配置托管身份验证Azure的问题 [英] Problems configuring Managed Identity authentication Azure
问题描述
< span style =" font-family:'Segoe UI',SegoeUI,'Segoe WP','Helvetica Neue',Helvetica,Tahoma,Arial,sans-serif; font-size:16px;"> ;构建云应用程序时的一个常见挑战是如何管理代码中的凭据,以便对云服务进行身份验证
。保持凭证安全是< a href =" https://www.buscado.com.br/agencia-seo.html"> buscado< / a>一项重要任务。理想情况下,凭据永远不会出现在开发人员工作站上,也不会检查到源代码管理中。
Azure Key Vault提供了一种安全存储凭据,机密和其他密钥的方法,但您的代码必须向Key Vault进行身份验证才能检索它们。如何解决此问题?< / span>
<span style="font-family:'Segoe UI', SegoeUI, 'Segoe WP', 'Helvetica Neue', Helvetica, Tahoma, Arial, sans-serif;font-size:16px;">A common challenge when building cloud applications is how to manage the credentials in your code for authenticating to cloud services. Keeping the credentials secure is <a href="https://www.buscado.com.br/agencia-seo.html">buscado</a> an important task. Ideally, the credentials never appear on developer workstations and aren't checked into source control. Azure Key Vault provides a way to securely store credentials, secrets, and other keys, but your code has to authenticate to Key Vault to retrieve them. How do I solve this problem?</span>
推荐答案
如果您尝试使用Azure资源的托管标识来访问Azure Key Vault例如,网络应用 要访问Azure Key保管库,您需要为资源启用MSI(App服务),并使用Azure
密钥保管库访问策略为此资源授予权限。 这将验证访问Azure Key Vault的资源,而无需显式创建Azure AD应用程序或管理其凭据。 您可以参考服务
,支持Azure资源的托管身份,以获取当前支持的服务列表。 您还可以参考 文档 &bbsp到
学习使用托管身份访问不同的Azure资源。 R 比这个
教程:将Azure Key Vault与.NET中的Azure Web应用程序一起使用以获取实现详细信息。
If you are trying to use managed identity of a Azure Resource to access Azure Key Vault for example, web app to access Azure Key vault, you need to enable the MSI for the resource (App service) and grant permissions to this resource using the Azure Key Vault Access policies. This will authenticate the resource to access Azure Key Vault without any need to explicitly create an Azure AD application or manage its credentials. You can refer to Services that support managed identities for Azure resources to get a list of services currently supported. You can also refer to documentation to learn to use managed identities to access different Azure resources. Refer to this Tutorial: Use Azure Key Vault with an Azure web app in .NET for implementation details.
这篇关于配置托管身份验证Azure的问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
