stackoom
  简体   繁体   中英

How do I access Azure Key Vault using user credentials?

 原文  2016-04-27 17:21:17       c#/ azure/ azure-keyvault

Question

I'm trying to write a simple application to access Azure KeyVault using my own, domain joined credentials. I don't know if it's the credentials part or how I'm accessing KeyVault, but I keep getting an "Invalid URI: The format of the URI could not be determined" exception. I am able to access KeyVault using Azure PowerShell cmdlets, but not using C#.

Here's the code I have:

class Program
{
    const string ClientId = "MY AAD CLIENT ID";

    static void Main(string[] args)
    {
        Console.WriteLine("Hello, KeyVault!");
        var client = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(GetAccessToken));
        var secret = client.GetSecretAsync("vaultName", "secretName").Result; // Throws Invalid URI: The format of the URI could not be determined
        Console.WriteLine(secret.Value);
        Console.ReadLine();
    }

    private static async Task<string> GetAccessToken(string authority, string resource, string scope)
    {
        var context = new AuthenticationContext(authority, TokenCache.DefaultShared);
        var authResult = await context.AcquireTokenAsync(resource, ClientId, new UserCredential());
        return authResult.AccessToken;
    }
}

What could be causing this? I've scoured the internet and haven't found any sample code showing how to access KeyVault this way.

3 answers

solution1
 12  2018-03-29 04:25:34

As @varun-puranik said, you need t specify the vaultBaseUrl rather than the vault name.

There is new nuget package that allow to connect to Azure Keyvault without specifying the Azure Active Directory Client Id.
This approach works when you're using a managed identity

You also need to install the Microsoft.Azure.KeyVault nuget package.

using Microsoft.Azure.KeyVault;
using Microsoft.Azure.Services.AppAuthentication;

...

var azureServiceTokenProvider = new AzureServiceTokenProvider();
var keyVaultClient = new KeyVaultClient(
     new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
var secret = await keyVaultClient.GetSecretAsync(
    "https://{{my-vault-name}}.vault.azure.net/", "{{my-secret}}");

solution2
 5  2016-06-12 19:40:09

The VaultName needs to be the URL to the KeyVault, not just the name of the Vault. For example, if the name of your KeyVault is TestKeyVault, then you need to use the following code -

var secret = client.GetSecretAsync("https://testkeyvault.vault.azure.net:443", "secretName").Result;

Rest of your code looks fine.

solution3
 1  2019-02-26 18:37:56

In your code, try passing your secret's version as a 3rd parameter.

For example:

var secret = client.GetSecretAsync("vaultName", "secretName", "secretVersion").Result;

solution4
 1  2019-11-12 02:34:14

使用js我发现了一个解决方案,他们在其中使用节点连接到Azure密钥库并使用clientId,clientSecret等获取信息,这是链接

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Getting an access token for Azure Key Vault in Rider using Azure CLI Access Azure Key Vault stored secret using application not deployed in Azure How to use user-assigned managed identity to access Key Vault for Function App Config in Azure Azure Key Vault - Access denied Azure key vault: access denied How do I use the private key from a PFX certificate stored in Azure Key Vault in .NET Core 2? What do I gain by using Key Vault? How to fetch keys from key vault of azure using share access signature? How to access key vault from azure app service How to user Azure Key Vault with an Entity Framework connection string
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM