'Connect Blazor WASM app to Azure Key Vault
I am asking for your help because i have some trouble with the connection of my app to Azure key vault (title of the subject).
The architecture of my project looks like this : (I can't upload images yet)
Web.Client
- Properties
- wwwroot
- Shared
- ...
- Program.cs
Web.Server
- Properties
- Controllers
- Pages
- appsettings.json
- Startup.cs
- Program.cs
So far, I managed to connect to my AAD using appsettings.json files to configure the ids etc. and I've add Msal authentication in the Program.cs file in Web.Client part of the project.
To connect to my key vault, I've done this in my Startup.cs (I'm following this tutorial https://docs.microsoft.com/en-us/azure/key-vault/general/tutorial-net-create-vault-azure-web-app) :
SecretClientOptions options = new SecretClientOptions()
{
Retry =
{
Delay= TimeSpan.FromSeconds(2),
MaxDelay = TimeSpan.FromSeconds(16),
MaxRetries = 5,
Mode = RetryMode.Exponential
}
};
var client = new SecretClient(new Uri("https://<kv-name>.vault.azure.net/"), new DefaultAzureCredential());
KeyVaultSecret secret = client.GetSecret("test-secret");
string secretValue = secret.Value;
But I'm getting the following error :
Azure.RequestFailedException : 'AKV10032: Invalid issuer. Expected one of https://sts.windows.net/<...>/, https://sts.windows.net/<...>/, https://sts.windows.net/<...>/, found https://sts.windows.net/<...>/.
Status: 401 (Unauthorized)
ErrorCode: Unauthorized
Solution 1:[1]
You can refer my code, maybe it would help you somewhere
using Microsoft.Azure.KeyVault;
using Microsoft.IdentityModel.Clients.ActiveDirectory;
public static class KeyVaultHelper
{
private static string CLIENT_ID = "AppClientID";
private static string BASE_URI = "KeyVaultBaseURL";
private static string CLIENT_SECRECT = "ClientSecrect";
public static async Task FetchKey()
{
try
{
var client = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(GetAccessTokenAsync), new HttpClient());
var Key = await GetSecretAsync(client, "Test-secrect");
}
catch (Exception e)
{
throw;
}
}
public static async Task<byte[]> GetSecretAsync(KeyVaultClient client, string key)
{
var secret = await client.GetSecretAsync(BASE_URI, key);
return Convert.FromBase64String(secret.Value);
}
private static async Task<string> GetAccessTokenAsync(string authority, string resource, string scope)
{
var appCredentials = new ClientCredential(CLIENT_ID, CLIENT_SECRECT);
var context = new AuthenticationContext(authority, TokenCache.DefaultShared);
var result = await context.AcquireTokenAsync(resource, appCredentials);
return result.AccessToken;
}
}
Note - Change your ClientID, Base_URI and Client_Secrect
- Update - Please note that the call to KeyVault does not work on WASM due to CORS issue.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
Solution | Source |
---|---|
Solution 1 |