目标是从本地IIS上托管的.net Framework 4.6 Web应用程序中读取所有秘密值吗?该应用程序有点遗留,只能通过附加到辅助进程进行调试。 我正在尝试使用下面的代码访问azure密钥库机密,以便可以避免在应用程序配置文件中存储密钥。
var keyVaultPath = ConfigurationManager.AppSettings["KeyVaultStorage"];
var azureServiceTokenProvider = new AzureServiceTokenProvider();
var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
var secrets = keyVaultClient.GetSecretsAsync(keyVaultPath).Result;
_secretValues = new ConcurrentDictionary<string, string>();
foreach (var item in secrets)
{
var secret = keyVaultClient.GetSecretAsync($"{keyVaultPath}/secrets/{item.Identifier.Name}").Result;
_secretValues.TryAdd(item.Identifier.Name, secret.Value);
}
在运行此代码之前,请确保使用以下命令登录到Azure订阅
az login
az account set --subscription
相同的代码在.Net核心应用程序以及IIS Express上托管的.Net Framework 4.6 Web应用程序中都能很好地运行。托管在本地计算机IIS上时,它不会运行。
从IIS工作进程运行代码时引发错误。
AzureServiceTokenProviderException: Parameters: Connection String: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net/. Exception Message: Tried the following 4 methods to get an access token, but none of them worked.
Parameters: Connection String: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net/. Exception Message: Tried to get token using Managed Service Identity. Unable to connect to the Managed Service Identity (MSI) endpoint. Please check that you are running on an Azure resource that has MSI setup.
Parameters: Connection String: [No connection string specified], Resource: vault.azure.net, Authority: login.windows.net/. Exception Message: Tried to get token using Visual Studio. Access token could not be acquired. Visual Studio Token provider file not found at "C:\WINDOWS\system32\config\systemprofile\AppData\Local\.IdentityService\AzureServiceAuth\tokenprovider.json"
Parameters: Connection String: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net/. Exception Message: Tried to get token using Azure CLI. Access token could not be acquired. Traceback (most recent call last):
File "runpy.py", line 193, in _run_module_as_main
File "runpy.py", line 85, in _run_code
File "C:\Users\trdai\AppData\Local\Temp\pip-install-17ev678d\azure-cli\azure\cli\__main__.py", line 32, in <module>
File "C:\Users\trdai\AppData\Local\Temp\pip-install-17ev678d\azure-cli-core\azure\cli\core\__init__.py", line 509, in get_default_cli
File "C:\Users\trdai\AppData\Local\Temp\pip-install-17ev678d\azure-cli-core\azure\cli\core\__init__.py", line 51, in __init__
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\Lib\site-packages\knack\util.py", line 38, in ensure_dir
os.makedirs(d)
File "os.py", line 220, in makedirs
PermissionError: [WinError 5] Access is denied: 'C:\\WINDOWS\\system32\\config\\systemprofile\\.azure'
Parameters: Connection String: [No connection string specified], Resource: vault.azure.net, Authority: login.windows.net/. Exception Message: Tried to get token using Active Directory Integrated Authentication. Access token could not be acquired. unknown_user_type: Unknown User Type