Asp.NET Core data protection using blob storage and key vault

Richard Barraclough 6 Reputation points
2024-10-22T12:11:45.0233333+00:00

The SAS has expired which has taken everything down.

How do I get it to work again?

I go to the storage account and generate new SAS

User's image

Then I copy the SAS token and prepend a ? and then use it like this

                services.AddDataProtection()
                    .PersistKeysToAzureBlobStorage(new Uri(aspNetCoreDataProtectionOptions.BlobUri + aspNetCoreDataProtectionOptions.SasToken))
                    .ProtectKeysWithAzureKeyVault(new Uri(aspNetCoreDataProtectionOptions.KeyIdentifier), new DefaultAzureCredential())
                    .SetApplicationName(applicationName /*trimmedContentRootPath*/)
                    ;

(Can't get out of this code box.)

Now my application won't start up because:

RequestFailedException: This request is not authorized to perform this operation using this resource type. RequestId:4839642c-a01e-00b0-657a-241ec4000000 Time:2024-10-22T12:01:00.2244829Z Status: 403 (This request is not authorized to perform this operation using this resource type.) ErrorCode: AuthorizationResourceTypeMismatch Content: 
Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,309 questions
Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,918 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Richard Barraclough 6 Reputation points
    2024-10-22T12:12:47.4166667+00:00

    The error message gets removed from my post. Here it is:

    RequestFailedException: This request is not authorized to perform this operation using this resource type. RequestId:4839642c-a01e-00b0-657a-241ec4000000 Time:2024-10-22T12:01:00.2244829Z Status: 403 (This request is not authorized to perform this operation using this resource type.) ErrorCode: AuthorizationResourceTypeMismatch Content: <?xml version="1.0" encoding="utf-8"?><Error><Code>AuthorizationResourceTypeMismatch</Code>

    0 comments No comments

  2. Richard Barraclough 6 Reputation points
    2024-10-22T12:47:54.3666667+00:00

    Key vault -> access policies -> choose the managed identity of the app and add all permissions.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.