客户端地址未授权且调用方在 Azure 中不是受信任的服务

Question

I'm working on Azure. I have a windows service which accesses the Azure Key Vault.
My code is similar to this:

public static async Task<string> GetToken(string authority, string resource, string scope)
    {
        var authContext = new AuthenticationContext(authority);
        ClientCredential clientCred = new ClientCredential(...); //app id, app secret
        AuthenticationResult result = await authContext.AcquireTokenAsync(resource, clientCred);

        if (result == null)
            throw new InvalidOperationException("Failed to obtain the JWT token");

        return result.AccessToken;
    }

    public static string GetSecret(string secretName)
    {
        KeyVaultClient keyVaultClient = new KeyVaultClient(GetToken);
        try
        {
            return keyVaultClient.GetSecretAsync("my-key-vault-url", secretName).Result.Value;
        }
        catch(Exception ex)
        {
            return "Error";
        }
    }

After I build and deploy my windows service, I have started it. Then I'm getting this exception : Client address (IPaddress) is not authorized and caller is not a trusted service

But I'm able to do a telnet to the key vault :

telnet projectName-keyvault 443

I have searched for this issue, but couldn't find any solution.Any help in this regard will be highly helpful.

Answer 1

The error properly shows that your client IP address is not authorized.

You need to add the client IP of Firewalls and virtual networks in your Azure keyvault If you enable that.

Answer 2

I tried your code and i am able to fetch the data from the key vault.

Answer 3

what @Nancy Xiong - MSFT , has commented was the issue with my key Vault.

In firewalls and Virtual Networks of the key Vault, I have added the IP address from which it is accessing the key vault.It solved my problem.