将 Blazor WASM 应用程序连接到 Azure Key Vault
Connect Blazor WASM app to Azure Key Vault
我正在寻求你的帮助,因为我在将我的应用程序连接到 Azure 密钥保管库(主题标题)时遇到了一些问题。
我的项目架构是这样的:(我还不能上传图片)
Web.Client
- 属性
- wwwroot
- 共享
- ...
- Program.cs
Web.Server
- 属性
- 控制器
- 页数
- appsettings.json
- Startup.cs
- Program.cs
到目前为止,我设法使用 appsettings.json 文件连接到我的 AAD 以配置 ID 等,并且我在 Web.Client 部分的 Program.cs 文件中添加了 Msal 身份验证项目的。
要连接到我的密钥保管库,我已经在我的 Startup.cs 中完成了此操作(我正在学习本教程 https://docs.microsoft.com/en-us/azure/key-vault/general/tutorial-net-create-vault-azure-web-app):
SecretClientOptions options = new SecretClientOptions()
{
Retry =
{
Delay= TimeSpan.FromSeconds(2),
MaxDelay = TimeSpan.FromSeconds(16),
MaxRetries = 5,
Mode = RetryMode.Exponential
}
};
var client = new SecretClient(new Uri("https://<kv-name>.vault.azure.net/"), new DefaultAzureCredential());
KeyVaultSecret secret = client.GetSecret("test-secret");
string secretValue = secret.Value;
但我收到以下错误:
Azure.RequestFailedException : 'AKV10032: Invalid issuer. Expected one of https://sts.windows.net/<...>/, https://sts.windows.net/<...>/, https://sts.windows.net/<...>/, found https://sts.windows.net/<...>/.
Status: 401 (Unauthorized)
ErrorCode: Unauthorized
你可以参考我的代码,说不定对你有帮助
using Microsoft.Azure.KeyVault;
using Microsoft.IdentityModel.Clients.ActiveDirectory;
public static class KeyVaultHelper
{
private static string CLIENT_ID = "AppClientID";
private static string BASE_URI = "KeyVaultBaseURL";
private static string CLIENT_SECRECT = "ClientSecrect";
public static async Task FetchKey()
{
try
{
var client = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(GetAccessTokenAsync), new HttpClient());
var Key = await GetSecretAsync(client, "Test-secrect");
}
catch (Exception e)
{
throw;
}
}
public static async Task<byte[]> GetSecretAsync(KeyVaultClient client, string key)
{
var secret = await client.GetSecretAsync(BASE_URI, key);
return Convert.FromBase64String(secret.Value);
}
private static async Task<string> GetAccessTokenAsync(string authority, string resource, string scope)
{
var appCredentials = new ClientCredential(CLIENT_ID, CLIENT_SECRECT);
var context = new AuthenticationContext(authority, TokenCache.DefaultShared);
var result = await context.AcquireTokenAsync(resource, appCredentials);
return result.AccessToken;
}
}
注意 - 更改您的 ClientID,Base_URI 和 Client_Secrect
- 更新-
请注意,由于 CORS 问题,对 KeyVault 的调用在 WASM 上不起作用。
我正在寻求你的帮助,因为我在将我的应用程序连接到 Azure 密钥保管库(主题标题)时遇到了一些问题。
我的项目架构是这样的:(我还不能上传图片)
Web.Client
- 属性
- wwwroot
- 共享
- ...
- Program.cs
Web.Server
- 属性
- 控制器
- 页数
- appsettings.json
- Startup.cs
- Program.cs
到目前为止,我设法使用 appsettings.json 文件连接到我的 AAD 以配置 ID 等,并且我在 Web.Client 部分的 Program.cs 文件中添加了 Msal 身份验证项目的。
要连接到我的密钥保管库,我已经在我的 Startup.cs 中完成了此操作(我正在学习本教程 https://docs.microsoft.com/en-us/azure/key-vault/general/tutorial-net-create-vault-azure-web-app):
SecretClientOptions options = new SecretClientOptions()
{
Retry =
{
Delay= TimeSpan.FromSeconds(2),
MaxDelay = TimeSpan.FromSeconds(16),
MaxRetries = 5,
Mode = RetryMode.Exponential
}
};
var client = new SecretClient(new Uri("https://<kv-name>.vault.azure.net/"), new DefaultAzureCredential());
KeyVaultSecret secret = client.GetSecret("test-secret");
string secretValue = secret.Value;
但我收到以下错误:
Azure.RequestFailedException : 'AKV10032: Invalid issuer. Expected one of https://sts.windows.net/<...>/, https://sts.windows.net/<...>/, https://sts.windows.net/<...>/, found https://sts.windows.net/<...>/.
Status: 401 (Unauthorized)
ErrorCode: Unauthorized
你可以参考我的代码,说不定对你有帮助
using Microsoft.Azure.KeyVault;
using Microsoft.IdentityModel.Clients.ActiveDirectory;
public static class KeyVaultHelper
{
private static string CLIENT_ID = "AppClientID";
private static string BASE_URI = "KeyVaultBaseURL";
private static string CLIENT_SECRECT = "ClientSecrect";
public static async Task FetchKey()
{
try
{
var client = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(GetAccessTokenAsync), new HttpClient());
var Key = await GetSecretAsync(client, "Test-secrect");
}
catch (Exception e)
{
throw;
}
}
public static async Task<byte[]> GetSecretAsync(KeyVaultClient client, string key)
{
var secret = await client.GetSecretAsync(BASE_URI, key);
return Convert.FromBase64String(secret.Value);
}
private static async Task<string> GetAccessTokenAsync(string authority, string resource, string scope)
{
var appCredentials = new ClientCredential(CLIENT_ID, CLIENT_SECRECT);
var context = new AuthenticationContext(authority, TokenCache.DefaultShared);
var result = await context.AcquireTokenAsync(resource, appCredentials);
return result.AccessToken;
}
}
注意 - 更改您的 ClientID,Base_URI 和 Client_Secrect
- 更新- 请注意,由于 CORS 问题,对 KeyVault 的调用在 WASM 上不起作用。