如何在Visual Studio代码调试期间传递Azure KeyVault的访问令牌 [英] How to pass access token for Azure KeyVault during Visual Studio Code debug
问题描述
我工作的团队正在研究在Visual Studio Code中调试未来的项目.我们已将调试器设置为可以与我们的项目一起使用.该项目使用Azure Key Vault作为我们的应用程序密钥.问题是,当调试器尝试传递代码的Azure KeyVault部分并返回时,我们的启动会中断:
发生异常:CLR/Microsoft.Azure.Services.AppAuthentication.AzureServiceTokenProviderException
在Visual Studio中,我使用我的帐户登录,并且在调试过程中,Visual Studio能够从我的帐户中提取访问令牌.
在尝试启动调试之前,我尝试使用Azure帐户Visual Studio代码扩展进行登录,但是即使我登录后,它也会返回相同的异常.
我用于获取Azure KeyVault的代码如下:
AzureServiceTokenProvider azureServiceTokenProvider = new AzureServiceTokenProvider();KeyVaultClient keyVaultClient =新的KeyVaultClient(新的KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));AzureADAppSettings azureADAppSettings = Configuration.GetSection("Authentication").GetSection("AzureAd").Get< AzureADAppSettings>();如果(azureADAppSettings.ApplicationSecret.StartsWith("https://"))azureADAppSettings.ApplicationSecret = keyVaultClient.GetSecretAsync(azureADAppSettings.ApplicationSecret).GetAwaiter().GetResult().Value; 我希望Azure帐户将使我能够像在Visual Studio中一样使用Azure KeyVault.
相反,代码会在异常时中断.
有人可以告诉我我在做什么错吗?
我想您想在VS Code中获得密钥库的秘密,我遵循此
The team I work in is looking into debugging future projects in Visual Studio Code. We have set the debugger to work with our project.The project uses Azure Key Vault for our Application Secrets. The issue is that our Startup breaks when the debugger tries to pass the Azure KeyVault portion of the code and returns:
Exception has occurred: CLR/Microsoft.Azure.Services.AppAuthentication.AzureServiceTokenProviderException
In Visual Studio I am signed in with my account and during debug Visual Studio is able to pull the access token from my account.
I tried to sign in using Azure Account Visual Studio Code Extension before attempting to start the debug but it returns the same exception even when I am signed in.
My code for getting the Azure KeyVault looks like this:
AzureServiceTokenProvider azureServiceTokenProvider = new AzureServiceTokenProvider();
KeyVaultClient keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
AzureADAppSettings azureADAppSettings = Configuration.GetSection("Authentication").GetSection("AzureAd").Get<AzureADAppSettings>();
if (azureADAppSettings.ApplicationSecret.StartsWith("https://"))
azureADAppSettings.ApplicationSecret = keyVaultClient.GetSecretAsync(azureADAppSettings.ApplicationSecret).GetAwaiter().GetResult().Value;
I expected that the Azure Account would enable me to use Azure KeyVault the same way as in Visual Studio.
Instead the code breaks on exceptions.
Can someone tell me what I am doing wrong ?
I suppose you want to get the keyvault secret in the VS Code, I follow this link to create a .NET Core console app to have a try, it works on my side.
Make sure you have installed the extensions to run the code, Microsoft.Azure.Services.AppAuthentication and Microsoft.Azure.KeyVault NuGet packages.
To access the azure keyvault, I use the Authenticating with Azure CLI. Make sure you have installed the Azure CLI in local, then open Microsoft Azure Command Prompt, login with your user account, select the correct subscription which your keyvault located.
az login
az account set --subscription <subscription-id>
You can also try to use az account get-access-token --resource https://vault.azure.net to verify access, e.g. decode the token in https://jwt.io/ to see if it is in the correct tenant, etc.
Then in the VS Code, after create the console app in the VS Code, open the folder, the code in Program.cs like below.
using System;
using Microsoft.Azure.KeyVault;
using Microsoft.Azure.Services.AppAuthentication;
namespace test1
{
class Program
{
static void Main(string[] args)
{
var azureServiceTokenProvider1 = new AzureServiceTokenProvider();
var kv = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider1.KeyVaultTokenCallback));
var secret = kv.GetSecretAsync("https://keyvaultname.vault.azure.net/", "test2").GetAwaiter().GetResult();
Console.WriteLine(secret);
}
}
}
这篇关于如何在Visual Studio代码调试期间传递Azure KeyVault的访问令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
