Sql server 通过KeyVault从Azure功能连接到SQL Server
我尝试通过使用密钥vault机密从本地azure函数连接到sql server。 我设置了一个函数启动类来配置连接:Sql server 通过KeyVault从Azure功能连接到SQL Server,sql-server,azure-functions,azure-keyvault,Sql Server,Azure Functions,Azure Keyvault,我尝试通过使用密钥vault机密从本地azure函数连接到sql server。 我设置了一个函数启动类来配置连接: [assembly: FunctionsStartup(typeof(MyNamespace.Startup))] //namespace public class Startup : FunctionsStartup { public Startup() { } public override void Configure(IFunctions
[assembly: FunctionsStartup(typeof(MyNamespace.Startup))]
//namespace
public class Startup : FunctionsStartup
{
public Startup()
{
}
public override void Configure(IFunctionsHostBuilder builder)
{
string basePath = IsDevelopmentEnvironment() ?
Environment.GetEnvironmentVariable("AzureWebJobsScriptRoot") :
$"{Environment.GetEnvironmentVariable("HOME")}\\site\\wwwroot";
var configurationBuilder = new ConfigurationBuilder()
.SetBasePath(basePath)
.AddJsonFile("local.settings.json", optional: true, reloadOnChange: false) // secrets go here. This file is excluded from source control.
.AddEnvironmentVariables();
var builtConfig = configurationBuilder.Build();
var azureServiceTokenProvider = new AzureServiceTokenProvider();
var keyVaultClient = new KeyVaultClient(
new KeyVaultClient.AuthenticationCallback(
azureServiceTokenProvider.KeyVaultTokenCallback));
configurationBuilder.AddAzureKeyVault($"https://{builtConfig.GetSection("KeyVaultSettings")["KeyVaultName"]}.vault.azure.net/",
keyVaultClient,
new DefaultKeyVaultSecretManager());
var builtConfigWithKeyVault = configurationBuilder.Build(); //necessary?
// Registering services
builder
.Services
.AddScoped<IUnitOfWork, UnitOfWork>()
.AddDbContext<DomainDbContext>(
options => options.UseSqlServer(builtConfigWithKeyVault.GetSection("KeyVaultSettings")["DatabaseConnectionStringSecretName"]));
}
public bool IsDevelopmentEnvironment()
{
return "Development".Equals(Environment.GetEnvironmentVariable("AZURE_FUNCTIONS_ENVIRONMENT"), StringComparison.OrdinalIgnoreCase);
}
}
我的问题是没有设置连接,因为在DBContextOptions中,连接字符串是“ConnectionString”
公共域DBContext(IServiceProvider服务提供者,DbContextOptions):基本(选项)
{
//选项具有错误的连接字符串
}
代码是否有问题,或者通常无法从本地Azure功能访问密钥库 如果要从Azure key vault获取连接字符串,请参考以下代码
[assembly: FunctionsStartup(typeof(FunctionApp1.Startup))]
namespace FunctionApp1
{
class Startup : FunctionsStartup
{
public override void Configure(IFunctionsHostBuilder builder)
{
string basePath = IsDevelopmentEnvironment() ?
Environment.GetEnvironmentVariable("AzureWebJobsScriptRoot") :
$"{Environment.GetEnvironmentVariable("HOME")}\\site\\wwwroot";
var configurationBuilder = new ConfigurationBuilder()
.SetBasePath(basePath)
.AddJsonFile("local.settings.json", optional: true, reloadOnChange: false)
.AddEnvironmentVariables();
var currentConfiguration = configurationBuilder.Build();
var azureServiceTokenProvider = new AzureServiceTokenProvider();
var kvClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
configurationBuilder
.AddAzureKeyVault($"https://{currentConfiguration["KeyVaultSettings:KeyVaultName"]}.vault.azure.net/",
kvClient, new DefaultKeyVaultSecretManager());
var keyConfig = configurationBuilder.Build();
var conStr= keyConfig.GetValue<string>(currentConfiguration["KeyVaultSettings:DatabaseConnectionStringSecretName"]);
builder.Services
.AddDbContext<DomainDbContext>(options => options.UseSqlServer(conStr));
}
public bool IsDevelopmentEnvironment()
{
return "Development".Equals(Environment.GetEnvironmentVariable("AZURE_FUNCTIONS_ENVIRONMENT"), StringComparison.OrdinalIgnoreCase);
}
}
}
public DomainDbContext(IServiceProvider serviceProvider, DbContextOptions<DomainDbContext> options) : base(options)
{
//options has wrong connection string
}
[assembly: FunctionsStartup(typeof(FunctionApp1.Startup))]
namespace FunctionApp1
{
class Startup : FunctionsStartup
{
public override void Configure(IFunctionsHostBuilder builder)
{
string basePath = IsDevelopmentEnvironment() ?
Environment.GetEnvironmentVariable("AzureWebJobsScriptRoot") :
$"{Environment.GetEnvironmentVariable("HOME")}\\site\\wwwroot";
var configurationBuilder = new ConfigurationBuilder()
.SetBasePath(basePath)
.AddJsonFile("local.settings.json", optional: true, reloadOnChange: false)
.AddEnvironmentVariables();
var currentConfiguration = configurationBuilder.Build();
var azureServiceTokenProvider = new AzureServiceTokenProvider();
var kvClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
configurationBuilder
.AddAzureKeyVault($"https://{currentConfiguration["KeyVaultSettings:KeyVaultName"]}.vault.azure.net/",
kvClient, new DefaultKeyVaultSecretManager());
var keyConfig = configurationBuilder.Build();
var conStr= keyConfig.GetValue<string>(currentConfiguration["KeyVaultSettings:DatabaseConnectionStringSecretName"]);
builder.Services
.AddDbContext<DomainDbContext>(options => options.UseSqlServer(conStr));
}
public bool IsDevelopmentEnvironment()
{
return "Development".Equals(Environment.GetEnvironmentVariable("AZURE_FUNCTIONS_ENVIRONMENT"), StringComparison.OrdinalIgnoreCase);
}
}
}
@Microsoft.KeyVault(SecretUri=https://myvault.vault.azure.net/secrets/mysecret/ec96f02080254f109c51a1f14cdb1931)