2

我们有一个 ASP.NET MVC .NET 4.7.2 项目,我想将标准 web.config 设置(appSettings 和 ConnectionStrings)迁移到 Azure Key Vault。

以这些网站为参考,

https://peterbozso.com/2019/03/18/key-vault-asp-net.html

https://www.taithienbo.com/how-to-retrieve-connection-strings-in-azure-key-vault-from-asp-net-using-configuration-builders-xml-transformation-and-azure-devops/

https://www.c-sharpcorner.com/article/integrating-azure-key-vaults-with-classic-asp-net-applications/

使用 configBuilders 似乎一切都相当简单。

我首先实现了标准的 Secrets 文件 configBuilder,并且所有工作都正常工作。

让 Azure Config Builder 正常工作是问题的根源。

主要问题是将用于本地调试的 Visual Studio 连接到 Key Vault。文档似乎表明将 Azure Key Vault 添加为连接服务,我已经这样做了。

所以在网络配置中给出以下内容

 <configSections>
    <section name="configBuilders" type="System.Configuration.ConfigurationBuildersSection, System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" restartOnExternalChanges="false" requirePermission="false" />
</configSections>
<configBuilders>
    <builders>
        <add name="AS_AzureKeyVault" prefix="AppSetting-" stripPrefix="true" vaultName="${KEY_VAULT_NAME}" type="Microsoft.Configuration.ConfigurationBuilders.AzureKeyVaultConfigBuilder, Microsoft.Configuration.ConfigurationBuilders.Azure, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
        <add name="CS_AzureKeyVault" prefix="ConnStr-" stripPrefix="true" vaultName="${KEY_VAULT_NAME}" type="Microsoft.Configuration.ConfigurationBuilders.AzureKeyVaultConfigBuilder, Microsoft.Configuration.ConfigurationBuilders.Azure, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
    </builders>
</configBuilders>
<appSettings configBuilders="AS_AzureKeyVault">
    <add key="KEY_VAULT_NAME" value="nameofvault" />
    <!-- ... -->
</appSettings>
<connectionStrings configBuilders="CS_AzureKeyVault">
    <add name="DBConn" connectionString="from key vault" />
    <!-- ... -->
</connectionStrings>

只是抛出错误 The configBuilder 'AS_AzureKeyVault' failed while processing the configuration section 'appSettings'.: Error in Configuration Builder 'AS_AzureKeyVault'::GetValue(KEY_VAULT_NAME)

以及关于堆栈跟踪 MsalServiceException: AADSTS70002: The client does not exist or is not enabled for consumers. 和进一步向下的 附加信息[AuthenticationFailedException: SharedTokenCacheCredential authentication failed.][AuthenticationFailedException: DefaultAzureCredential authentication failed.]

错误截图

这似乎是连接错误。据我了解,Visual Studio 连接服务使用我在 Visual Studio 中的凭据连接到 Azure Key Vault。我已确认这些凭据是正确的,并且“连接的服务”对话框正确列出了具有正确订阅和帐户的密钥保管库。我的机器上没有其他 Azure 帐户(尽管我确实有,并且已经全部删除,认为它可能使用了错误的帐户)。

我还尝试通过 AZ CLI 进行连接,以防万一它正在尝试这些凭据,并通过 CLI 确认使用正确的用户和订阅进行连接,但通过 Visual Studio 仍然没有运气。

我难住了。我使用的参考网站似乎使这变得微不足道。

涉及的包和版本

我在Visual Studio中新建了一个项目,ASP.NET MVC .NET Framework 4.7.2 Project,没有任何改动,只是想证明连接Azure Key Vault进行本地调试的概念。

<package id="Antlr" version="3.5.0.2" targetFramework="net472" />
  <package id="Azure.Core" version="1.0.2" targetFramework="net472" />
  <package id="Azure.Identity" version="1.1.1" targetFramework="net472" />
  <package id="Azure.Security.KeyVault.Keys" version="4.0.0" targetFramework="net472" />
  <package id="Azure.Security.KeyVault.Secrets" version="4.0.0" targetFramework="net472" />
  <package id="bootstrap" version="3.4.1" targetFramework="net472" />
  <package id="EntityFramework" version="6.4.4" targetFramework="net472" />
  <package id="jQuery" version="3.4.1" targetFramework="net472" />
  <package id="jQuery.Validation" version="1.17.0" targetFramework="net472" />
  <package id="Microsoft.AspNet.Mvc" version="5.2.7" targetFramework="net472" />
  <package id="Microsoft.AspNet.Razor" version="3.2.7" targetFramework="net472" />
  <package id="Microsoft.AspNet.Web.Optimization" version="1.1.3" targetFramework="net472" />
  <package id="Microsoft.AspNet.WebPages" version="3.2.7" targetFramework="net472" />
  <package id="Microsoft.Bcl.AsyncInterfaces" version="1.0.0" targetFramework="net472" />
  <package id="Microsoft.CodeDom.Providers.DotNetCompilerPlatform" version="2.0.1" targetFramework="net472" />
  <package id="Microsoft.Configuration.ConfigurationBuilders.Azure" version="2.0.0" targetFramework="net472" />
  <package id="Microsoft.Configuration.ConfigurationBuilders.Base" version="2.0.0" targetFramework="net472" />
  <package id="Microsoft.Configuration.ConfigurationBuilders.UserSecrets" version="2.0.0" targetFramework="net472" />
  <package id="Microsoft.Identity.Client" version="4.1.0" targetFramework="net472" />
  <package id="Microsoft.jQuery.Unobtrusive.Validation" version="3.2.11" targetFramework="net472" />
  <package id="Microsoft.Web.Infrastructure" version="1.0.0.0" targetFramework="net472" />
  <package id="Modernizr" version="2.8.3" targetFramework="net472" />
  <package id="Newtonsoft.Json" version="12.0.2" targetFramework="net472" />
  <package id="System.Buffers" version="4.5.0" targetFramework="net472" />
  <package id="System.Diagnostics.DiagnosticSource" version="4.6.0" targetFramework="net472" />
  <package id="System.Memory" version="4.5.3" targetFramework="net472" />
  <package id="System.Numerics.Vectors" version="4.5.0" targetFramework="net472" />
  <package id="System.Runtime.CompilerServices.Unsafe" version="4.6.0" targetFramework="net472" />
  <package id="System.Security.Cryptography.ProtectedData" version="4.5.0" targetFramework="net472" />
  <package id="System.Text.Encodings.Web" version="4.6.0" targetFramework="net472" />
  <package id="System.Text.Json" version="4.6.0" targetFramework="net472" />
  <package id="System.Threading.Tasks.Extensions" version="4.5.2" targetFramework="net472" />
  <package id="System.ValueTuple" version="4.5.0" targetFramework="net472" />
  <package id="WebGrease" version="1.6.0" targetFramework="net472" />
4

0 回答 0