How do I access Azure Key Vault using user credent

2019-02-18 02:10发布

站内问答 / C#
1231 2 5

I'm trying to write a simple application to access Azure KeyVault using my own, domain joined credentials. I don't know if it's the credentials part or how I'm accessing KeyVault, but I keep getting an "Invalid URI: The format of the URI could not be determined" exception. I am able to access KeyVault using Azure PowerShell cmdlets, but not using C#.

Here's the code I have:

class Program
{
    const string ClientId = "MY AAD CLIENT ID";

    static void Main(string[] args)
    {
        Console.WriteLine("Hello, KeyVault!");
        var client = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(GetAccessToken));
        var secret = client.GetSecretAsync("vaultName", "secretName").Result; // Throws Invalid URI: The format of the URI could not be determined
        Console.WriteLine(secret.Value);
        Console.ReadLine();
    }

    private static async Task<string> GetAccessToken(string authority, string resource, string scope)
    {
        var context = new AuthenticationContext(authority, TokenCache.DefaultShared);
        var authResult = await context.AcquireTokenAsync(resource, ClientId, new UserCredential());
        return authResult.AccessToken;
    }
}

What could be causing this? I've scoured the internet and haven't found any sample code showing how to access KeyVault this way.

2条回答
我命由我不由天
2楼-- · 2019-02-18 02:40

As @varun-puranik said, you need t specify the vaultBaseUrl rather than the vault name.

There is new nuget package that allow to connect to Azure Keyvault without specifying the Azure Active Directory Client Id.

You also need to install the Microsoft.Azure.KeyVault nuget package.

using Microsoft.Azure.KeyVault;
using Microsoft.Azure.Services.AppAuthentication;

...

var azureServiceTokenProvider = new AzureServiceTokenProvider();
var keyVaultClient = new KeyVaultClient(
     new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
var secret = await keyVaultClient.GetSecretAsync(
    "https://{{my-vault-name}}.vault.azure.net/", "{{my-secret}}");
查看更多
0人赞 添加讨论(0) 举报
聊天终结者
3楼-- · 2019-02-18 02:41

The VaultName needs to be the URL to the KeyVault, not just the name of the Vault. For example, if the name of your KeyVault is TestKeyVault, then you need to use the following code - 

var secret = client.GetSecretAsync("https://testkeyvault.vault.azure.net:443", "secretName").Result;

Rest of your code looks fine.

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)