C# Azure KeyVault:Azure.Identity.CredentialUnavailableException:DefaultAzureCredential未能从包含的凭据中检索令牌
我正在尝试将针对.net framework的aspnet核心应用程序与Azure Keyvault连接起来。在支持标识的新azure vm上,一切正常,但此应用程序托管在不支持标识的经典azure vm上。我创建了系统环境变量AzureServiceAuthConnectionString,其他几个带有Azure keyvault的.net framework应用程序已经在使用该变量,并且工作正常 查看我的标准日志,每次都会出现以下异常C# Azure KeyVault:Azure.Identity.CredentialUnavailableException:DefaultAzureCredential未能从包含的凭据中检索令牌,c#,.net,azure,asp.net-core,azure-keyvault,C#,.net,Azure,Asp.net Core,Azure Keyvault,我正在尝试将针对.net framework的aspnet核心应用程序与Azure Keyvault连接起来。在支持标识的新azure vm上,一切正常,但此应用程序托管在不支持标识的经典azure vm上。我创建了系统环境变量AzureServiceAuthConnectionString,其他几个带有Azure keyvault的.net framework应用程序已经在使用该变量,并且工作正常 查看我的标准日志,每次都会出现以下异常 Azure.Identity.CredentialUna
Azure.Identity.CredentialUnavailableException: DefaultAzureCredential failed to retrieve a token from the included credentials
EnvironmentCredential authentication unavailable. Environment variables are not fully configured
ManagedIdentityCredential authentication unavailable, the requested identity has not been assigned to this resource.
public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
WebHost.CreateDefaultBuilder(args)
.UseApplicationInsights(ConfigurationManager.AppSettings["applicationInsightsInstrumentationKey"])
.ConfigureKestrel(options => options.AddServerHeader = false)
.UseIISIntegration()
.ConfigureAppConfiguration((context, config) =>
{
var vaultName = ConfigurationManager.AppSettings["VaultName"];
if (!string.IsNullOrEmpty(vaultName))
{
var azureServiceTokenProvider = new AzureServiceTokenProvider();
var keyVaultClient = new KeyVaultClient(
new KeyVaultClient.AuthenticationCallback(
azureServiceTokenProvider.KeyVaultTokenCallback));
config.AddAzureKeyVault(
$"https://{vaultName}.vault.azure.net/",
keyVaultClient,
new DefaultKeyVaultSecretManager());
}
})
.UseStartup<Startup>();
公共静态IWebHostBuilder CreateWebHostBuilder(字符串[]args)=>
WebHost.CreateDefaultBuilder(args)
.UseApplicationInsights(ConfigurationManager.AppSettings[“applicationInsightsInstrumentationKey”])
.ConfigureKestrel(选项=>options.AddServerHeader=false)
.Useii整合()
.ConfigureAppConfiguration((上下文,配置)=>
{
var vaultName=ConfigurationManager.AppSettings[“vaultName”];
如果(!string.IsNullOrEmpty(Vault名称))
{
var azureServiceTokenProvider=新azureServiceTokenProvider();
var keyVaultClient=新的keyVaultClient(
新建KeyVaultClient.AuthenticationCallback(
azureServiceTokenProvider.KeyVaultTokenCallback);
config.AddAzureKeyVault(
$“https://{vaultName}.vault.azure.net/”,
KeyVault客户端,
新的DefaultKeyVaultSecretManager());
}
})
.UseStartup();
<configSections>
<section name="configBuilders" type="System.Configuration.ConfigurationBuildersSection, System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" restartOnExternalChanges="false" requirePermission="false"/>
</configSections>
<configBuilders>
<builders>
<add name="AzureKeyVault" vaultName="<#= this.VaultName #>" type="Microsoft.Configuration.ConfigurationBuilders.AzureKeyVaultConfigBuilder, Microsoft.Configuration.ConfigurationBuilders.Azure, Version=2.0.0.0, Culture=neutral" vaultUri="https://<#= this.VaultName #>.vault.azure.net" />
</builders>
</configBuilders>
<connectionStrings configBuilders="AzureKeyVault">
<add name="ConnectionString" connectionString="" providerName="System.Data.SqlClient"/>
</connectionStrings>
能否验证您正在设置以下系统
AZURE\u客户端\u IDAZURE\u租户\u IDAZURE\u CLIENT\u SECRET在Visual Studio中,转到工具>选项。展开“Azure服务验证”>“帐户选择”。如果您看到“重新输入您的凭据”链接,请单击该链接并再次登录。如果没有,请尝试通过右上角的Visual Studio配置文件进行常规注销+登录。我在VS2019应用程序中也遇到过这个问题。只需重新输入VS登录用户的凭据,该用户可以访问azure资源组
我希望它能解决这个问题。如果您在本地使用IIS而不是IIS Express运行站点,您可能需要在Azure帐户凭据下运行站点的应用程序池标识,以便在浏览器中登录到portal.Azure.com或dev.Azure.com时使用确切的凭据。你的拍拍不起作用 设置完成后,回收应用程序池 然后转到%windir%\System32\inetsrv\config\applicationHost.config 搜索“setProfileEnvironment”。如果设置为“false”,则将其更改为“true” 如果不存在,则将其添加到applicationPoolDefaults标记下,即
<applicationPoolDefaults managedRuntimeVersion="v4.0">
<processModel identityType="ApplicationPoolIdentity" loadUserProfile="true" setProfileEnvironment="true" />
</applicationPoolDefaults>