Key Vault - 防火墙和虚拟网络:现有虚拟网络未获得授权
Key Vault - Firewalls and virtual networks: Existing virtual network is not authorized
我将密钥保管库配置为从我的应用程序签署 JWT,并且我限制了对特定虚拟网络和相关子网的访问。一开始工作正常,但突然停止工作,出现以下错误:
{"error":{"code":"Forbidden","message":"Client address (52.166.11.176) is not authorized and caller is not a trusted service","innererror":{"code":"ForbiddenByFirewall"}}}
我不得不允许所有网络来解决这个问题。
你知道这种行为吗?
谢谢
马里奥
发生错误是正常的,因为您限制了对指定虚拟网络的访问,但客户端地址并非来自该授权网络。请注意
The virtual network service endpoints for Azure Key Vault allow you to
restrict access to a specified virtual network. The endpoints also
allow you to restrict access to a list of IPv4 (internet protocol
version 4) address ranges. Any user connecting to your key vault from
outside those sources is denied access.
我建议你在限制对特定虚拟网络的网络访问之前完成密钥保管库配置。
我将密钥保管库配置为从我的应用程序签署 JWT,并且我限制了对特定虚拟网络和相关子网的访问。一开始工作正常,但突然停止工作,出现以下错误:
{"error":{"code":"Forbidden","message":"Client address (52.166.11.176) is not authorized and caller is not a trusted service","innererror":{"code":"ForbiddenByFirewall"}}}
我不得不允许所有网络来解决这个问题。
你知道这种行为吗?
谢谢
马里奥
发生错误是正常的,因为您限制了对指定虚拟网络的访问,但客户端地址并非来自该授权网络。请注意
The virtual network service endpoints for Azure Key Vault allow you to restrict access to a specified virtual network. The endpoints also allow you to restrict access to a list of IPv4 (internet protocol version 4) address ranges. Any user connecting to your key vault from outside those sources is denied access.
我建议你在限制对特定虚拟网络的网络访问之前完成密钥保管库配置。