我正在尝试将目标为框架的aspnet核心应用程序与Azure Keyvault连接.在支持身份的新azure vm上,一切正常,但此应用程序托管在不支持身份的经典azure vm上.我将系统环境变量AzureServiceAuthConnectionString设置为可与其他具有Azure keyvault的其他框架应用程序一起使用,并且它们可以正常运行.
I am trying to connect my aspnet core application that is targeting framework with Azure Keyvault. On a new azure vm that supports identity everything works fine, but this application is hosted on a classic azure vm that does not support identity. I made the system environment variable AzureServiceAuthConnectionString which severable other framework applications with Azure keyvault are already using and are working perfectly.
每次查看标准输出日志时,都会得到以下异常.
Looking at my stdout logs I get the following exception everytime.
Azure.Identity.CredentialUnavailableException: DefaultAzureCredential failed to retrieve a token from the included credentials EnvironmentCredential authentication unavailable. Environment variables are not fully configured ManagedIdentityCredential authentication unavailable, the requested identity has not been assigned to this resource.我在启动时使用以下代码:
I use the following code in the startup:
public static IWebHostBuilder CreateWebHostBuilder(string[] args) => WebHost.CreateDefaultBuilder(args) .UseApplicationInsights(ConfigurationManager.AppSettings["applicationInsightsInstrumentationKey"]) .ConfigureKestrel(options => options.AddServerHeader = false) .UseIISIntegration() .ConfigureAppConfiguration((context, config) => { var vaultName = ConfigurationManager.AppSettings["VaultName"]; if (!string.IsNullOrEmpty(vaultName)) { var azureServiceTokenProvider = new AzureServiceTokenProvider(); var keyVaultClient = new KeyVaultClient( new KeyVaultClient.AuthenticationCallback( azureServiceTokenProvider.KeyVaultTokenCallback)); config.AddAzureKeyVault( $"{vaultName}.vault.azure/", keyVaultClient, new DefaultKeyVaultSecretManager()); } }) .UseStartup<Startup>();在web.config中,以下各项:
And in the web.config the following items :
<configSections> <section name="configBuilders" type="System.Configuration.ConfigurationBuildersSection, System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" restartOnExternalChanges="false" requirePermission="false"/> </configSections> <configBuilders> <builders> <add name="AzureKeyVault" vaultName="<#= this.VaultName #>" type="Microsoft.Configuration.ConfigurationBuilders.AzureKeyVaultConfigBuilder, Microsoft.Configuration.ConfigurationBuilders.Azure, Version=2.0.0.0, Culture=neutral" vaultUri="<#= this.VaultName #>.vault.azure" /> </builders> </configBuilders> <connectionStrings configBuilders="AzureKeyVault"> <add name="ConnectionString" connectionString="" providerName="System.Data.SqlClient"/> </connectionStrings> 推荐答案您可以验证您是否正在设置以下系统环境变量?
Could you validate that you are setting the following system environment variables?
AZURE_CLIENT_ID -服务主体的应用ID
AZURE_CLIENT_ID - service principal's app id
AZURE_TENANT_ID -主体的Azure Active Directory租户的ID
AZURE_TENANT_ID - id of the principal's Azure Active Directory tenant
AZURE_CLIENT_SECRET -服务主体的客户机密之一
AZURE_CLIENT_SECRET - one of the service principal's client secrets
更多推荐
Azure KeyVault:Azure.Identity.CredentialUnavailableException:DefaultAzureCredent
发布评论