Managed Identity fails when running WebApp from Azure VM
Question
I have created a asp.net API that accesses KeyVault to get secrets.
When I run locally on my laptop, I use Managed Identity to access KeyVault with a dedicated Service Princiapl. (with AZURE_CLIENT_ID, AZURE_CLIENT_SECRET and AZURE_TENANT_ID set in my system environment variables).
This is working just fine.
Now I have created a VM in Azure to be used as a developer machine. All the tools are installed and configured like they are on my laptop.
But when I run the web API I get a 403 telling me the object ID #### does not have Get/List access to KeyVault. I've checked and the object ID matches the one of the VM. Indeed the VM does not have this access to KeyVault, however I'd expect the Web API to run with the configured AZURE_CLIENT_ID in my environment variables.
Am I missing something?
1 answers
solution1
0 2020-07-02 21:17:21
Ensure get/list operations are selected/enabled in the access policy created for your managed identity/service principal:
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.