当尝试从无状态服务结构实施Azure Key Vault Secret时,我从控制台应用程序可以正常工作。
System.TypeLoadException
HResult=0x80131522
Message=Inheritance security rules violated by type: 'System.Net.Http.WebRequestHandler'. Derived types must either match the security accessibility of the base type or be less accessible.
Source=Microsoft.Rest.ClientRuntime
StackTrace:
at Microsoft.Rest.ServiceClient`1.CreateRootHandler
public async Task<string> GetAccessToken(string authority, string resource, string scope)
{
var clientId = MyConfig.Settings.Sections["MyConfigSection"].Parameters["AuthClientId"].Value;
var clientSecret = MyConfig.Settings.Sections["MyConfigSection"].Parameters["AuthClientSecret"].Value;
ClientCredential clientCredential = new ClientCredential(clientId, clientSecret);
var context = new AuthenticationContext(authority, TokenCache.DefaultShared);
var result = await context.AcquireTokenAsync(resource, clientCredential);
return result.AccessToken;
}
public string GetCRMConnectionString()
{
var secretvaultAddress = MyConfig.Settings.Sections["MyConfigSection"].Parameters["SecretVaultUrl"].Value;
var client = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(GetAccessToken));
return client.GetSecretAsync(secretvaultAddress).GetAwaiter().GetResult().Value;
}
答案 0 :(得分:0)
WebRequestHandler类型(在您的情况下创建其实例)是System.Net.Http.WebRequest.dll的一部分。如果您探索程序集的属性,您将找到应用它的下一个属性 -
[assembly:AllowPartiallyTrustedCallers]
此属性使程序集被视为SecurityTransparent。 WebRequestHandler派生自另一个程序集中定义的HttpClientHandler --System.Net.Http.dll。因此,可能在部署代码的环境中,System.Net.Http.dll缺少AllowPartiallyTrustedCallers,这使得它对安全性至关重要,这意味着违反规则 - 透明代码无法调用安全关键代码。
尝试通过为具有AllowPartiallyTrustedCallers属性的特定System.Net.Http.dll版本创建绑定规则或尝试显式创建HttpClient并将其传递到KeyVaultClient ctr来解决此问题。
有关详细信息和选项,请参阅此链接 - Inheritance security rules violated by type: 'System.Net.Http.WebRequestHandler'。