2023年5月22日 23:00:10go评论56阅读模式

英文:

Access secret value in KV from appsetting of .net core app

问题

I have deployed a .net core api application to send a message to queue by reading the connection string.
我已部署了一个.NET Core API应用程序，通过读取连接字符串来发送消息到队列。

I have given key vault administrator and key vault contributor to the identity of the app service.
我已经将密钥保管库管理员和密钥保管库贡献者权限授予了应用服务的身份。

I placed the connection string in the appsettings.json and it worked.
我将连接字符串放在appsettings.json中，它起作用了。

I placed the value of connection string in key vault and used the uri of the key vault and made required code changes and that worked as well.
我将连接字符串的值放在了密钥保管库中，并使用密钥保管库的URI进行了必要的代码更改，也成功了。

Now I am referring the secret value in appsettings like below:
现在，我在appsettings中引用秘密值，如下所示：

"MyConnectionString": "@Microsoft.KeyVault(SecretUri=https://my-kv.vault.azure.net/secrets/MyConnectionString/)"

And when I call the api I get 500 and when I saw logs from app service I see the below error:
当我调用API时，我收到500错误，并且当我查看应用服务的日志时，看到以下错误：

Exception:
System.FormatException: No valid combination of account information found.
   at Microsoft.WindowsAzure.Storage.CloudStorageAccount.&lt;&gt;c.&lt;Parse&gt;b__97_0(String err)
   at Microsoft.WindowsAzure.Storage.CloudStorageAccount.ParseImpl(String connectionString, CloudStorageAccount&amp;amp; accountInformation, Action`1 error)
   at Microsoft.WindowsAzure.Storage.CloudStorageAccount.Parse(String connectionString)

appsettings.json

{
  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft": "Warning",
      "Microsoft.Hosting.Lifetime": "Information"
    }
  },
  "AllowedHosts": "*",
  "MyConnectionString": "@Microsoft.KeyVault(SecretUri=https://my-kv.vault.azure.net/secrets/MyConnectionString/)"
}

Using Microsoft.Extensions.Configuration;
using Microsoft.WindowsAzure.Storage;
using Microsoft.WindowsAzure.Storage.Queue;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;

namespace TestApp.Controllers
{
public interface IMessageSender
{
Task Send(string content);
}

public class AzureQueueSender : IMessageSender
{
    public AzureQueueSender(IConfiguration configuration)
    {
        Configuration = configuration;
    }
    public IConfiguration Configuration { get; }
    public async Task Send(string content)
    {
        var connectionString = Configuration.GetValue<string>("MyConnectionString");
        await SendMessage(connectionString);
    }

    private static async Task SendMessage(string connectionString)
    {
        var storageAccount = CloudStorageAccount.Parse(connectionString);
        storageAccount.CreateCloudQueueClient();
        var queueClient = storageAccount.CreateCloudQueueClient();
        var queue = queueClient.GetQueueReference("queuename");
        var message = new CloudQueueMessage("Hello World!");
        await queue.AddMessageAsync(message);
    }
}

}


<details>
<summary>英文:</summary>

I have deployed a .net core api application to send a message to queue by reading the connection string.
I have given key vault administrator and key vault contributor to the identity of the app service.
I placed the connection string in the appsettings.json and it worked.
I placed the value of connection string in key vault and used the uri of the key vault and made required code changes and that worked as well.

Now I am referring the secret value in appsettings like below:

"MyConnectionString": "@Microsoft.KeyVault(SecretUri=https://my-kv.vault.azure.net/secrets/MyConnectionString/)"

And when I call the api I get 500 and when I saw logs from app service I see the below error:

Exception:
System.FormatException: No valid combination of account information found.
at Microsoft.WindowsAzure.Storage.CloudStorageAccount.<>c.<Parse>b__97_0(String err)
at Microsoft.WindowsAzure.Storage.CloudStorageAccount.ParseImpl(String connectionString, CloudStorageAccount& accountInformation, Action`1 error)
at Microsoft.WindowsAzure.Storage.CloudStorageAccount.Parse(String connectionString)


appsettings.json

{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft": "Warning",
"Microsoft.Hosting.Lifetime": "Information"
}
},
"AllowedHosts": "*",
"MyConnectionString": "@Microsoft.KeyVault(SecretUri=https://my-kv.vault.azure.net/secrets/MyConnectionString/)"
//"VaultName": "https://my-kv.vault.azure.net/"
}

using Microsoft.Extensions.Configuration;
using Microsoft.WindowsAzure.Storage;
using Microsoft.WindowsAzure.Storage.Queue;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;

namespace TestApp.Controllers
{
public interface IMessageSender
{
Task Send(string content);
}

public class AzureQueueSender : IMessageSender
{
    public AzureQueueSender(IConfiguration configuration)
    {
        Configuration = configuration;                
    }
    public IConfiguration Configuration { get; }
    public async Task Send(string content)
    {
        var connectionString = Configuration.GetValue&lt;string&gt;(&quot;MyConnectionString&quot;);
        await SendMessage(connectionString);
    }

    private static async Task SendMessage(string connectionString)
    {
        var storageAccount = CloudStorageAccount.Parse(connectionString);
        storageAccount.CreateCloudQueueClient();
        var queueClient = storageAccount.CreateCloudQueueClient();
        var queue = queueClient.GetQueueReference(&quot;queuename&quot;);
        var message = new CloudQueueMessage(&quot;Hello World!&quot;);
        await queue.AddMessageAsync(message);
    }
}

}


</details>


# 答案1
**得分**: 1

为了使用引用访问和检索密钥保管库的秘密值，我们需要在部署的Azure应用服务中设置应用程序设置。

密钥名称必须与您在本地的`appsettings.json`文件中设置的密钥相同。

- 正如您已经设置了名称为`MyConnectionString`的密钥，我正在在门户中的部署应用程序的配置部分中设置相同的`键值`。

`Azure应用程序` =&gt; `配置` =&gt; `应用程序设置` =&gt; `新应用程序设置`

![在此输入图像描述](https://i.stack.imgur.com/AefBj.png)

&gt; ```csharp
&gt; 名称: MyConnectionString
&gt; 值: "@Microsoft.KeyVault(SecretUri=https://my-kv.vault.azure.net/secrets/MyConnectionString/)"
&gt; ```

- 您设置的应用程序设置现在以键`APPSETTING_MyConnectionString`的形式可用于环境变量（KUDU控制台）中。

![在此输入图像描述](https://i.stack.imgur.com/zIxnh.png)

甚至我们可以这样检索该值
```csharp
var myconn= Environment.GetEnvironmentVariable("APPSETTING_MyConnectionString");

英文:

To access and retrieve the Key Vault Secret value using the reference, we need to set the App setting in the deployed Azure App Service.

The Key name must be same as the key which you have set in the local appsettings.json file.

As you have set the key with name MyConnectionString , Iam setting the same key-value in the Configuration section of the deployed app in portal.

Azure App => Configuration => Application Setting = >New App Setting

访问.NET Core应用的appsettings中的KV中的秘密值。

> csharp > Name : MyConnectionString > Value:"@Microsoft.KeyVault(SecretUri=https://my-kv.vault.azure.net/secrets/MyConnectionString/)" >

The App setting which you have set is now available in the Environment Variable (KUDU Console) with key APPSETTING_MyConnectionString.

访问.NET Core应用的appsettings中的KV中的秘密值。

Even we can retrieve the value as

var myconn= Environment.GetEnvironmentVariable(&quot;APPSETTING_MyConnectionString&quot;);

通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库，让每个人都能够通过互相帮助和分享经验来进步。

访问.NET Core应用的appsettings中的KV中的秘密值。

问题

Terraform on Azure – I am trying to call the results of a for_each block in one resource in another resource

B2C令牌生命周期不起作用，新的访问令牌无法通过APIM。

文档和标头之间存在不匹配的CosmosDB分区键值错误，尽管这些值是匹配的。

ASP.NET Core 7 Web API – authorization failed. These requirements were not met: DenyAnonymousAuthorizationRequirement: Requires an authenticated user

What's the correct way to type hint an empty list as a literal in python?

如何在Highcharts Gantt中更改本地化的星期名称

如何在同一个流中使用多个过滤器和映射函数？

如何使用Map/Set来将代码优化到O(n)？

.NET MAUI Android在GitHub Actions上构建失败，错误代码为1。

如何在Playwright视觉比较中屏蔽多个定位器？

在C++中，可以使用可变模板参数来检索类型的内部类型。

selenium.common.exceptions.StaleElementReferenceException: Message: stale element reference: stale element not found

Creating and opening a URL to log in to Website via Basic Auth with Robot Framework/Selenium (Python)

AG Grid 在上下文菜单中以大文本形式打开

发表评论