错误(Azure Key Vault)配置为仅由Azure Active Directory用户使用 [英] Error (Azure Key Vault) is configured for use by Azure Active Directory users only
问题描述
完整错误:Microsoft.Extensions.Configuration.AzureAppConfiguration.KeyVaultReferenceException:SharedTokenCacheCredential身份验证失败:AADSTS9002332:应用程序'cfa8b339-82a2-471a-a3c9-0fc0be7a4093'(Azure密钥保管箱)配置为仅由Azure Active Directory用户使用.请不要使用/consumers端点来满足此请求.跟踪ID:a4b9a7c9-8eb4-48ff-8871-8a63d69b1400(Azure Key Vault)配置为仅由Azure Active Directory用户使用.请不要使用/consumers端点来满足此请求.
我在此Microsoft Doc页面上浏览了该示例:
此外,如果您在VS 2019上运行该应用程序,则可以使用扩展名 Azure Service Authentication
.但是您需要在租户中使用一个工作帐户登录并为密钥库中的帐户配置权限访问策略.有关更多详细信息,请参阅https://docs.microsoft.com/en-us/azure/azure-app-configuration/use-key-vault-references-dotnet-core?tabs=powershell%2Ccore3x
No errors on build, but when I launch the site on localhost, I get the above error.
Here is the code in the Program.cs file:
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.UseSerilog()
.ConfigureWebHostDefaults(webBuilder =>
webBuilder.ConfigureAppConfiguration((hostingContext, config) =>
{
var settings = config.Build();
config.AddAzureAppConfiguration(options =>
{
options.Connect(settings["ConnectionStrings:AppConfig"])
.ConfigureKeyVault(kv =>
{
kv.SetCredential(new DefaultAzureCredential());
});
});
})
.UseStartup<Startup>());
// See: https://github.com/MicrosoftDocs/azure-docs/issues/71592
Can anyone tell me what to try next?
See: https://github.com/MicrosoftDocs/azure-docs/issues/71592
If you want to access Azure key vault, please refer to the following steps
- Create service principal
az ad sp create-for-rbac -n "http://mySP" --sdk-auth
- Set access policy in azure keyvault
az keyvault set-policy -n <your-unique-keyvault-name> --spn <clientId-of-your-service-principal> --secret-permissions delete get list set --key-permissions create decrypt delete encrypt get list unwrapKey wrapKey --secret-permissions backup delete get list purge recover restore set
- Code
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureWebHostDefaults(webBuilder =>
webBuilder.ConfigureAppConfiguration((hostingContext, config) =>
{
var settings = config.Build();
config.AddAzureAppConfiguration(options =>
{
options.Connect(settings["ConnectionStrings:AppConfig"])
.ConfigureKeyVault(kv =>
{
var cert = new ClientSecretCredential("<tenant id>", "client id", "client secret");
kv.SetCredential(cert);
});
});
})
.UseStartup<Startup>());
Besides, if you run the application with VS 2019, you can use the extension Azure Service Authentication
. But you need to use one work account in the tenant to login and configure right access policy for the account in the key vault. For more details, please refer to here
这篇关于错误(Azure Key Vault)配置为仅由Azure Active Directory用户使用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!