【问题标题】:Using KeyVaultClient through a proxy通过代理使用 KeyVaultClient
【发布时间】:2019-12-26 15:50:12
【问题描述】:

目前我在启动期间使用 Azure KeyVault 来加载一些配置,如下所示:

configBuilder
    .AddAzureKeyVault(keyVaultConfigSection.Vault, GetKeyVaultClient(clientConfigSection, keyVaultConfigSection), new DefaultKeyVaultSecretManager())
    .AddEnvironmentVariables();

private static KeyVaultClient GetKeyVaultClient(ClientConfigSection clientConfigSection, KeyVaultConfigSection keyVaultConfigSection)
{
    HttpClient httpClient = null;

    //proxy
    if (!CustomEnvironment.NotProductionEnvironment())
    {
        var handler = new HttpClientHandler()
        {
            Proxy = new WebProxy(keyVaultConfigSection.Proxy),
            UseProxy = true
        };
        httpClient = new HttpClient(handler);
    }

    return new KeyVaultClient(async (authority, resource, scope) =>
        {
            var authContext = new AuthenticationContext(authority);
            var clientCred = new ClientCredential(clientConfigSection.ClientId, clientConfigSection.ClientSecret);
            var result = await authContext.AcquireTokenAsync(resource, clientCred);
            if (result == null)
                throw new InvalidOperationException("Failed to retrieve access token for Key Vault");
            return result.AccessToken;
        }, httpClient ?? new HttpClient()
    );
}

当我不在生产环境中时,这可以正常工作。 但是在我们的生产环境中,keyvault 被阻止了,所以我们必须通过代理。

但在运行代码时出现此错误:Microsoft.Azure.KeyVault.Models.KeyVaultErrorException: 'Operation returned an invalid status code 'BadRequest''

以前有没有人这样做过并且可以指出正确的方向?

【问题讨论】:

    标签: c# azure asp.net-core azure-keyvault


    【解决方案1】:

    好像还没有修复,这里是workaround

    1.引用System.Net.Http.WinHttpHandler Nuget 包以访问 .NET Core 中的 WinHttpHandler。

    2.创建了一个新的 MyKeyVaultCredential,它继承自 KeyVaultCredential 并覆盖 ProcessHttpRequestAsync 方法

    public override async Task ProcessHttpRequestAsync(HttpRequestMessage request, CancellationToken cancellationToken)
     {
         if (request == null)
         {
             throw new ArgumentNullException("request");
         }
    
         var accessToken = await PreAuthenticate(request.RequestUri).ConfigureAwait(false);
         if (!string.IsNullOrEmpty(accessToken))
             request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
         else
         {
             var httpClientHandler = new WinHttpHandler()
             {
                 WindowsProxyUsePolicy = WindowsProxyUsePolicy.UseCustomProxy,
                 Proxy = new MyWebProxy(configuration),
                 SendTimeout = TimeSpan.FromSeconds(120),
                 ReceiveDataTimeout = TimeSpan.FromSeconds(120),
                 ReceiveHeadersTimeout = TimeSpan.FromSeconds(120),
             };
    

    3.当我实例化 KeyVaultService 时,我必须向 WinHttpHandler 提供我的代理和我的新密钥保管库凭据实例。

    var httpClientHandler = new WinHttpHandler()
         {
             WindowsProxyUsePolicy = WindowsProxyUsePolicy.UseCustomProxy,
             Proxy = new MyWebProxy(configuration),
             SendTimeout = TimeSpan.FromSeconds(120),
             ReceiveDataTimeout = TimeSpan.FromSeconds(120),
             ReceiveHeadersTimeout= TimeSpan.FromSeconds(120),
         };
    
         var httpClient = new HttpClient(httpClientHandler);
    
         client = new KeyVaultClient(new  MyKeyVaultCredential(configuration, GetToken), httpClient)
    

    希望这会有所帮助。

    【讨论】:

      猜你喜欢
      • 2020-03-02
      • 2014-06-14
      • 1970-01-01
      • 1970-01-01
      • 2013-12-30
      • 2014-05-15
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多