[英]Accessing Azure KeyVault secrets only with a certificate installed on the machine
I use the following code to access my Azure KeyVault我使用以下代码访问我的 Azure KeyVault
public static string GetKeyVaultSecret(string keyVaultName, string secretName)
{
string secret = "";
string secretUrl = $"https://{keyVaultName}.vault.azure.net/secrets/{secretName}";
AzureServiceTokenProvider azureServiceTokenProvider = new AzureServiceTokenProvider();
var keyVaultClient = new KeyVaultClient(
new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
Task.Run(async () => {
var secretObject = await keyVaultClient.GetSecretAsync(secretUrl).ConfigureAwait(false);
secret = secretObject.Value;
}).GetAwaiter().GetResult();
return secret;
}
This works perfectly when I am logged in under my account.当我在我的帐户下登录时,这非常有效。 But of a login as a service account I get the error:
但是作为服务帐户登录时,我收到错误消息:
Parameters: Connection String: [No connection string specified], Resource:
https://vault.azure.net, Authority: https://login.windows.net/5a47d63b-1b7e-4d2d-9333-750184dcbc99.
Exception Message: Tried to get token using Active Directory Integrated Authentication.
Access token could not be acquired. unknown_user_type: Unknown User Type
I would like only the certificate to be used to authenticate and authorize access to the KeyVault and not in addition any Azure Active Directory account我只想使用证书来验证和授权对 KeyVault 的访问,而不是任何 Azure Active Directory 帐户
You'll need to set a connection string environment variable that points to the certificate and can be read by the application.您需要设置一个指向证书并且可由应用程序读取的连接字符串环境变量。
This is taken from https://docs.microsoft.com/en-us/dotnet/api/overview/azure/service-to-service-authentication#use-a-certificate-in-local-keystore-to-sign-into-azure-ad这取自https://docs.microsoft.com/en-us/dotnet/api/overview/azure/service-to-service-authentication#use-a-certificate-in-local-keystore-to-sign-天蓝色广告
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.