asp.net-core - 使用密钥保管库的 AzureServiceTokenProviderException
问题描述
不知道怎么回事,有大佬有意见吗?我刚刚遵循本教程:https ://docs.microsoft.com/da-dk/azure/key-vault/vs-key-vault-add-connected-service#feedback
此错误仅在网站发布到 Azure 时发生。
AzureServiceTokenProviderException: Parameters: Connection String: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net/1855fd54-8283-4d57-ab22-4e818e22fcf7. Exception Message: Tried the following 3 methods to get an access token, but none of them worked.
Parameters: Connection String: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net/1855fd54-8283-4d57-ab22-4e818e22fcf7. Exception Message: Tried to get token using Managed Service Identity. Access token could not be acquired. An attempt was made to access a socket in a way forbidden by its access permissions.
Parameters: Connection String: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net/1855fd54-8283-4d57-ab22-4e818e22fcf7. Exception Message: Tried to get token using Visual Studio. Access token could not be acquired. Visual Studio Token provider file not found at "D:\local\LocalAppData\.IdentityService\AzureServiceAuth\tokenprovider.json"
Parameters: Connection String: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net/1855fd54-8283-4d57-ab22-4e818e22fcf7. Exception Message: Tried to get token using Azure CLI. Access token could not be acquired. 'az' is not recognized as an internal or external command,
operable program or batch file.
Microsoft.Azure.Services.AppAuthentication.AzureServiceTokenProvider.GetAuthResultAsyncImpl(string resource, string authority, CancellationToken cancellationToken)
AzureServiceTokenProviderException: Parameters: Connection String: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net/1855fd54-8283-4d57-ab22-4e818e22fcf7. Exception Message: Tried the following 3 methods to get an access token, but none of them worked. Parameters: Connection String: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net/1855fd54-8283-4d57-ab22-4e818e22fcf7. Exception Message: Tried to get token using Managed Service Identity. Access token could not be acquired. An attempt was made to access a socket in a way forbidden by its access permissions. Parameters: Connection String: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net/1855fd54-8283-4d57-ab22-4e818e22fcf7. Exception Message: Tried to get token using Visual Studio. Access token could not be acquired. Visual Studio Token provider file not found at "D:\local\LocalAppData\.IdentityService\AzureServiceAuth\tokenprovider.json" Parameters: Connection String: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net/1855fd54-8283-4d57-ab22-4e818e22fcf7. Exception Message: Tried to get token using Azure CLI. Access token could not be acquired. 'az' is not recognized as an internal or external command, operable program or batch file.
Microsoft.Azure.Services.AppAuthentication.AzureServiceTokenProvider.GetAuthResultAsyncImpl(string resource, string authority, CancellationToken cancellationToken)
Microsoft.Azure.Services.AppAuthentication.AzureServiceTokenProvider.<get_KeyVaultTokenCallback>b__8_0(string authority, string resource, string scope)
FindEnBar.Program+<>c__DisplayClass2_0+<<SetupConfiguration>g__GetToken|0>d.MoveNext() in Program.cs
Microsoft.Azure.KeyVault.KeyVaultCredential.PostAuthenticate(HttpResponseMessage response)
Microsoft.Azure.KeyVault.KeyVaultCredential.ProcessHttpRequestAsync(HttpRequestMessage request, CancellationToken cancellationToken)
Microsoft.Azure.KeyVault.KeyVaultClient.GetSecretsWithHttpMessagesAsync(string vaultBaseUrl, Nullable<int> maxresults, Dictionary<string, List<string>> customHeaders, CancellationToken cancellationToken)
Microsoft.Azure.KeyVault.KeyVaultClientExtensions.GetSecretsAsync(IKeyVaultClient operations, string vaultBaseUrl, Nullable<int> maxresults, CancellationToken cancellationToken)
Microsoft.Extensions.Configuration.AzureKeyVault.AzureKeyVaultConfigurationProvider.LoadAsync()
Microsoft.Extensions.Configuration.AzureKeyVault.AzureKeyVaultConfigurationProvider.Load()
Microsoft.Extensions.Configuration.ConfigurationRoot..ctor(IList<IConfigurationProvider> providers)
Microsoft.Extensions.Configuration.ConfigurationBuilder.Build()
Microsoft.Extensions.Hosting.HostBuilder.BuildAppConfiguration()
Microsoft.Extensions.Hosting.HostBuilder.Build()```
解决方案
在本教程中,它使用Azure 托管标识来访问 Key Vault。
请参阅以下代码:
public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
WebHost.CreateDefaultBuilder(args)
.ConfigureAppConfiguration((ctx, builder) =>
{
var keyVaultEndpoint = GetKeyVaultEndpoint();
if (!string.IsNullOrEmpty(keyVaultEndpoint))
{
var azureServiceTokenProvider = new AzureServiceTokenProvider();
var keyVaultClient = new KeyVaultClient(
new KeyVaultClient.AuthenticationCallback(
azureServiceTokenProvider.KeyVaultTokenCallback));
builder.AddAzureKeyVault(
keyVaultEndpoint, keyVaultClient, new DefaultKeyVaultSecretManager());
}
}
).UseStartup<Startup>();
在你的本地开发中,它将使用 VS 的用户凭据或使用 Azure CLI 存储的凭据。
但是,在云端,您需要开启您的VM或Web App的身份。然后在 Key Vault 中为该身份添加访问策略。
然后,您的代码将能够毫无问题地使用 Key Vault。
推荐阅读
- android - 是否可以在 React-Native(iOS&Android) 中获得自己设备的 BLE Mac?
- charts - 删除谷歌图表上的一些 x 轴标签
- java - 返回与视图(CardStackAdapter)相关的所有方法作为空对象引用的片段
- python - 如何将 VPython 模拟显示放置到 PyQt5 GUI 的某个区域?
- java - 构造函数和/或初始化线程安全吗?
- ruby-on-rails - 使用 ssl/https 时设计无法登录
- python - 如何使用 python webScraping 避免“请验证您是人类”?
- python - 如何从 HTML 输入触发 Python 脚本?
- python - Tkinter Pack() 设置扩展比例
- python - Django相关模型未在管理员中更新相关对象