仅使用计算机上安装的证书访问 Azure KeyVault 机密

Question

我使用以下代码访问我的 Azure KeyVault

public static string GetKeyVaultSecret(string keyVaultName, string secretName)
{
    string secret = "";
    string secretUrl = $"https://{keyVaultName}.vault.azure.net/secrets/{secretName}";
    AzureServiceTokenProvider azureServiceTokenProvider = new AzureServiceTokenProvider();
    var keyVaultClient = new KeyVaultClient(
        new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
    Task.Run(async () => {
        var secretObject = await keyVaultClient.GetSecretAsync(secretUrl).ConfigureAwait(false);
        secret = secretObject.Value;
    }).GetAwaiter().GetResult();
    return secret;
}

当我在我的帐户下登录时，这非常有效。 但是作为服务帐户登录时，我收到错误消息：

Parameters: Connection String: [No connection string specified], Resource:
https://vault.azure.net, Authority: https://login.windows.net/5a47d63b-1b7e-4d2d-9333-750184dcbc99. 
Exception Message: Tried to get token using Active Directory Integrated Authentication.
 Access token could not be acquired. unknown_user_type: Unknown User Type

我只想使用证书来验证和授权对 KeyVault 的访问，而不是任何 Azure Active Directory 帐户

Answer 1

您需要设置一个指向证书并且可由应用程序读取的连接字符串环境变量。

这取自https://docs.microsoft.com/en-us/dotnet/api/overview/azure/service-to-service-authentication#use-a-certificate-in-local-keystore-to-sign-天蓝色广告