遵循的步骤:
我可以从GetToken()
方法中获取令牌,但会收到此错误:
Unhandled exception. System.Net.WebException: The remote server returned an error: (401) Unauthorized.
at System.Net.HttpWebRequest.GetResponse()
at KeyFromAzKeyVault.Program.FatchSecretKeyFromKeyVault(String token)
代码:
namespace KeyFromAzKeyVault
{
class Program
{
static void Main(string[] args)
{
var token = GetToken();
Console.WriteLine(token);
Console.WriteLine("*************FatchSecretKeyFromKeyVault from KV*********************");
string key = FatchSecretKeyFromKeyVault(token);
System.Console.WriteLine(key);
}
private static string FatchSecretKeyFromKeyVault(string token)
{
WebRequest kvrequest = WebRequest.Create("https://testkvaz203.vault.azure.net/secrets/testsecret/65c8c3b1e56e4a2fae0b6c8033c6b9ce?api-version=7.0");
kvrequest.Headers.Add("Authorization", "Bearer " + token);
WebResponse response = kvrequest.GetResponse();
return ParseWebResponse(response, "value");
}
private static string GetToken()
{
WebRequest request = WebRequest.Create("http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://vault.azure.net/");
request.Headers.Add("Metadata", "true");
request.Method = "GET";
WebResponse response = request.GetResponse();
return ParseWebResponse(response,"access_token");
}
private static string ParseWebResponse(WebResponse response, string tokenName)
{
string token = string.Empty;
using (Stream stream = response.GetResponseStream())
{
StreamReader streamResponse = new StreamReader(stream, Encoding.UTF8);
string stringResponse = streamResponse.ReadToEnd();
JObject JoResponse = JObject.Parse(stringResponse);
JValue Jobject = (JValue)JoResponse[tokenName];
token = Jobject.Value.ToString();
return token;
}
}
}
}
答案 0 :(得分:0)
您可能需要从GetToken()
WebRequest
中的资源查询字符串参数中删除尾随/。
更改WebRequest request = WebRequest.Create("http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://vault.azure.net/");
到WebRequest request = WebRequest.Create("http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://vault.azure.net");
当我对此进行测试时,我收到以下JSON错误响应,试图连接到Key Vault,因此如果以上操作不起作用,请捕获WebException
并检查其Response
属性以查看是否存在任何其他细节。
{
"error": {
"code": "Unauthorized",
"message": "AKV10022: Invalid audience. Expected https://vault.azure.net, found: https://vault.azure.net/."
}
}