仅使用机器上安装的证书访问 Azure KeyVault 机密

Accessing Azure KeyVault secrets only with a certificate installed on the machine

我使用以下代码访问我的 Azure KeyVault

public static string GetKeyVaultSecret(string keyVaultName, string secretName)
{
    string secret = "";
    string secretUrl = $"https://{keyVaultName}.vault.azure.net/secrets/{secretName}";
    AzureServiceTokenProvider azureServiceTokenProvider = new AzureServiceTokenProvider();
    var keyVaultClient = new KeyVaultClient(
        new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
    Task.Run(async () => {
        var secretObject = await keyVaultClient.GetSecretAsync(secretUrl).ConfigureAwait(false);
        secret = secretObject.Value;
    }).GetAwaiter().GetResult();
    return secret;
}

当我以我的帐户登录时,这非常有效。但是作为服务帐户登录时,我收到错误消息:

Parameters: Connection String: [No connection string specified], Resource:
https://vault.azure.net, Authority: https://login.windows.net/5a47d63b-1b7e-4d2d-9333-750184dcbc99. 
Exception Message: Tried to get token using Active Directory Integrated Authentication.
 Access token could not be acquired. unknown_user_type: Unknown User Type

我只希望使用证书对 KeyVault 进行身份验证和授权访问,而不希望另外使用任何 Azure Active Directory 帐户

您需要设置一个连接字符串环境变量,该变量指向证书并且可以被应用程序读取。

这取自https://docs.microsoft.com/en-us/dotnet/api/overview/azure/service-to-service-authentication#use-a-certificate-in-local-keystore-to-sign-into-azure-ad