将密钥保管库添加到我的应用程序后,在发布时会导致启动错误(在本地工作)

时间:2019-06-27 16:06:40

标签: c# azure asp.net-core azure-keyvault

每当我将Azure密钥保管库应用程序配置添加到program.cs文件时,我的Web应用程序就会遇到启动错误500.30。我在本地可以访问该保管库并进行了测试,但是一旦发布,我会收到错误消息。

我尝试将系统和用户身份添加到我的Web应用程序中,并通过Azure访问控制和访问策略授予其权限。我还为应用程序授予了访问整个资源的权限。我已经注释掉了这部分,应用程序开始运行,这就是为什么我将错误归因于密钥库。 

public static IWebHost CreateWebHostBuilder(string[] args) =>
           WebHost.CreateDefaultBuilder(args)

// this gets commented out to run properly
               .ConfigureAppConfiguration((ctx, builder) =>
               {
                   var keyVaultEndpoint = GetKeyVaultEndpoint();
                   if (!string.IsNullOrEmpty(keyVaultEndpoint))
                   {
                       var azureServiceTokenProvider = new AzureServiceTokenProvider();
                       var keyVaultClient = new KeyVaultClient(
                           new KeyVaultClient.AuthenticationCallback(
                               azureServiceTokenProvider.KeyVaultTokenCallback));
                       builder.AddAzureKeyVault(
                           keyVaultEndpoint, keyVaultClient, new DefaultKeyVaultSecretManager());
                   }


               }
               ) // until here 
               .UseStartup<Startup>()
               .Build();

private static string GetKeyVaultEndpoint() => "https://<vault name>.vault.azure.net/";

我希望能够访问密钥库。该应用发布后会引发HTTP错误500.30-ANCM进程内启动失败。

更新: 更改为OutOfProcess之后,我现在得到错误502.5。并显示以下消息:

Unhandled Exception: Microsoft.Azure.Services.AppAuthentication.AzureServiceTokenProviderException: Parameters: Connection String: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net/<MyId>. Exception Message: Tried the following 3 methods to get an access token, but none of them worked.
Parameters: Connection String: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net/<MyId>. Exception Message: Tried to get token using Managed Service Identity. Access token could not be acquired. Failed after 5 retries. MSI ResponseCode: BadRequest, Response: 
Parameters: Connection String: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net/<MyID>. Exception Message: Tried to get token using Visual Studio. Access token could not be acquired. Visual Studio Token provider file not found at "D:\local\LocalAppData\.IdentityService\AzureServiceAuth\tokenprovider.json"
Parameters: Connection String: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net/<MyId>. Exception Message: Tried to get token using Azure CLI. Access token could not be acquired. 'az' is not recognized as an internal or external command,
operable program or batch file.

1 个答案:

答案 0 :(得分:0)

我能够重现相同的问题,并且遇到相同的错误,因此请尝试以下操作来解决该问题:

打开您的* .csproj文件,找到 Property group tag 并将其更新为:

 <PropertyGroup>
    <TargetFramework>netcoreapp2.2</TargetFramework>       
    <AspNetCoreHostingModel>OutOfProcess</AspNetCoreHostingModel>
    <AspNetCoreModuleName>AspNetCoreModule</AspNetCoreModuleName>
  </PropertyGroup>

尝试看看是否有帮助。

相关问题
最新问题