[英]Managed Identity fails when running WebApp from Azure VM
I have created a asp.net API that accesses KeyVault to get secrets.我创建了一个访问 KeyVault 以获取机密的 asp.net API。
When I run locally on my laptop, I use Managed Identity to access KeyVault with a dedicated Service Princiapl.当我在笔记本电脑上本地运行时,我使用托管身份通过专用服务原则访问 KeyVault。 (with AZURE_CLIENT_ID, AZURE_CLIENT_SECRET and AZURE_TENANT_ID set in my system environment variables).
(在我的系统环境变量中设置了 AZURE_CLIENT_ID、AZURE_CLIENT_SECRET 和 AZURE_TENANT_ID)。
This is working just fine.这工作得很好。
Now I have created a VM in Azure to be used as a developer machine.现在我在 Azure 中创建了一个 VM,用作开发人员机器。 All the tools are installed and configured like they are on my laptop.
所有工具都像在我的笔记本电脑上一样安装和配置。
But when I run the web API I get a 403 telling me the object ID #### does not have Get/List access to KeyVault.但是当我运行 web API 时,我收到一个 403,告诉我 object ID #### 没有对 KeyVault 的获取/列出访问权限。 I've checked and the object ID matches the one of the VM.
我检查过,object ID 与 VM 之一匹配。 Indeed the VM does not have this access to KeyVault, however I'd expect the Web API to run with the configured AZURE_CLIENT_ID in my environment variables.
实际上,VM 没有对 KeyVault 的访问权限,但是我希望 Web API 可以在我的环境变量中使用配置的 AZURE_CLIENT_ID 运行。
Am I missing something?我错过了什么吗?
Ensure get/list operations are selected/enabled in the access policy created for your managed identity/service principal:确保在为您的托管身份/服务主体创建的访问策略中选择/启用了 get/list 操作:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.