AzureKeyVault ConfigurationBuilder 中的 connectionString 属性是什么样的?

What does the connectionString attribute look like in AzureKeyVault ConfigurationBuilder?

我正在尝试在 .NET 4.7.1 MVC 应用程序中使用新的 AzureKeyVault ConfigurationBuilder,当我在本地 运行 时不断收到配置错误:

Configuration Error
Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately. 

Parser Error Message: An error occurred loading a configuration file: One or more errors occurred.

Source Error: 


Line 13:     </builders>
Line 14:   </configBuilders>
Line 15:   <appSettings configBuilders="AzureKeyVault">
Line 16:     <add key="webpages:Version" value="3.0.0.0" />
Line 17:     <add key="webpages:Enabled" value="false" />

创建新的 .NET Framework 4.7.1 ASP.NET MVC web 项目后,我向 Azure Key Vault 添加了一个连接服务并定位了一个现有的保管库。我的web.config然后看了包括这一段:

<configuration>
  <configSections>
    <section name="configBuilders" type="System.Configuration.ConfigurationBuildersSection, System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" restartOnExternalChanges="false" requirePermission="false" />
  </configSections>
  <configBuilders>
    <builders>
      <add name="AzureKeyVault" vaultName="my-test-keyvault" connectionString="" type="Microsoft.Configuration.ConfigurationBuilders.AzureKeyVaultConfigBuilder, Microsoft.Configuration.ConfigurationBuilders.Azure, Version=1.0.0.0, Culture=neutral" vaultUri="https://WebApplication1-12-kv.vault.azure.net" />
    </builders>
  </configBuilders>
  <appSettings configBuilders="AzureKeyVault">
    <add key="webpages:Version" value="3.0.0.0" />
    <add key="webpages:Enabled" value="false" />
    <add key="ClientValidationEnabled" value="true" />
    <add key="UnobtrusiveJavaScriptEnabled" value="true" />
  </appSettings>
  <system.web>
    <compilation debug="true" targetFramework="4.7.1" />
    <httpRuntime targetFramework="4.7.1" />

我一直在 Internet 上搜索,试图找到 connectionString 应该是什么样子的示例,但没有成功。文档指出:

The vaultName is required. The other attributes allow you some manual control about which vault to connect to, but are only necessary if the application is not running in an environment that works magically with Microsoft.Azure.Services.AppAuthentication. The Azure Services Authentication library is used to automatically pick up connection information from the execution environment if possible, but you can override that feature by providing a connection string instead.

这里有什么建议或指示吗?谢谢

我可以使用以下代码在本地重现您的问题:

<add name="AzureKeyVault"
     mode="Strict"
     vaultName="MyVaultName"
     type="Microsoft.Configuration.ConfigurationBuilders.AzureKeyVaultConfigBuilder, Microsoft.Configuration.ConfigurationBuilders.Azure" />

如果您的应用程序 运行 在具有 的 Azure 服务上,这就是您从保管库读取配置并将其添加到您的应用程序所需的全部内容。相反,如果您没有 运行 使用 MSI 服务,您仍然可以通过添加以下属性来使用保管库:

clientId – 有权访问您的密钥保管库的 Azure Active Directory 应用程序密钥。

clientSecret – 与 clientId

对应的 Azure Active Directory 应用程序机密

我用下面的代码测试了一下,效果不错,你可以参考一下。

<configSections>
    <section name="configBuilders" type="System.Configuration.ConfigurationBuildersSection, System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" restartOnExternalChanges="false" requirePermission="false" />
  </configSections>
  <configBuilders>
    <builders>
      <add name="KeyVault" mode="Strict" prefix="conn_" stripPrefix="true" 
       clientId="MyId" clientSecret="mySecret" vaultName="MyVault"
       type="Microsoft.Configuration.ConfigurationBuilders.AzureKeyVaultConfigBuilder, Microsoft.Configuration.ConfigurationBuilders.Azure" />
    </builders>
  </configBuilders>

更多细节,你可以参考这个article

链接文章 (Announcing .NET 4.7.1 Tools for the Cloud) 中链接的文档已过时。 AzureKeyVaultConfigBuilder class 上没有 clientIdclientSecret 属性。

但是有一个 connectionString 属性。有关如何在本地 运行 时构建该连接字符串的详细信息,请参阅本文:Service-to-service authentication to Azure Key Vault using .NET.

这是对我有用的方法:

RunAs=App;AppId={AppId};TenantId={TenantId};AppKey={ClientSecret}

所有这三个值(AppId、TenantId 和 AppKey)在 Azure 中应用程序的 AD 条目中可用。