C# &引用;HTTP错误502.5-进程失败“;使用ASP.NET Core 2.1 WebAPI访问Azure PaaS中的Azure密钥库
尝试使用托管服务标识访问Azure Key Vault时,我收到一个错误“HTTP错误502.5-进程失败”/“操作返回了无效的状态代码‘禁止’”。在Visual Studio中调试时可以工作,但发布到Azure web应用时,它返回502.5错误 我怀疑这与Azure密钥保管库的权限有关。因为我可以在Visual Studio中本地运行它(这是一个新的密钥保管库)-我知道我有权限。我不确定该web应用在Azure中运行的用户是谁,并怀疑该web应用需要访问密钥库,但我希望通过启用“托管服务标识”来处理此问题 如何正确配置应用程序以使用托管服务标识访问密钥库? 复制步骤:C# &引用;HTTP错误502.5-进程失败“;使用ASP.NET Core 2.1 WebAPI访问Azure PaaS中的Azure密钥库,c#,azure,asp.net-core,asp.net-core-2.1,azure-keyvault,C#,Azure,Asp.net Core,Asp.net Core 2.1,Azure Keyvault,尝试使用托管服务标识访问Azure Key Vault时,我收到一个错误“HTTP错误502.5-进程失败”/“操作返回了无效的状态代码‘禁止’”。在Visual Studio中调试时可以工作,但发布到Azure web应用时,它返回502.5错误 我怀疑这与Azure密钥保管库的权限有关。因为我可以在Visual Studio中本地运行它(这是一个新的密钥保管库)-我知道我有权限。我不确定该web应用在Azure中运行的用户是谁,并怀疑该web应用需要访问密钥库,但我希望通过启用“托管服务标识
Description: The process was terminated due to an unhandled exception.
Exception Info: Microsoft.Azure.KeyVault.Models.KeyVaultErrorException: Operation returned an invalid status code 'Forbidden'
at Microsoft.Azure.KeyVault.KeyVaultClient.GetSecretsWithHttpMessagesAsync(String vaultBaseUrl, Nullable`1 maxresults, Dictionary`2 customHeaders, CancellationToken cancellationToken)
at Microsoft.Azure.KeyVault.KeyVaultClientExtensions.GetSecretsAsync(IKeyVaultClient operations, String vaultBaseUrl, Nullable`1 maxresults, CancellationToken cancellationToken)
at Microsoft.Extensions.Configuration.AzureKeyVault.AzureKeyVaultConfigurationProvider.LoadAsync()
at Microsoft.Extensions.Configuration.AzureKeyVault.AzureKeyVaultConfigurationProvider.Load()
at Microsoft.Extensions.Configuration.ConfigurationRoot..ctor(IList`1 providers)
at Microsoft.Extensions.Configuration.ConfigurationBuilder.Build()
at MyKeyVaultTest.Service.Program.<>c.<CreateWebHostBuilder>b__1_0(WebHostBuilderContext context, IConfigurationBuilder config) in D:\a\1\s\MyKeyVaultTest\MyKeyVaultTest.Service\Program.cs:line 27
at Microsoft.AspNetCore.Hosting.WebHostBuilder.BuildCommonServices(AggregateException& hostingStartupErrors)
at Microsoft.AspNetCore.Hosting.WebHostBuilder.Build()
at MyKeyVaultTest.Service.Program.Main(String[] args) in D:\a\1\s\MyKeyVaultTest\MyKeyVaultTest.Service\Program.cs:line 17
- AspNetCore.KeyVault
- Microsoft.Azure.Services.AppAuthentication
{
"Logging": {
"LogLevel": {
"Default": "Warning"
}
},
"AllowedHosts": "*",
"AppSettings": {
"KeyVaultURL": "https://mytestkeyvault.vault.azure.net/"
}
}
using Microsoft.AspNetCore;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.Logging;
namespace MyKeyVaultTest.Service
{
public class Program
{
public static void Main(string[] args)
{
CreateWebHostBuilder(args).Build().Run();
}
public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
WebHost.CreateDefaultBuilder(args)
.ConfigureAppConfiguration((context, config) =>
{
IConfigurationRoot builtConfig = config.Build();
ConfigurationBuilder keyVaultConfigBuilder = new ConfigurationBuilder();
keyVaultConfigBuilder.AddAzureKeyVault(builtConfig["AppSettings:KeyVaultURL"]);
IConfigurationRoot keyVaultConfig = keyVaultConfigBuilder.Build();
config.AddConfiguration(keyVaultConfig);
})
.UseStartup<Startup>();
}
}
Description: The process was terminated due to an unhandled exception.
Exception Info: Microsoft.Azure.KeyVault.Models.KeyVaultErrorException: Operation returned an invalid status code 'Forbidden'
at Microsoft.Azure.KeyVault.KeyVaultClient.GetSecretsWithHttpMessagesAsync(String vaultBaseUrl, Nullable`1 maxresults, Dictionary`2 customHeaders, CancellationToken cancellationToken)
at Microsoft.Azure.KeyVault.KeyVaultClientExtensions.GetSecretsAsync(IKeyVaultClient operations, String vaultBaseUrl, Nullable`1 maxresults, CancellationToken cancellationToken)
at Microsoft.Extensions.Configuration.AzureKeyVault.AzureKeyVaultConfigurationProvider.LoadAsync()
at Microsoft.Extensions.Configuration.AzureKeyVault.AzureKeyVaultConfigurationProvider.Load()
at Microsoft.Extensions.Configuration.ConfigurationRoot..ctor(IList`1 providers)
at Microsoft.Extensions.Configuration.ConfigurationBuilder.Build()
at MyKeyVaultTest.Service.Program.<>c.<CreateWebHostBuilder>b__1_0(WebHostBuilderContext context, IConfigurationBuilder config) in D:\a\1\s\MyKeyVaultTest\MyKeyVaultTest.Service\Program.cs:line 27
at Microsoft.AspNetCore.Hosting.WebHostBuilder.BuildCommonServices(AggregateException& hostingStartupErrors)
at Microsoft.AspNetCore.Hosting.WebHostBuilder.Build()
at MyKeyVaultTest.Service.Program.Main(String[] args) in D:\a\1\s\MyKeyVaultTest\MyKeyVaultTest.Service\Program.cs:line 17
在Web应用程序中启用托管服务标识将创建一个在Azure中使用的标识。您仍然需要授予该身份在密钥库上的必要权限
在Web应用程序中启用MSI后,它将显示为可以在密钥库的权限配置中分配权限的用户。谢谢。我在你发这个之前一分钟就知道了。在启用MSI后,我是否需要将该主体添加到密钥库中还不清楚。当您启用MSI时,我认为应该更清楚,主体已经创建,需要分配权限。现在,要了解如何在ARM模板中执行此操作,您不需要使用
AspNetCore.KeyVault["Hello","Goodbye"]
Description: The process was terminated due to an unhandled exception.
Exception Info: Microsoft.Azure.KeyVault.Models.KeyVaultErrorException: Operation returned an invalid status code 'Forbidden'
at Microsoft.Azure.KeyVault.KeyVaultClient.GetSecretsWithHttpMessagesAsync(String vaultBaseUrl, Nullable`1 maxresults, Dictionary`2 customHeaders, CancellationToken cancellationToken)
at Microsoft.Azure.KeyVault.KeyVaultClientExtensions.GetSecretsAsync(IKeyVaultClient operations, String vaultBaseUrl, Nullable`1 maxresults, CancellationToken cancellationToken)
at Microsoft.Extensions.Configuration.AzureKeyVault.AzureKeyVaultConfigurationProvider.LoadAsync()
at Microsoft.Extensions.Configuration.AzureKeyVault.AzureKeyVaultConfigurationProvider.Load()
at Microsoft.Extensions.Configuration.ConfigurationRoot..ctor(IList`1 providers)
at Microsoft.Extensions.Configuration.ConfigurationBuilder.Build()
at MyKeyVaultTest.Service.Program.<>c.<CreateWebHostBuilder>b__1_0(WebHostBuilderContext context, IConfigurationBuilder config) in D:\a\1\s\MyKeyVaultTest\MyKeyVaultTest.Service\Program.cs:line 27
at Microsoft.AspNetCore.Hosting.WebHostBuilder.BuildCommonServices(AggregateException& hostingStartupErrors)
at Microsoft.AspNetCore.Hosting.WebHostBuilder.Build()
at MyKeyVaultTest.Service.Program.Main(String[] args) in D:\a\1\s\MyKeyVaultTest\MyKeyVaultTest.Service\Program.cs:line 17