Question

当前，我在启动过程中使用Azure KeyVault加载如下配置：

configBuilder
    .AddAzureKeyVault(keyVaultConfigSection.Vault, GetKeyVaultClient(clientConfigSection, keyVaultConfigSection), new DefaultKeyVaultSecretManager())
    .AddEnvironmentVariables();

private static KeyVaultClient GetKeyVaultClient(ClientConfigSection clientConfigSection, KeyVaultConfigSection keyVaultConfigSection)
{
    HttpClient httpClient = null;

    //proxy
    if (!CustomEnvironment.NotProductionEnvironment())
    {
        var handler = new HttpClientHandler()
        {
            Proxy = new WebProxy(keyVaultConfigSection.Proxy),
            UseProxy = true
        };
        httpClient = new HttpClient(handler);
    }

    return new KeyVaultClient(async (authority, resource, scope) =>
        {
            var authContext = new AuthenticationContext(authority);
            var clientCred = new ClientCredential(clientConfigSection.ClientId, clientConfigSection.ClientSecret);
            var result = await authContext.AcquireTokenAsync(resource, clientCred);
            if (result == null)
                throw new InvalidOperationException("Failed to retrieve access token for Key Vault");
            return result.AccessToken;
        }, httpClient ?? new HttpClient()
    );
}

当我不在生产环境中时，这可以正常工作。但是在我们的生产环境中，密钥库被阻止了，因此我们必须通过代理。

但是在运行代码时出现此错误：Microsoft.Azure.KeyVault.Models.KeyVaultErrorException: 'Operation returned an invalid status code 'BadRequest''

以前有没有人做过，可以指出正确的方向？

Answer 1

似乎尚未修复，这里是workaround。

1。引用的System.Net.Http.WinHttpHandler Nuget包可以访问.NET Core中的WinHttpHandler。

2。创建了一个新的MyKeyVaultCredential，它继承自KeyVaultCredential并覆盖了ProcessHttpRequestAsync方法

public override async Task ProcessHttpRequestAsync(HttpRequestMessage request, CancellationToken cancellationToken)
 {
     if (request == null)
     {
         throw new ArgumentNullException("request");
     }

     var accessToken = await PreAuthenticate(request.RequestUri).ConfigureAwait(false);
     if (!string.IsNullOrEmpty(accessToken))
         request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
     else
     {
         var httpClientHandler = new WinHttpHandler()
         {
             WindowsProxyUsePolicy = WindowsProxyUsePolicy.UseCustomProxy,
             Proxy = new MyWebProxy(configuration),
             SendTimeout = TimeSpan.FromSeconds(120),
             ReceiveDataTimeout = TimeSpan.FromSeconds(120),
             ReceiveHeadersTimeout = TimeSpan.FromSeconds(120),
         };

3。实例化KeyVaultService时，必须向WinHttpHandler提供代理和新的密钥库凭据实例。

var httpClientHandler = new WinHttpHandler()
     {
         WindowsProxyUsePolicy = WindowsProxyUsePolicy.UseCustomProxy,
         Proxy = new MyWebProxy(configuration),
         SendTimeout = TimeSpan.FromSeconds(120),
         ReceiveDataTimeout = TimeSpan.FromSeconds(120),
         ReceiveHeadersTimeout= TimeSpan.FromSeconds(120),
     };

     var httpClient = new HttpClient(httpClientHandler);

     client = new KeyVaultClient(new  MyKeyVaultCredential(configuration, GetToken), httpClient)

希望这会有所帮助。

通过代理使用KeyVaultClient

1 个答案: