我正在尝试使用带有OpenIdConnect的.net core 2.1创建一个Azure密钥库。
我尝试过的方法:-
我试图参考以下已对堆栈溢出的问题进行解答
和其他
Nuget软件包:-Microsoft.Azure.Management.KeyVault
代码:-
private async Task AddKeyVaultAsync()
{
var clientId = "xxxx";
var tenantId = "xxxx";
var clientSecret = "xxxx";
var objectId = "xxxx";
var subscriptionId = "xxx";
// The resource group to create the vault in.
string resourceGroupName = "Vaults-Resource-Group";
// The name of the vault to create.
string vaultName = "web-app-01-vault";
var parameters = new VaultCreateOrUpdateParameters()
{
Location = "southeast asia",
Properties = new VaultProperties()
{
TenantId = Guid.Parse(tenantId),
AccessPolicies = new List<AccessPolicyEntry>()
{
new AccessPolicyEntry
{
TenantId = Guid.Parse(tenantId),
ObjectId = objectId,
Permissions = new Permissions
{
Secrets = new List<string> { "all" },
Keys = new string[] { "all" }
}
}
}
}
};
//problem in following line
var tokenCredentials = new TokenCloudCredentials(subscriptionId, token);
var keyVaultManagementClient = new KeyVaultManagementClient(tokenCredentials);
// Create the vault
await keyVaultManagementClient.Vaults.CreateOrUpdateAsync(resourceGroupName, vaultName, parameters);
}
但是我被困在
//problem in the following line
var tokenCredentials = new TokenCloudCredentials(subscriptionId, token);
如何创建令牌(TokenCloudCredentials中的参数)和TokenCloudCredentials? 我应该使用哪个Nuget程序包来创建TokenCloudCredentials?
我也尝试使用:-
IConfidentialClientApplication confidentialClientApplication = ConfidentialClientApplicationBuilder
.Create(clientId)
.WithTenantId(tenantId)
.WithClientSecret(clientSecret)
.Build();
创建KeyVaultManagementClient。但我不确定该怎么办?
还有其他(更好)的方式来创建KeyVaultManagementClient吗?
答案 0 :(得分:0)
代码显示了如何使用客户端凭据流获取访问令牌。
var app = ConfidentialClientApplicationBuilder.Create(config.ClientId)
.WithAuthority(AzureCloudInstance.AzurePublic, "{tenantID}")
.WithClientSecret(config.ClientSecret)
.Build();
string[] scopes = new string[] { "https://graph.microsoft.com/.default" };
var result = await app.AcquireTokenForClient(scopes).ExecuteAsync();
var token = result.accessToken;
有关更多详细信息,请参见here。
更新:
使用.net core 2.1创建密钥库的sample
答案 1 :(得分:0)
在从代码访问 Key Vault 之前,请确保在 Azure 中配置了 MSI(托管服务标识)
要启用 Azure Key Vault,您需要在下面安装 包。
PM> Install-Package Azure.Security.KeyVault.Secrets
PM> Install-Package Microsoft.Extensions.Configuration.AzureKeyVault
PM> Install-Package Azure.Identity
PM> Install-Package Azure.Extensions.AspNetCore.Configuration.Secrets
#region Imports
using Microsoft.AspNetCore.Hosting;
using Microsoft.Azure.KeyVault;
using Microsoft.Azure.Services.AppAuthentication;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.Configuration.AzureKeyVault;
using Microsoft.Extensions.Hosting;
#endregion
namespace AzureKeyVaultLabs.Web
{
public class Program
{
public static void Main(string[] args)
{
CreateHostBuilder(args).Build().Run();
}
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureAppConfiguration((context, config) =>
{
var settings = config.Build();
if (!context.HostingEnvironment.IsDevelopment())
{
var keyVaultEndpoint = settings["AzureKeyVaultEndpoint"];
if (!string.IsNullOrEmpty(keyVaultEndpoint))
{
var azureServiceTokenProvider = new AzureServiceTokenProvider();
var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
config.AddAzureKeyVault(keyVaultEndpoint, keyVaultClient, new DefaultKeyVaultSecretManager());
}
}
}
}
public class Startup : FunctionsStartup
{
public override void ConfigureAppConfiguration(IFunctionsConfigurationBuilder builder)
{
if (builder != null)
{
//give your app configuration store endpoint
string connectionString = Environment.GetEnvironmentVariable("AppConfigurationConnectionString");
if (!string.IsNullOrEmpty(connectionString))
{
builder.ConfigurationBuilder.AddAzureAppConfiguration(connectionString);
}
var settings = builder.ConfigurationBuilder.Build();
var keyVaultEndpoint = settings["VaultName"];// Add key vault name in configuration
if (!string.IsNullOrEmpty(keyVaultEndpoint))
{
builder.ConfigurationBuilder
.SetBasePath(Environment.CurrentDirectory)
.AddAzureKeyVault(new Uri(keyVaultEndpoint), new DefaultAzureCredential())
.AddEnvironmentVariables()
.Build();
}
}
}