Como acessar azuis segredos vault-chave de aplicação web hospedada no IIS máquina local e depurado, anexando processo de trabalho do IIS?

votos
1

O objetivo é ler todos os valores secretos do .NET Framework 4.6 aplicação web hospedada no IIS local? A aplicação é pouco legado e isso só pode ser depurado, anexando ao processo de trabalho. Estou tentando acessar segredos vault-chave azuis usando o código abaixo, de modo que o armazenamento de chaves podem ser evitados nos arquivos de configuração do aplicativo.

var keyVaultPath = ConfigurationManager.AppSettings[KeyVaultStorage];
var azureServiceTokenProvider = new AzureServiceTokenProvider();
var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
var secrets = keyVaultClient.GetSecretsAsync(keyVaultPath).Result;
_secretValues = new ConcurrentDictionary<string, string>();
foreach (var item in secrets)
{
      var secret = keyVaultClient.GetSecretAsync(${keyVaultPath}/secrets/{item.Identifier.Name}).Result;
      _secretValues.TryAdd(item.Identifier.Name, secret.Value);
}

Antes de executar este código, assegurada para acessar assinatura Azure usando os comandos abaixo

az login 
az account set --subscription

O mesmo código funciona bem em aplicação do núcleo Net, bem como em .Net aplicação web framework 4.6 hospedado no IIS Express. Ele não é executado quando hospedado no IIS máquina local.

Erro acionado a execução do código de processo de trabalho do IIS.

AzureServiceTokenProviderException: Parameters: Connection String: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net/. Exception Message: Tried the following 4 methods to get an access token, but none of them worked.
Parameters: Connection String: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net/. Exception Message: Tried to get token using Managed Service Identity. Unable to connect to the Managed Service Identity (MSI) endpoint. Please check that you are running on an Azure resource that has MSI setup.
Parameters: Connection String: [No connection string specified], Resource: vault.azure.net, Authority: login.windows.net/. Exception Message: Tried to get token using Visual Studio. Access token could not be acquired. Visual Studio Token provider file not found at C:\WINDOWS\system32\config\systemprofile\AppData\Local\.IdentityService\AzureServiceAuth\tokenprovider.json
Parameters: Connection String: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net/. Exception Message: Tried to get token using Azure CLI. Access token could not be acquired. Traceback (most recent call last):
  File runpy.py, line 193, in _run_module_as_main
  File runpy.py, line 85, in _run_code
  File C:\Users\trdai\AppData\Local\Temp\pip-install-17ev678d\azure-cli\azure\cli\__main__.py, line 32, in <module>
  File C:\Users\trdai\AppData\Local\Temp\pip-install-17ev678d\azure-cli-core\azure\cli\core\__init__.py, line 509, in get_default_cli
  File C:\Users\trdai\AppData\Local\Temp\pip-install-17ev678d\azure-cli-core\azure\cli\core\__init__.py, line 51, in __init__
  File C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\Lib\site-packages\knack\util.py, line 38, in ensure_dir
    os.makedirs(d)
  File os.py, line 220, in makedirs
PermissionError: [WinError 5] Access is denied: 'C:\\WINDOWS\\system32\\config\\systemprofile\\.azure'

Parameters: Connection String: [No connection string specified], Resource: vault.azure.net, Authority: login.windows.net/. Exception Message: Tried to get token using Active Directory Integrated Authentication. Access token could not be acquired. unknown_user_type: Unknown User Type
Publicado 19/12/2018 em 14:07
fonte usuário
Em outras línguas...                            

Cookies help us deliver our services. By using our services, you agree to our use of cookies. Learn more