通过代理使用 KeyVaultClient
Using KeyVaultClient through a proxy
目前我在启动期间使用 Azure KeyVault 来加载一些这样的配置:
configBuilder
.AddAzureKeyVault(keyVaultConfigSection.Vault, GetKeyVaultClient(clientConfigSection, keyVaultConfigSection), new DefaultKeyVaultSecretManager())
.AddEnvironmentVariables();
private static KeyVaultClient GetKeyVaultClient(ClientConfigSection clientConfigSection, KeyVaultConfigSection keyVaultConfigSection)
{
HttpClient httpClient = null;
//proxy
if (!CustomEnvironment.NotProductionEnvironment())
{
var handler = new HttpClientHandler()
{
Proxy = new WebProxy(keyVaultConfigSection.Proxy),
UseProxy = true
};
httpClient = new HttpClient(handler);
}
return new KeyVaultClient(async (authority, resource, scope) =>
{
var authContext = new AuthenticationContext(authority);
var clientCred = new ClientCredential(clientConfigSection.ClientId, clientConfigSection.ClientSecret);
var result = await authContext.AcquireTokenAsync(resource, clientCred);
if (result == null)
throw new InvalidOperationException("Failed to retrieve access token for Key Vault");
return result.AccessToken;
}, httpClient ?? new HttpClient()
);
}
当我不在生产环境中时,这工作正常。
但是在我们的生产环境中,keyvault 被阻止了,所以我们必须通过代理。
但是当 运行 代码时我得到这个错误:Microsoft.Azure.KeyVault.Models.KeyVaultErrorException: 'Operation returned an invalid status code 'BadRequest''
有没有人以前做过这个并且可以指出正确的方向?
好像还没有修复,这里是workaround.
1.Referenced System.Net.Http.WinHttpHandler
用于访问 .NET Core 中的 WinHttpHandler 的 Nuget 包。
2.Created 继承自 KeyVaultCredential 并覆盖 ProcessHttpRequestAsync
方法的新 MyKeyVaultCredential
public override async Task ProcessHttpRequestAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
if (request == null)
{
throw new ArgumentNullException("request");
}
var accessToken = await PreAuthenticate(request.RequestUri).ConfigureAwait(false);
if (!string.IsNullOrEmpty(accessToken))
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
else
{
var httpClientHandler = new WinHttpHandler()
{
WindowsProxyUsePolicy = WindowsProxyUsePolicy.UseCustomProxy,
Proxy = new MyWebProxy(configuration),
SendTimeout = TimeSpan.FromSeconds(120),
ReceiveDataTimeout = TimeSpan.FromSeconds(120),
ReceiveHeadersTimeout = TimeSpan.FromSeconds(120),
};
3.When 我实例化了 KeyVaultService,我必须为 WinHttpHandler 提供我的代理和我的新密钥保管库凭据实例。
var httpClientHandler = new WinHttpHandler()
{
WindowsProxyUsePolicy = WindowsProxyUsePolicy.UseCustomProxy,
Proxy = new MyWebProxy(configuration),
SendTimeout = TimeSpan.FromSeconds(120),
ReceiveDataTimeout = TimeSpan.FromSeconds(120),
ReceiveHeadersTimeout= TimeSpan.FromSeconds(120),
};
var httpClient = new HttpClient(httpClientHandler);
client = new KeyVaultClient(new MyKeyVaultCredential(configuration, GetToken), httpClient)
希望对您有所帮助。
目前我在启动期间使用 Azure KeyVault 来加载一些这样的配置:
configBuilder
.AddAzureKeyVault(keyVaultConfigSection.Vault, GetKeyVaultClient(clientConfigSection, keyVaultConfigSection), new DefaultKeyVaultSecretManager())
.AddEnvironmentVariables();
private static KeyVaultClient GetKeyVaultClient(ClientConfigSection clientConfigSection, KeyVaultConfigSection keyVaultConfigSection)
{
HttpClient httpClient = null;
//proxy
if (!CustomEnvironment.NotProductionEnvironment())
{
var handler = new HttpClientHandler()
{
Proxy = new WebProxy(keyVaultConfigSection.Proxy),
UseProxy = true
};
httpClient = new HttpClient(handler);
}
return new KeyVaultClient(async (authority, resource, scope) =>
{
var authContext = new AuthenticationContext(authority);
var clientCred = new ClientCredential(clientConfigSection.ClientId, clientConfigSection.ClientSecret);
var result = await authContext.AcquireTokenAsync(resource, clientCred);
if (result == null)
throw new InvalidOperationException("Failed to retrieve access token for Key Vault");
return result.AccessToken;
}, httpClient ?? new HttpClient()
);
}
当我不在生产环境中时,这工作正常。 但是在我们的生产环境中,keyvault 被阻止了,所以我们必须通过代理。
但是当 运行 代码时我得到这个错误:Microsoft.Azure.KeyVault.Models.KeyVaultErrorException: 'Operation returned an invalid status code 'BadRequest''
有没有人以前做过这个并且可以指出正确的方向?
好像还没有修复,这里是workaround.
1.Referenced System.Net.Http.WinHttpHandler
用于访问 .NET Core 中的 WinHttpHandler 的 Nuget 包。
2.Created 继承自 KeyVaultCredential 并覆盖 ProcessHttpRequestAsync
方法的新 MyKeyVaultCredential
public override async Task ProcessHttpRequestAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
if (request == null)
{
throw new ArgumentNullException("request");
}
var accessToken = await PreAuthenticate(request.RequestUri).ConfigureAwait(false);
if (!string.IsNullOrEmpty(accessToken))
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
else
{
var httpClientHandler = new WinHttpHandler()
{
WindowsProxyUsePolicy = WindowsProxyUsePolicy.UseCustomProxy,
Proxy = new MyWebProxy(configuration),
SendTimeout = TimeSpan.FromSeconds(120),
ReceiveDataTimeout = TimeSpan.FromSeconds(120),
ReceiveHeadersTimeout = TimeSpan.FromSeconds(120),
};
3.When 我实例化了 KeyVaultService,我必须为 WinHttpHandler 提供我的代理和我的新密钥保管库凭据实例。
var httpClientHandler = new WinHttpHandler()
{
WindowsProxyUsePolicy = WindowsProxyUsePolicy.UseCustomProxy,
Proxy = new MyWebProxy(configuration),
SendTimeout = TimeSpan.FromSeconds(120),
ReceiveDataTimeout = TimeSpan.FromSeconds(120),
ReceiveHeadersTimeout= TimeSpan.FromSeconds(120),
};
var httpClient = new HttpClient(httpClientHandler);
client = new KeyVaultClient(new MyKeyVaultCredential(configuration, GetToken), httpClient)
希望对您有所帮助。