问题描述

我正在尝试将目标为.net框架的aspnet核心应用程序与Azure Keyvault连接.在支持身份的新azure vm上，一切正常，但此应用程序托管在不支持身份的经典azure vm上.我将系统环境变量AzureServiceAuthConnectionString设置为可与其他具有Azure keyvault的其他.net框架应用程序一起使用，并且它们可以正常运行.

I am trying to connect my aspnet core application that is targeting .net framework with Azure Keyvault. On a new azure vm that supports identity everything works fine, but this application is hosted on a classic azure vm that does not support identity. I made the system environment variable AzureServiceAuthConnectionString which severable other .net framework applications with Azure keyvault are already using and are working perfectly.

每次查看标准输出日志时，都会得到以下异常.

Looking at my stdout logs I get the following exception everytime.

Azure.Identity.CredentialUnavailableException: DefaultAzureCredential failed to retrieve a token from the included credentials
EnvironmentCredential authentication unavailable. Environment variables are not fully configured
ManagedIdentityCredential authentication unavailable, the requested identity has not been assigned to this resource.

我在启动时使用以下代码:

I use the following code in the startup:

        public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
            WebHost.CreateDefaultBuilder(args)               
       .UseApplicationInsights(ConfigurationManager.AppSettings["applicationInsightsInstrumentationKey"])
                .ConfigureKestrel(options => options.AddServerHeader = false)
                .UseIISIntegration()
                .ConfigureAppConfiguration((context, config) =>
                {
                    var vaultName = ConfigurationManager.AppSettings["VaultName"];
                    if (!string.IsNullOrEmpty(vaultName))
                    {
                        var azureServiceTokenProvider = new AzureServiceTokenProvider();
                        var keyVaultClient = new KeyVaultClient(
                            new KeyVaultClient.AuthenticationCallback(
                                azureServiceTokenProvider.KeyVaultTokenCallback));

                        config.AddAzureKeyVault(
                            $"https://{vaultName}.vault.azure.net/",
                            keyVaultClient,
                            new DefaultKeyVaultSecretManager());
                    }
                })
                .UseStartup<Startup>();

在web.config中，以下各项:

And in the web.config the following items :

   <configSections>
      <section name="configBuilders" type="System.Configuration.ConfigurationBuildersSection, System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" restartOnExternalChanges="false" requirePermission="false"/>
   </configSections>
   <configBuilders>
    <builders>
      <add name="AzureKeyVault" vaultName="<#= this.VaultName #>" type="Microsoft.Configuration.ConfigurationBuilders.AzureKeyVaultConfigBuilder, Microsoft.Configuration.ConfigurationBuilders.Azure, Version=2.0.0.0, Culture=neutral" vaultUri="https://<#= this.VaultName #>.vault.azure.net" />
    </builders>
  </configBuilders>
  <connectionStrings configBuilders="AzureKeyVault">
      <add name="ConnectionString" connectionString="" providerName="System.Data.SqlClient"/>
  </connectionStrings>

推荐答案

您可以验证您是否正在设置以下系统环境变量?

Could you validate that you are setting the following system environment variables?

AZURE_CLIENT_ID -服务主体的应用ID

AZURE_CLIENT_ID - service principal's app id

AZURE_TENANT_ID -主体的Azure Active Directory租户的ID

AZURE_TENANT_ID - id of the principal's Azure Active Directory tenant

AZURE_CLIENT_SECRET -服务主体的客户机密之一

AZURE_CLIENT_SECRET - one of the service principal's client secrets

这篇关于Azure KeyVault:Azure.Identity.CredentialUnavailableException:DefaultAzureCredential无法从包含的凭据中检索令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！