This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 71%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENP%3C/text%3E%3C/svg%3E)
I have created a web application in c#.net to access the key vault from azure without using credentials in the code, but I am facing one issue.
Question
Sign in to vote
0
Sign in to vote
I have created the web application in c#.net but I am getting the following error:-
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: Microsoft.Azure.Services.AppAuthentication.AzureServiceTokenProviderException: Parameters: Connection String: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net/66375204-7fc7-4ceb-be15-a5b6ea7b6ef6. Exception Message: Tried the following 4 methods to get an access token, but none of them worked.
Parameters: Connection String: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net/66375204-7fc7-4ceb-be15-a5b6ea7b6ef6. Exception Message: Tried to get token using Managed Service Identity. Access token could not be acquired. An error occurred while sending the request.
Parameters: Connection String: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net/66375204-7fc7-4ceb-be15-a5b6ea7b6ef6. Exception Message: Tried to get token using Visual Studio. Access token could not be acquired. Visual Studio Token provider file not found at "C:\Windows\system32\config\systemprofile\AppData\Local.IdentityService\AzureServiceAuth\tokenprovider.json"
Parameters: Connection String: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net/66375204-7fc7-4ceb-be15-a5b6ea7b6ef6. Exception Message: Tried to get token using Azure CLI. Access token could not be acquired. Traceback (most recent call last):
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\runpy.py", line 193, in _run_module_as_main
"main", mod_spec)
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\runpy.py", line 85, in _run_code
exec(code, run_globals)
File "C:\Users\VSSADM~1\AppData\Local\Temp\pip-install-9101vebg\azure-cli\azure\cli__main__.py", line 33, in <module>
File "C:\Users\VSSADM~1\AppData\Local\Temp\pip-install-9101vebg\azure-cli-core\azure\cli\core__init__.py", line 547, in get_default_cli
File "C:\Users\VSSADM~1\AppData\Local\Temp\pip-install-9101vebg\azure-cli-core\azure\cli\core\azlogging.py", line 30, in <module>
File "C:\Users\VSSADM~1\AppData\Local\Temp\pip-install-9101vebg\azure-cli-core\azure\cli\core\commands__init__.py", line 28, in <module>
File "C:\Users\VSSADM~1\AppData\Local\Temp\pip-install-9101vebg\azure-cli-core\azure\cli\core\extension__init__.py", line 16, in <module>
File "C:\Users\VSSADM~1\AppData\Local\Temp\pip-install-9101vebg\knack\knack\config.py", line 39, in init
File "C:\Users\VSSADM~1\AppData\Local\Temp\pip-install-9101vebg\knack\knack\util.py", line 108, in ensure_dir
File "C:\Users\VSSADM~1\AppData\Local\Temp\pip-install-9101vebg\knack\knack\util.py", line 105, in ensure_dir
File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\os.py", line 220, in makedirs
mkdir(name, mode)
PermissionError: [WinError 5] Access is denied: 'C:\Windows\system32\config\systemprofile\.azure'
Parameters: Connection String: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net/66375204-7fc7-4ceb-be15-a5b6ea7b6ef6. Exception Message: Tried to get token using Active Directory Integrated Authentication. Access token could not be acquired. Integrated Windows Auth is not supported for managed users. See https://aka.ms/adal-iwa for details.
The following is the code snippet:-
using Microsoft.Azure.KeyVault;
using Microsoft.Azure.Services.AppAuthentication;
using SummitSecurity;
using System;
using System.Configuration;
using System.Threading.Tasks;
namespace Azure_WebApp
{
public partial class Azure_Form : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button1_Click(object sender, EventArgs e)
{
string str =ResultOnGetAsync().Result;
Label1.Text = str.ToString();
}
public static string WMIUserPWDKey = string.Empty;
public static string Message { get; set; }
private static async Task<string> ResultOnGetAsync()
{
string ret = string.Empty;
try
{
AzureServiceTokenProvider azureServiceTokenProvider = new AzureServiceTokenProvider();
KeyVaultClient keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
var secret = await keyVaultClient.GetSecretAsync("https://summitazurekey.vault.azure.net/secrets/AzureKey")
.ConfigureAwait(false);
Message = secret.Value;
WMIUserPWDKey = fnDecrypt(secret.Tags["WMIUserPWDKey"].ToString(), "");
string StrToEncryptAndDecrypt = "TestStringToEncryptAndDecrypt";
string strEncrypted = string.Empty;
strEncrypted = CommonExtensionMethods.QueryStringEncrypt(StrToEncryptAndDecrypt, WMIUserPWDKey);
ret = $"AzureDecryptKey is {WMIUserPWDKey.ToString()}\n" +
"" +
$"{Encrypted()}";
}
catch(Exception ex)
{
Console.WriteLine(ex.ToString());
}
return ret;
}
static string Encrypted()
{
string StrToEncryptAndDecrypt = "TestStringToEncryptAndDecrypt";
string strEncrypted = string.Empty;
strEncrypted = CommonExtensionMethods.QueryStringEncrypt(StrToEncryptAndDecrypt, WMIUserPWDKey);
string strDecrypted = string.Empty;
strDecrypted = CommonExtensionMethods.QueryStringDecrypt(strEncrypted, WMIUserPWDKey);
string EnDecKey = $"Encrypted: " +
$"{strEncrypted.ToString()}\n" + "Decrypted: " +
$"{strDecrypted.ToString()}";
return EnDecKey;
}
// This method implements exponential backoff if there are 429 errors from Azure Key Vault
private static long getWaitTime(int retryCount)
{
long waitTime = ((long)Math.Pow(2, retryCount) * 100L);
return waitTime;
}
// This method fetches a token from Azure Active Directory, which can then be provided to Azure Key Vault to authenticate
public async Task<string> GetAccessTokenAsync()
{
var azureServiceTokenProvider = new AzureServiceTokenProvider();
string accessToken = await azureServiceTokenProvider.GetAccessTokenAsync("https://summitazurekey.vault.azure.net");
return accessToken;
}
Please me help out, why i am not able to access secret from vault, as in console it is working fine, but in asp.net web app it is not working.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 44%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
I have got a confirmation from Nikita on MSDN thread that the above steps helped resolved her issue.