如何从IIS上托管的.net代码访问密钥库机密
[英]How to access key vault secret from .net code hosted on IIS
问题描述
I have a Scenario: 
我有一个场景:
- Create Key vault with secret in Azure. 在Azure中使用秘密创建密钥保管库。
Access this secret in Code.
在代码中访问此机密。 - code is working in Local(tested using Azure CLI) 代码在本地运行(使用Azure CLI测试)
- Application hosted in Azure App service(MSI enable) working fine. 托管在Azure App服务(启用MSI)中的应用程序运行正常。
- We need to Host same application on Azure VM(MSI enable) IIS server-Not working 我们需要在Azure VM(启用MSI)IIS服务器上托管同一应用程序-无法正常工作
- code is working in Local(tested using Azure CLI)
I want the solution and suggestions for above point(Last point) 我想要以上几点的解决方案和建议(最后一点)
Code to Access Key vault Secret value 访问密钥库机密值的代码
var azureServiceTokenProvider = new AzureServiceTokenProvider();
var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
ConfigurationApp.ClientId = keyVaultClient.GetSecretAsync("https://test.vault.azure.net/", "testid").Result.Value;
Follow this Article - https://kasunkodagoda.com/2018/04/28/allow-application-running-on-an-azure-virtual-machine-to-access-azure-key-vault-using-managed-service-identity/ 遵循本文-https: //kasunkodagoda.com/2018/04/28/allow-application-running-on-an-azure-virtual-machine-to-access-azure-key-vault-using-managed-service-身份/
https://azure.microsoft.com/en-us/resources/samples/app-service-msi-keyvault-dotnet/ https://azure.microsoft.com/en-us/resources/samples/app-service-msi-keyvault-dotnet/
1 个解决方案
解决方案1
0 2018-08-29 06:25:07
I have fixed my issue:Access key vault secret from .net code hosted on Azure VM IIS 我已修复我的问题:从Azure VM IIS上托管的.net代码访问密钥库机密
public async Task getAppconfiguration2()
{
string URI = "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fvault.azure.net";
Uri uri = new Uri(String.Format(URI));
HttpClient _client = new HttpClient();
_client.DefaultRequestHeaders.Add("Metadata", "true");
HttpRequestMessage request = new HttpRequestMessage
{
// Content = new StringContent(body, Encoding.UTF8, "application/json"),
Method = HttpMethod.Get,
RequestUri = new Uri(URI)
};
var res = await _client.SendAsync(request);
var content = res.Content.ReadAsStringAsync();
JObject token = JsonConvert.DeserializeObject<JObject>(content.Result.ToString());
string token1 = token["access_token"].ToString();
ConfigurationApp.Encyptionkey = token1.ToString();
HttpClient _client1 = new HttpClient();
_client1.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", token1);
HttpRequestMessage request1 = new HttpRequestMessage
{
Method = HttpMethod.Get,
RequestUri = new Uri("https://test.vault.azure.net/secrets/clientid?api-version=2016-10-01")
};
var rs = _client1.SendAsync(request1);
var rk = rs.Result.Content.ReadAsStringAsync();
JObject clientjson = JsonConvert.DeserializeObject<JObject>(rk.Result.ToString());
ConfigurationApp.ClientId = clientjson["value"].ToString();
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.