我尝试通过指定的订阅创建 azure key Vault。 关注了这篇文章,
https://learn.microsoft.com/en-us/rest/api/keyvault/keyvaultpreview/vaults/createorupdate#examples
所以我在控制台应用程序中编写代码并 我的代码,
var URI = "https://management.azure.com/subscriptions/00000000000000000000000000/resourceGroups/0000000/providers/Microsoft.KeyVault/vaults/KeyValutADj?api-version=2018-02-14-preview";
Uri uri = new Uri(String.Format(URI));
var token = await AuthHelper.KeyVaultAuthenticationAsync();
// Create the request
var httpWebRequest = (HttpWebRequest)WebRequest.Create(uri);
httpWebRequest.Headers.Add(HttpRequestHeader.Authorization, "Bearer " + token);
httpWebRequest.ContentType = "application/json";
httpWebRequest.Method = "PUT";
HttpWebResponse httpResponse = null;
string body = "{\"location\": \"centralus\",\"properties\": {\"tenantId\": \"00000000.onmicrosoft.com\",\"sku\": {\"family\": \"A\",\"name\": \"standard\"},\"accessPolicies\": [{\"tenantId\": \"0000000000.onmicrosoft.com\",\"objectId\": \"0000000000000000000000000000000\",\"permissions\": {\"keys\": [\"encrypt\",\"decrypt\",\"wrapKey\",\"unwrapKey\",\"sign\",\"verify\",\"get\",\"list\",\"create\",\"update\",\"import\",\"delete\",\"backup\",\"restore\",\"recover\",\"purge\"],\"secrets\": [ \"get\",\"list\",\"set\",\"delete\",\"backup\",\"restore\",\"recover\",\"purge\"],\"certificates\": [\"get\",\"list\",\"delete\",\"create\",\"import\",\"update\",\"managecontacts\",\"getissuers\",\"listissuers\",\"setissuers\",\"deleteissuers\",\"manageissuers\",\"recover\",\"purge\"] }}],\"enabledForDeployment\": true,\"enabledForDiskEncryption\": true,\"enabledForTemplateDeployment\": true}}";
try
{
using (var client = new HttpClient())
{
client.DefaultRequestHeaders.Clear();
client.DefaultRequestHeaders.Accept.ParseAdd("application/json");
client.DefaultRequestHeaders.UserAgent.ParseAdd("Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36");
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token);
using (var stream = new MemoryStream())
using (var writer = new StreamWriter(stream))
{
writer.Write(body);
writer.Flush();
stream.Flush();
stream.Position = 0;
using (var content = new StreamContent(stream))
{
content.Headers.Add("Content-Type", "application/json");
var response = await client.PutAsJsonAsync(URI, content);
if (response.IsSuccessStatusCode)
{
}
else
{
}
}
}
}
}
但是当运行控制台应用程序时,出现错误
“远程服务器返回错误:(403) 禁止。”
如何解决这个问题?
最佳答案
"The remote server returned an error: (403) Forbidden."
该错误消息意味着您没有权限将资源添加到azure。
我在我的网站上测试并重现了您的问题。当我在订阅中为我在Azure AD中注册的用户或应用程序添加权限后,我可以正确创建 key 保管库。
此外,您还可以获取更多有关如何注册AD应用程序以及为应用程序分配角色的详细信息,请参阅document 。之后我们可以从Azure门户获取tenantId、appId、secretKey。然后我们可以使用Microsoft.IdentityModel.Clients.ActiveDirectory SDK获取api认证token。
如何生成Bearer Token可以引用以下代码。
var appId = "0000000000000000000000000000000";
var secretKey = "******************************************";
var tenantId = "0000000000000000000000000000000";
var context = new AuthenticationContext("https://login.windows.net/" + tenantId);
ClientCredential clientCredential = new ClientCredential(appId, secretKey);
var tokenResponse = context.AcquireTokenAsync("https://management.azure.com/", clientCredential).Result;
var accessToken = tokenResponse.AccessToken;
using (var client = new HttpClient())
{
client.DefaultRequestHeaders.Add("Authorization", "Bearer " + accessToken);
var baseUrl = new Uri($"https://management.azure.com/");
var requestURl = baseUrl +"subscriptions/b83c1ed3-c5b6-44fb-b5ba-2b83a074c23f/resourceGroups/joeyWebApp/providers/Microsoft.KeyVault/vaults/joeykeyvault5?api-version=2018-02-14-preview";
string body = "{\"location\": \"centralus\",\"properties\": {\"tenantId\": \"0000000000000000000000000000000\",\"sku\": {\"family\": \"A\",\"name\": \"standard\"},\"accessPolicies\": [{\"tenantId\": \"0000000000000000000000000000000\",\"objectId\": \"0000000000000000000000000000000\",\"permissions\": {\"keys\": [\"encrypt\",\"decrypt\",\"wrapKey\",\"unwrapKey\",\"sign\",\"verify\",\"get\",\"list\",\"create\",\"update\",\"import\",\"delete\",\"backup\",\"restore\",\"recover\",\"purge\"],\"secrets\": [ \"get\",\"list\",\"set\",\"delete\",\"backup\",\"restore\",\"recover\",\"purge\"],\"certificates\": [\"get\",\"list\",\"delete\",\"create\",\"import\",\"update\",\"managecontacts\",\"getissuers\",\"listissuers\",\"setissuers\",\"deleteissuers\",\"manageissuers\",\"recover\",\"purge\"] }}],\"enabledForDeployment\": true,\"enabledForDiskEncryption\": true,\"enabledForTemplateDeployment\": true}}";
var stringContent = new StringContent(body, Encoding.UTF8, "application/json");
var response = client.PutAsync(requestURl, stringContent).Result;
}
关于azure - 创建 Azure Key Vault C# 错误远程服务器返回错误 : (403) Forbidden,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/51521943/