我正在使用依赖注入来加载 Azure 应用程序配置连接字符串,并且它的 KV 引用凭据使用 DefaultAzureCredential。此配置适用于我们以相同方式开发和部署的所有其他功能。只有这个给我带来了问题。
注意:尽管出现错误消息,该函数在 Azure 中仍按预期工作。如果应用程序正常运行,这个错误意味着什么。
AZFD0005
Diagnostic event
Error code
AZFD0005
Level
Error
Message
Error building configuration in an external startup class.
Details
Microsoft.Azure.WebJobs.Script.ExternalStartupException : Error building configuration in an external startup class. ---> Microsoft.Extensions.Configuration.AzureAppConfiguration.KeyVaultReferenceException : ManagedIdentityCredential authentication failed: Service request failed. Status: 400 (Bad Request) Content: Headers: Date: Wed, 17 May 2023 08:33:29 GMT Server: Kestrel Transfer-Encoding: chunked X-CORRELATION-ID: REDACTED Content-Type: application/json; charset=utf-8 See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/managedidentitycredential/troubleshoot. ErrorCode:, Key:AADCosmosDbPrimaryKeyKV, Label:, Etag:RkLTY1--bNFdppGrHvS5fQZQmcxXnmgd_yTEv82Vhbc, SecretIdentifier:https://uksgmdaiaadkvdev.vault.azure.net/secrets/AADCosmosDbPrimaryKeyKVDEV ---> Azure.Identity.AuthenticationFailedException : ManagedIdentityCredential authentication failed: Service request failed. Status: 400 (Bad Request) Content: Headers: Date: Wed, 17 May 2023 08:33:29 GMT Server: Kestrel Transfer-Encoding: chunked X-CORRELATION-ID: REDACTED Content-Type: application/json; charset=utf-8 See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/managedidentitycredential/troubleshoot ---> Azure.RequestFailedException : Service request failed. Status: 400 (Bad Request) Content: Headers: Date: Wed, 17 May 2023 08:33:29 GMT Server: Kestrel Transfer-Encoding: chunked X-CORRELATION-ID: REDACTED Content-Type: application/json; charset=utf-8 at async Azure.Identity.ManagedIdentitySource.HandleResponseAsync(Boolean async,TokenRequestContext context,Response response,CancellationToken cancellationToken) at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at async Azure.Identity.ManagedIdentitySource.AuthenticateAsync(Boolean async,TokenRequestContext context,CancellationToken cancellationToken) at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at async Azure.Identity.ManagedIdentityClient.AuthenticateAsync(Boolean async,TokenRequestContext context,CancellationToken cancellationToken) at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at async Azure.Identity.ManagedIdentityCredential.GetTokenImplAsync(Boolean async,TokenRequestContext requestContext,CancellationToken cancellationToken) End of inner exception at Azure.Identity.CredentialDiagnosticScope.FailWrapAndThrow(Exception ex,String additionalMessage) at async Azure.Identity.ManagedIdentityCredential.GetTokenImplAsync(Boolean async,TokenRequestContext requestContext,CancellationToken cancellationToken) at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at async Azure.Identity.ManagedIdentityCredential.GetTokenAsync(TokenRequestContext requestContext,CancellationToken cancellationToken) at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at async Azure.Identity.DefaultAzureCredential.GetTokenFromSourcesAsync(TokenCredential[] sources,TokenRequestContext requestContext,Boolean async,CancellationToken cancellationToken) at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at async Azure.Identity.DefaultAzureCredential.GetTokenImplAsync(Boolean async,TokenRequestContext requestContext,CancellationToken cancellationToken) at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at Azure.Identity.CredentialDiagnosticScope.FailWrapAndThrow(Exception ex,String additionalMessage) at async Azure.Identity.DefaultAzureCredential.GetTokenImplAsync(Boolean async,TokenRequestContext requestContext,CancellationToken cancellationToken) at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at async Azure.Identity.DefaultAzureCredential.GetTokenAsync(TokenRequestContext requestContext,CancellationToken cancellationToken) at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at async Azure.Security.KeyVault.ChallengeBasedAuthenticationPolicy.AuthenticateRequestAsync(HttpMessage message,Boolean async) at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at async Azure.Security.KeyVault.ChallengeBasedAuthenticationPolicy.ProcessCoreAsync(HttpMessage message,ReadOnlyMemory`1 pipeline,Boolean async) at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at async Azure.Core.Pipeline.RedirectPolicy.ProcessAsync(??) at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at async Azure.Core.Pipeline.RetryPolicy.ProcessAsync(??) at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at async Azure.Core.Pipeline.RetryPolicy.ProcessAsync(??) at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at async Azure.Core.Pipeline.HttpPipeline.SendRequestAsync(Request request,CancellationToken cancellationToken) at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at async Azure.Security.KeyVault.KeyVaultPipeline.SendRequestAsync(??) at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at async Azure.Security.KeyVault.KeyVaultPipeline.SendRequestAsync[TResult](??) at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at async Azure.Security.KeyVault.Secrets.SecretClient.GetSecretAsync(String name,String version,CancellationToken cancellationToken) at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at async Microsoft.Extensions.Configuration.AzureAppConfiguration.AzureKeyVault.AzureKeyVaultSecretProvider.GetSecretValue(Uri secretUri,String key,CancellationToken cancellationToken) at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at async Microsoft.Extensions.Configuration.AzureAppConfiguration.AzureKeyVault.AzureKeyVaultKeyValueAdapter.ProcessKeyValue(ConfigurationSetting setting,CancellationToken cancellationToken) End of inner exception at async Microsoft.Extensions.Configuration.AzureAppConfiguration.AzureKeyVault.AzureKeyVaultKeyValueAdapter.ProcessKeyValue(ConfigurationSetting setting,CancellationToken cancellationToken) at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at async Microsoft.Extensions.Configuration.AzureAppConfiguration.AzureAppConfigurationProvider.ProcessAdapters(ConfigurationSetting setting,CancellationToken cancellationToken) at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at async Microsoft.Extensions.Configuration.AzureAppConfiguration.AzureAppConfigurationProvider.SetData(IDictionary`2 data,Boolean ignoreFailures,CancellationToken cancellationToken) at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at async Microsoft.Extensions.Configuration.AzureAppConfiguration.AzureAppConfigurationProvider.LoadAll(Boolean ignoreFailures,CancellationToken cancellationToken) at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at Microsoft.Extensions.Configuration.AzureAppConfiguration.AzureAppConfigurationProvider.Load() at Microsoft.Extensions.Configuration.ConfigurationRoot..ctor(IList`1 providers) at Microsoft.Extensions.Configuration.ConfigurationBuilder.Build() at IVCE.Azure.DayForce_PMS_Housekeeping.Startup.ConfigureAppConfiguration(IFunctionsConfigurationBuilder builder) at D:\a\1\s\DayForce-PMS-Housekeeping\Startup.cs : 41 at Microsoft.Azure.Functions.Extensions.DependencyInjection.FunctionsStartup.Configure(WebJobsBuilderContext context,IWebJobsConfigurationBuilder builder) at Microsoft.Azure.WebJobs.WebJobsBuilderExtensions.ConfigureAndLogUserConfigurationProviders(IWebJobsConfigurationStartup startup,WebJobsBuilderContext context,IWebJobsConfigurationBuilder builder,ILoggerFactory loggerFactory) at C:\projects\azure-webjobs-sdk-rqm4t\src\Microsoft.Azure.WebJobs.Host\Hosting\WebJobsBuilderExtensions.cs : 342 at Microsoft.Azure.WebJobs.WebJobsBuilderExtensions.UseWebJobsConfigurationStartup(IWebJobsConfigurationBuilder builder,Type startupType,WebJobsBuilderContext context,ILoggerFactory loggerFactory) at C:\projects\azure-webjobs-sdk-rqm4t\src\Microsoft.Azure.WebJobs.Host\Hosting\WebJobsBuilderExtensions.cs : 327 at Microsoft.Azure.WebJobs.WebJobsBuilderExtensions.UseExternalConfigurationStartup(IWebJobsConfigurationBuilder builder,IWebJobsStartupTypeLocator startupTypeLocator,WebJobsBuilderContext context,ILoggerFactory loggerFactory) at C:\projects\azure-webjobs-sdk-rqm4t\src\Microsoft.Azure.WebJobs.Host\Hosting\WebJobsBuilderExtensions.cs : 367 at Microsoft.Azure.WebJobs.Script.ScriptHostBuilderExtensions.<>c__DisplayClass7_3.<AddScriptHostCore>b__8(IWebJobsStartupTypeLocator locator) at /_/src/WebJobs.Script/ScriptHostBuilderExtensions.cs : 246 End of inner exception
Hit count
281
Timestamp
May 17, 2023 at 3:30:45 PM GMT+1
Help link
https://go.microsoft.com/fwlink/?linkid=2224847
这里是使用的 DI Startup.cs 文件。
public override void ConfigureAppConfiguration(IFunctionsConfigurationBuilder builder)
{
FunctionsHostBuilderContext context = builder.GetContext();
var settings = builder.ConfigurationBuilder
.AddJsonFile(Path.Combine(context.ApplicationRootPath, "appsettings.json"), optional: true, reloadOnChange: false)
.AddJsonFile(Path.Combine(context.ApplicationRootPath, $"appsettings.{context.EnvironmentName}.json"), optional: true, reloadOnChange: false)
.AddEnvironmentVariables()
.Build();
var o = new DefaultAzureCredentialOptions();
o.VisualStudioTenantId = settings["AzureAd:TenantId"];
_azureConfiguration = new ConfigurationBuilder()
.AddEnvironmentVariables()
.AddAzureAppConfiguration(options =>
{
options.Connect(settings["ConnectionStrings:AzureAppConfig"])
// .Select(KeyFilter.Any, settings["DOTNET_ENVIRONMENT"])
.ConfigureKeyVault(kv =>
{
kv.SetCredential(new DefaultAzureCredential(o));
})
.UseFeatureFlags()
.ConfigureRefresh(refresh =>
{
refresh.Register(".appconfig.featureflag/IBERIA_AAD_FEATURE", settings["DOTNET_ENVIRONMENT"], true)
.SetCacheExpiration(TimeSpan.FromSeconds(1));
});
_refresher = options.GetRefresher();
})
.Build();
}
public override void Configure(IFunctionsHostBuilder builder)
{
var moduleSettingsListTask = _azureConfiguration.DeserialiseForAsync<ModuleSettingsContext>("PMS_Integration").GetAwaiter();
var moduleSettingsList = moduleSettingsListTask.GetResult();
_moduleSettingsContext = moduleSettingsList.FirstOrDefault(m => m.AppTag == "PMS_ESP");
builder.Services.AddScoped(c => _azureConfiguration);
builder.Services.AddSingleton(new CosmosClient(_moduleSettingsContext.CosmosDbEndpoint, _azureConfiguration["AADCosmosDbPrimaryKeyKV"], new CosmosClientOptions()));
builder.Services.AddScoped<ICosmosDbService, CosmosDbService>();
}
好的解决了 - 发现在 appsettings.json 文件中我将 ClientId 设置为错误的 guid。应该是用户分配的托管身份的 ClientId,而不是系统分配的托管身份。