Azure KeyVault:Azure.Identity.CredentialUnavailableException:DefaultAzureCredential无法从包含的凭据中检索令牌 [英] Azure KeyVault: Azure.Identity.CredentialUnavailableException: DefaultAzureCredential failed to retrieve a token from the included credentials
问题描述
我正在尝试将目标为.net框架的aspnet核心应用程序与Azure Keyvault连接.在支持身份的新azure vm上,一切正常,但此应用程序托管在不支持身份的经典azure vm上.我将系统环境变量AzureServiceAuthConnectionString设置为可与其他具有Azure keyvault的其他.net框架应用程序一起使用,并且它们可以正常运行.
I am trying to connect my aspnet core application that is targeting .net framework with Azure Keyvault. On a new azure vm that supports identity everything works fine, but this application is hosted on a classic azure vm that does not support identity. I made the system environment variable AzureServiceAuthConnectionString which severable other .net framework applications with Azure keyvault are already using and are working perfectly.
每次查看标准输出日志时,都会得到以下异常.
Looking at my stdout logs I get the following exception everytime.
Azure.Identity.CredentialUnavailableException: DefaultAzureCredential failed to retrieve a token from the included credentials
EnvironmentCredential authentication unavailable. Environment variables are not fully configured
ManagedIdentityCredential authentication unavailable, the requested identity has not been assigned to this resource.
我在启动时使用以下代码:
I use the following code in the startup:
public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
WebHost.CreateDefaultBuilder(args)
.UseApplicationInsights(ConfigurationManager.AppSettings["applicationInsightsInstrumentationKey"])
.ConfigureKestrel(options => options.AddServerHeader = false)
.UseIISIntegration()
.ConfigureAppConfiguration((context, config) =>
{
var vaultName = ConfigurationManager.AppSettings["VaultName"];
if (!string.IsNullOrEmpty(vaultName))
{
var azureServiceTokenProvider = new AzureServiceTokenProvider();
var keyVaultClient = new KeyVaultClient(
new KeyVaultClient.AuthenticationCallback(
azureServiceTokenProvider.KeyVaultTokenCallback));
config.AddAzureKeyVault(
$"https://{vaultName}.vault.azure.net/",
keyVaultClient,
new DefaultKeyVaultSecretManager());
}
})
.UseStartup<Startup>();
在web.config中,以下各项:
And in the web.config the following items :
<configSections>
<section name="configBuilders" type="System.Configuration.ConfigurationBuildersSection, System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" restartOnExternalChanges="false" requirePermission="false"/>
</configSections>
<configBuilders>
<builders>
<add name="AzureKeyVault" vaultName="<#= this.VaultName #>" type="Microsoft.Configuration.ConfigurationBuilders.AzureKeyVaultConfigBuilder, Microsoft.Configuration.ConfigurationBuilders.Azure, Version=2.0.0.0, Culture=neutral" vaultUri="https://<#= this.VaultName #>.vault.azure.net" />
</builders>
</configBuilders>
<connectionStrings configBuilders="AzureKeyVault">
<add name="ConnectionString" connectionString="" providerName="System.Data.SqlClient"/>
</connectionStrings>
推荐答案
Could you validate that you are setting the following system environment variables?
AZURE_CLIENT_ID
-服务主体的应用ID
AZURE_CLIENT_ID
- service principal's app id
AZURE_TENANT_ID
-主体的Azure Active Directory租户的ID
AZURE_TENANT_ID
- id of the principal's Azure Active Directory tenant
AZURE_CLIENT_SECRET
-服务主体的客户机密之一
AZURE_CLIENT_SECRET
- one of the service principal's client secrets
这篇关于Azure KeyVault:Azure.Identity.CredentialUnavailableException:DefaultAzureCredential无法从包含的凭据中检索令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!