Your application will now be able to talk to the storage account once your application is published

Optional Connection String Name field on Storage Account dialog

Managed Service Identity enabled for new App Services

A common challenge when building cloud applications is how to manage the credentials that need to be in your code for authenticating to other services. Ideally, credentials never appear on developer workstations or get checked into source control. Azure Key Vault provides a way to securely store credentials and other keys and secrets, but your code needs to authenticate to Key Vault to retrieve them. Managed Service Identity (MSI) makes solving this problem simpler by giving Azure services an automatically managed identity in Azure Active Directory (Azure AD). You can use this identity to authenticate to any service that supports Azure AD authentication, including Key Vault, without having any credentials in your code.

Starting in Visual Studio 2017 15.7 Preview 4, when you publish an application to Azure App Service (not Linux) Visual Studio automatically enables MSI for your application. You can then give your app permission to communicate with any service that supports MSI authentication by logging into that service’s page in the Azure Portal and granting access your App Service. For example, to create a Key Vault and give your App Service access

  1. In the Azure Portal, select Create a resource > Security + Identity > Key Vault.
  2. Provide a Name for the new Key Vault.
  3. Locate the Key Vault in the same subscription and resource group as the App Service you created from Visual Studio.
  4. Select Access policies and click Add new.
  5. In Configure from template, select Secret Management.
  6. Choose Select Principal, and in the search field enter the name of the App Service.
  7. Select the App Service’s name in the result list and click Select.
  8. Click OK to finishing adding the new access policy, and OK to finish access policy selection.
  9. Click Create to finish creating the Key Vault.

Azure portal dialog: Create a Key Vault and give your App Service access

Once you publish your application, it will have access to the Key Vault without the need for you to take any additional steps.

Conclusion

If you’re interested in the many other great things that Visual Studio 2017 15.7 brings for .NET development, check out our .NET tool updates in Visual Studio 15.7 post on the .NET blog.

We hope that you’ll give 15.7 a try and let us know how it works for you. If you run into any issues, or have any feedback, please report them to us using Visual Studio’s features for sending feedback. or let us know what you think below or via Twitter.