感谢 @Harshitha 为我指明了正确的道路,使用 VS 2019 中的连接服务连接到 keyVault,然后可以使用 appSettings 引用值。
为了测试这一点,我使用 C# 中的 .Net 4.8 框架应用程序创建了一个新的虚拟应用程序
我关注了这个剪辑: https://www.youtube.com/watch?v=S7EPrlpPqXw
基本上,使用连接的服务连接到您的密钥保管库。
这将在您的 web.config 文件中包含以下内容:
<configuration>
<configSections>
<section name="configBuilders" type="System.Configuration.ConfigurationBuildersSection, System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" restartOnExternalChanges="false" requirePermission="false" />
</configSections>
<configBuilders>
<builders>
<add name="AzureKeyVault" vaultName="RealKeyVaultName" type="Microsoft.Configuration.ConfigurationBuilders.AzureKeyVaultConfigBuilder, Microsoft.Configuration.ConfigurationBuilders.Azure, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</builders>
</configBuilders>
<appSettings configBuilders="AzureKeyVault">
<!-- Value added by me -->
<add key="secretInKV" value="dummyValue" />
</appSettings>
</configuration>
所以基本上使用 configSection 和 configBuilders 创建到 KV 的连接
在代码中我可以说
var secretValue = ConfigurationManager.AppSettings["secretInKV"];
这会正确返回存储在我的 KV 中的值(不是上述应用程序设置中的虚拟值),一切正常。
但是,当我尝试将其添加到我的真实应用程序时,我遇到加载错误:
解析器错误消息:处理配置部分“appSettings”时,configBuilder“AzureKeyVault”失败。:配置生成器“AzureKeyVault”中出现错误::GetValue(secretInKV)
堆栈跟踪错误显示:
[SocketException (0x2746): An existing connection was forcibly closed by the remote host]
[IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.]
[WebException: The underlying connection was closed: An unexpected error occurred on a send.]
[RequestFailedException: The underlying connection was closed: An unexpected error occurred on a send.]
[AggregateException: Retry failed after 4 tries. Retry settings can be adjusted in ClientOptions.Retry or by configuring a custom retry policy in ClientOptions.RetryPolicy.]
[Exception: Error in Configuration Builder 'AzureKeyVault'::GetValue(secretInKV)]
要在代码中测试我与 KV 的连接,我可以说:
var client = new SecretClient(new Uri(keyVaultURL), new DefaultAzureCredential());
var secret = client.GetSecret(secretInKV);
并且由于使用连接服务时添加的所有依赖项,我可以从 KV 检索值,但我想从应用程序设置中获取它
如果我删除
configBuilders="AzureKeyVault"
来自
<appSettings configBuilders="AzureKeyVault">
应用程序加载,请问为什么会导致问题?
我在网上看过类似的帖子但无法解决, 我已正确连接,否则我将无法使用上述 C# 代码获取该值,那么为什么这会导致问题呢? 谢谢您的回复
我已将我创建的新虚拟应用程序中的 Nuget 包与我的实际应用程序相匹配,但此问题仍然发生,我已附加我的包:
<packages>
<package id="Azure.Core" version="1.38.0" targetFramework="net48" />
<package id="Azure.Identity" version="1.10.3" targetFramework="net48" />
<package id="Azure.Security.KeyVault.Keys" version="4.0.0" targetFramework="net48" />
<package id="Azure.Security.KeyVault.Secrets" version="4.0.0" targetFramework="net48" />
<package id="Azure.Storage.Blobs" version="12.18.0" targetFramework="net48" />
<package id="Azure.Storage.Common" version="12.17.0" targetFramework="net48" />
<package id="EntityFramework" version="6.2.0" targetFramework="net48" />
<package id="Microsoft.ApplicationInsights" version="2.22.0" targetFramework="net48" />
<package id="Microsoft.ApplicationInsights.NLogTarget" version="2.22.0" targetFramework="net48" />
<package id="Microsoft.AspNet.Cors" version="5.2.6" targetFramework="net48" />
<package id="Microsoft.AspNet.WebApi" version="5.2.6" targetFramework="net48" />
<package id="Microsoft.AspNet.WebApi.Client" version="5.2.6" targetFramework="net48" />
<package id="Microsoft.AspNet.WebApi.Core" version="5.2.6" targetFramework="net48" />
<package id="Microsoft.AspNet.WebApi.Cors" version="5.2.6" targetFramework="net48" />
<package id="Microsoft.AspNet.WebApi.WebHost" version="5.2.6" targetFramework="net48" />
<package id="Microsoft.Bcl.AsyncInterfaces" version="7.0.0" targetFramework="net48" />
<package id="Microsoft.Configuration.ConfigurationBuilders.Azure" version="2.0.0" targetFramework="net48" />
<package id="Microsoft.Configuration.ConfigurationBuilders.Base" version="2.0.0" targetFramework="net48" />
<package id="Microsoft.CrmSdk.CoreAssemblies" version="9.0.2.25" targetFramework="net48" />
<package id="Microsoft.CrmSdk.Deployment" version="9.0.2.25" targetFramework="net48" />
<package id="Microsoft.CrmSdk.Workflow" version="9.0.2.25" targetFramework="net48" />
<package id="Microsoft.CrmSdk.XrmTooling.CoreAssembly" version="9.1.0.79" targetFramework="net48" />
<package id="Microsoft.Identity.Client" version="4.60.3" targetFramework="net48" />
<package id="Microsoft.Identity.Client.Extensions.Msal" version="4.60.3" targetFramework="net48" />
<package id="Microsoft.IdentityModel.Abstractions" version="6.35.0" targetFramework="net48" />
<package id="Microsoft.IdentityModel.Clients.ActiveDirectory" version="3.19.8" targetFramework="net48" />
<package id="Microsoft.Owin" version="4.0.1" targetFramework="net461" />
<package id="Microsoft.Owin.Cors" version="4.0.1" targetFramework="net461" />
<package id="Microsoft.Owin.Host.SystemWeb" version="4.0.1" targetFramework="net461" />
<package id="Microsoft.Owin.Security" version="4.0.1" targetFramework="net461" />
<package id="Microsoft.Owin.Security.OAuth" version="4.0.1" targetFramework="net461" />
<package id="Microsoft.Rest.ClientRuntime" version="2.3.20" targetFramework="net48" />
<package id="Newtonsoft.Json" version="11.0.2" targetFramework="net48" />
<package id="NLog" version="4.7.15" targetFramework="net48" />
<package id="NLog.Config" version="4.5.9" targetFramework="net48" />
<package id="NLog.Extended" version="4.5.9" targetFramework="net48" />
<package id="NLog.Extensions.AzureBlobStorage" version="4.3.1" targetFramework="net48" />
<package id="NLog.Schema" version="4.5.9" targetFramework="net48" />
<package id="NLog.Web" version="4.6.0" targetFramework="net48" />
<package id="Owin" version="1.0" targetFramework="net461" />
<package id="System.Buffers" version="4.5.1" targetFramework="net48" />
<package id="System.ClientModel" version="1.0.0" targetFramework="net48" />
<package id="System.Diagnostics.DiagnosticSource" version="6.0.1" targetFramework="net48" />
<package id="System.IO.FileSystem.AccessControl" version="5.0.0" targetFramework="net48" />
<package id="System.IO.Hashing" version="6.0.0" targetFramework="net48" />
<package id="System.Memory" version="4.5.4" targetFramework="net48" />
<package id="System.Memory.Data" version="1.0.2" targetFramework="net48" />
<package id="System.Numerics.Vectors" version="4.5.0" targetFramework="net48" />
<package id="System.Runtime.CompilerServices.Unsafe" version="6.0.0" targetFramework="net48" />
<package id="System.Security.AccessControl" version="5.0.0" targetFramework="net48" />
<package id="System.Security.Cryptography.ProtectedData" version="4.7.0" targetFramework="net48" />
<package id="System.Security.Principal.Windows" version="5.0.0" targetFramework="net48" />
<package id="System.Text.Encodings.Web" version="4.7.2" targetFramework="net48" />
<package id="System.Text.Json" version="4.7.2" targetFramework="net48" />
<package id="System.Threading.Tasks.Extensions" version="4.5.4" targetFramework="net48" />
<package id="System.ValueTuple" version="4.5.0" targetFramework="net48" />
</packages>
我在 2 个不同的环境中尝试了使用相同 Key Vault 的相同代码配置。
系统1:
出现以下错误
The configBuilder 'AzureKeyVault' failed while processing the configuration section 'appSettings'.: Error in Configuration Builder 'AzureKeyVault'::GetValue(SampleSecret)
点击
Click here to show additional error information:
即可获取详细错误信息。
该错误与凭据有关。应用程序无法检索登录凭据。
如果您从应用程序设置中删除
configBuilders="AzureKeyVault"
,应用程序将启动并运行,但不会与提到的配置生成器通信以获取机密。
确保使用正确的凭据登录 Visual Studio,如下所示。
检查 Azure 服务身份验证 =>
Account Selection
=> Visual Studio
=> Tools
中的 Options
.
系统2: Visual Studio 帐户设置
输出: