将密钥保管库添加到我的应用程序会导致发布时出现启动错误(在本地工作)
Adding key vault to my app causes start up error when published (works locally)
每当我将 Azure 密钥保管库应用程序配置添加到我的 program.cs 文件时,我的 Web 应用程序都会遇到启动错误 500.30。在本地,我可以访问保险库并对其进行了测试,但一旦发布,我就会收到错误消息。
我已经尝试将系统和用户身份添加到我的 Web 应用程序,并通过 Azure 访问控制和访问策略授予它权限。我也已授予该应用程序访问整个资源的权限。我已经注释掉了这部分并且应用程序运行了,这就是为什么我将错误归因于密钥库。
public static IWebHost CreateWebHostBuilder(string[] args) =>
WebHost.CreateDefaultBuilder(args)
// this gets commented out to run properly
.ConfigureAppConfiguration((ctx, builder) =>
{
var keyVaultEndpoint = GetKeyVaultEndpoint();
if (!string.IsNullOrEmpty(keyVaultEndpoint))
{
var azureServiceTokenProvider = new AzureServiceTokenProvider();
var keyVaultClient = new KeyVaultClient(
new KeyVaultClient.AuthenticationCallback(
azureServiceTokenProvider.KeyVaultTokenCallback));
builder.AddAzureKeyVault(
keyVaultEndpoint, keyVaultClient, new DefaultKeyVaultSecretManager());
}
}
) // until here
.UseStartup<Startup>()
.Build();
private static string GetKeyVaultEndpoint() => "https://<vault name>.vault.azure.net/";
我希望能够访问密钥库。该应用程序在发布时抛出 HTTP 错误 500.30 - ANCM 进程内启动失败。
更新:
更改为 OutOfProcess 后,我现在收到错误 502.5。带有以下消息:
Unhandled Exception: Microsoft.Azure.Services.AppAuthentication.AzureServiceTokenProviderException: Parameters: Connection String: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net/<MyId>. Exception Message: Tried the following 3 methods to get an access token, but none of them worked.
Parameters: Connection String: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net/<MyId>. Exception Message: Tried to get token using Managed Service Identity. Access token could not be acquired. Failed after 5 retries. MSI ResponseCode: BadRequest, Response:
Parameters: Connection String: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net/<MyID>. Exception Message: Tried to get token using Visual Studio. Access token could not be acquired. Visual Studio Token provider file not found at "D:\local\LocalAppData\.IdentityService\AzureServiceAuth\tokenprovider.json"
Parameters: Connection String: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net/<MyId>. Exception Message: Tried to get token using Azure CLI. Access token could not be acquired. 'az' is not recognized as an internal or external command,
operable program or batch file.
我能够重现同样的问题,但我遇到了同样的错误,要解决这个问题,请尝试以下操作:
打开您的*.csproj 文件,找到 Property group tag
并将其更新为:
<PropertyGroup>
<TargetFramework>netcoreapp2.2</TargetFramework>
<AspNetCoreHostingModel>OutOfProcess</AspNetCoreHostingModel>
<AspNetCoreModuleName>AspNetCoreModule</AspNetCoreModuleName>
</PropertyGroup>
尝试看看是否有帮助。
每当我将 Azure 密钥保管库应用程序配置添加到我的 program.cs 文件时,我的 Web 应用程序都会遇到启动错误 500.30。在本地,我可以访问保险库并对其进行了测试,但一旦发布,我就会收到错误消息。
我已经尝试将系统和用户身份添加到我的 Web 应用程序,并通过 Azure 访问控制和访问策略授予它权限。我也已授予该应用程序访问整个资源的权限。我已经注释掉了这部分并且应用程序运行了,这就是为什么我将错误归因于密钥库。
public static IWebHost CreateWebHostBuilder(string[] args) =>
WebHost.CreateDefaultBuilder(args)
// this gets commented out to run properly
.ConfigureAppConfiguration((ctx, builder) =>
{
var keyVaultEndpoint = GetKeyVaultEndpoint();
if (!string.IsNullOrEmpty(keyVaultEndpoint))
{
var azureServiceTokenProvider = new AzureServiceTokenProvider();
var keyVaultClient = new KeyVaultClient(
new KeyVaultClient.AuthenticationCallback(
azureServiceTokenProvider.KeyVaultTokenCallback));
builder.AddAzureKeyVault(
keyVaultEndpoint, keyVaultClient, new DefaultKeyVaultSecretManager());
}
}
) // until here
.UseStartup<Startup>()
.Build();
private static string GetKeyVaultEndpoint() => "https://<vault name>.vault.azure.net/";
我希望能够访问密钥库。该应用程序在发布时抛出 HTTP 错误 500.30 - ANCM 进程内启动失败。
更新: 更改为 OutOfProcess 后,我现在收到错误 502.5。带有以下消息:
Unhandled Exception: Microsoft.Azure.Services.AppAuthentication.AzureServiceTokenProviderException: Parameters: Connection String: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net/<MyId>. Exception Message: Tried the following 3 methods to get an access token, but none of them worked.
Parameters: Connection String: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net/<MyId>. Exception Message: Tried to get token using Managed Service Identity. Access token could not be acquired. Failed after 5 retries. MSI ResponseCode: BadRequest, Response:
Parameters: Connection String: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net/<MyID>. Exception Message: Tried to get token using Visual Studio. Access token could not be acquired. Visual Studio Token provider file not found at "D:\local\LocalAppData\.IdentityService\AzureServiceAuth\tokenprovider.json"
Parameters: Connection String: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net/<MyId>. Exception Message: Tried to get token using Azure CLI. Access token could not be acquired. 'az' is not recognized as an internal or external command,
operable program or batch file.
我能够重现同样的问题,但我遇到了同样的错误,要解决这个问题,请尝试以下操作:
打开您的*.csproj 文件,找到 Property group tag
并将其更新为:
<PropertyGroup>
<TargetFramework>netcoreapp2.2</TargetFramework>
<AspNetCoreHostingModel>OutOfProcess</AspNetCoreHostingModel>
<AspNetCoreModuleName>AspNetCoreModule</AspNetCoreModuleName>
</PropertyGroup>
尝试看看是否有帮助。