如何使用用户凭据访问 Azure Key Vault?
[英]How do I access Azure Key Vault using user credentials?
问题描述
I'm trying to write a simple application to access Azure KeyVault using my own, domain joined credentials.
我正在尝试编写一个简单的应用程序来使用我自己的加入域的凭据访问 Azure KeyVault。 I don't know if it's the credentials part or how I'm accessing KeyVault, but I keep getting an "Invalid URI: The format of the URI could not be determined" exception.我不知道是凭证部分还是我访问 KeyVault 的方式,但我不断收到“无效的 URI:无法确定 URI 的格式”异常。 I am able to access KeyVault using Azure PowerShell cmdlets, but not using C#.我可以使用 Azure PowerShell cmdlet 访问 KeyVault,但不能使用 C#。
Here's the code I have:这是我的代码:
class Program
{
const string ClientId = "MY AAD CLIENT ID";
static void Main(string[] args)
{
Console.WriteLine("Hello, KeyVault!");
var client = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(GetAccessToken));
var secret = client.GetSecretAsync("vaultName", "secretName").Result; // Throws Invalid URI: The format of the URI could not be determined
Console.WriteLine(secret.Value);
Console.ReadLine();
}
private static async Task<string> GetAccessToken(string authority, string resource, string scope)
{
var context = new AuthenticationContext(authority, TokenCache.DefaultShared);
var authResult = await context.AcquireTokenAsync(resource, ClientId, new UserCredential());
return authResult.AccessToken;
}
}
What could be causing this?什么可能导致这种情况? I've scoured the internet and haven't found any sample code showing how to access KeyVault this way.我已经在互联网上搜索并没有找到任何显示如何以这种方式访问 KeyVault 的示例代码。
3 个解决方案
解决方案1
12 2018-03-29 04:25:34
As @varun-puranik said, you need t specify the vaultBaseUrl rather than the vault name.正如@varun-puranik 所说,您不需要指定vaultBaseUrl而不是保险库名称。
There is new nuget package that allow to connect to Azure Keyvault without specifying the Azure Active Directory Client Id.有新的 nuget 包允许在不指定 Azure Active Directory 客户端 ID 的情况下连接到Azure Keyvault 。
This approach works when you're using a managed identity当您使用托管身份时,此方法有效
You also need to install the Microsoft.Azure.KeyVault nuget package.您还需要安装Microsoft.Azure.KeyVault nuget 包。
using Microsoft.Azure.KeyVault;
using Microsoft.Azure.Services.AppAuthentication;
...
var azureServiceTokenProvider = new AzureServiceTokenProvider();
var keyVaultClient = new KeyVaultClient(
new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
var secret = await keyVaultClient.GetSecretAsync(
"https://{{my-vault-name}}.vault.azure.net/", "{{my-secret}}");
解决方案2
5 2016-06-12 19:40:09
The VaultName needs to be the URL to the KeyVault, not just the name of the Vault. VaultName 需要是 KeyVault 的 URL,而不仅仅是 Vault 的名称。 For example, if the name of your KeyVault is TestKeyVault, then you need to use the following code -例如,如果您的 KeyVault 的名称是 TestKeyVault,那么您需要使用以下代码 -
var secret = client.GetSecretAsync("https://testkeyvault.vault.azure.net:443", "secretName").Result;
Rest of your code looks fine.其余代码看起来不错。
解决方案3
1 2019-02-26 18:37:56
In your code, try passing your secret's version as a 3rd parameter.在您的代码中,尝试将您的机密版本作为第三个参数传递。
For example:例如:
var secret = client.GetSecretAsync("vaultName", "secretName", "secretVersion").Result;
解决方案4
1 2019-11-12 02:34:14
使用js我发现了一个解决方案,他们在其中使用节点连接到Azure密钥库并使用clientId,clientSecret等获取信息,这是链接
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.