I am following directions here for learning the AzureKeyVault config settings
Key Vault Configuration Provider sample application (ASP.NET Core 2.x)
This sample illustrates the use of the Azure Key Vault Configuration Provider for ASP.NET Core 2.x. For the ASP.NET Core 1.x sample, see Key Vault Configuration Provider sample application (ASP.NET Core 1.x).
For more information on how the sample works, see the Azure Key Vault configuration provider topic.
Using the sample
Create a key vault and set up Azure Active Directory (Azure AD) for the application following the guidance in Get started with Azure Key Vault.
- Add secrets to the key vault using the AzureRM Key Vault PowerShell Module available from the PowerShell Gallery, the Azure Key Vault REST API, or the Azure Portal. Secrets are created as either Manual or Certificate secrets. Certificate secrets are certificates for use by apps and services but are not supported by the configuration provider. You should use the Manual option to create name-value pair secrets for use with the configuration provider.
- Simple secrets are created as name-value pairs. Azure Key Vault secret names are limited to alphanumeric characters and dashes.
- Hierarchical values (configuration sections) use
--
(two dashes) as a separator in the sample. Colons, which are normally used to delimit a section from a subkey in ASP.NET Core configuration, aren't allowed in secret names. Therefore, two dashes are used and swapped for a colon when the secrets are loaded into the app's configuration.- Create two Manual secrets with the following name-value pairs. The first secret is a simple name and value, and the second secret creates a secret value with a section and subkey in the secret name:
SecretName
:secret_value_1
Section--SecretName
:secret_value_2
- Register the sample app with Azure Active Directory.
- Authorize the app to access the key vault. When you use the
Set-AzureRmKeyVaultAccessPolicy
PowerShell cmdlet to authorize the app to access the key vault, provideList
andGet
access to secrets with-PermissionsToSecrets list,get
.Update the app's appsettings.json file with the values of
Vault
,ClientId
, andClientSecret
.- Run the sample app, which obtains its configuration values from
IConfigurationRoot
with the same name as the secret name. * Non-hierarchical values: The value forSecretName
is obtained withconfig["SecretName"]
. * Hierarchical values (sections): Use:
(colon) notation or theGetSection
extension method. Use either of these approaches to obtain the configuration value:
config["Section:SecretName"]
config.GetSection("Section")["SecretName"]
Okay so I have copied the name of my application into Azure Active Directory as an 'Enterprise Application'. And I have added 'Access policies' for 'get' and 'list' in Azure for my ADD object I just created. Yet I get this error in the program when attempting to start the application:
Exception: {"error":"unauthorized_client","error_description":"AADSTS70001:
Application with identifier '(guid)' was not found in the directory ...(continues)
Update 8-4-18 Okay I found out that Azure uses the 'ClientId' and 'ClientSecret' in the local appsettings.json to connect to what Azure registers in this tutorial: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal#log-in-as-the-application
- I get the clientId in appsettings.json from the applicationId on ADD I create with ADD>App Registrations>New
- I click settings in ADD on the app I just created and create a key with an expiration to store as ClientSecret in appsettings.json.
- I change my 'Vault' in appsettings to my named vault.
- I run the powershell above to give access or else do it in ADD.
So now I am getting a simpler error:
'Microsoft.Azure.KeyVault.Models.KeyVaultErrorException: 'Access denied''
I have tried running as Administrator in Visual Studio. I went under Subscriptions in Azure>Access Control>(IAM)>set my new apps to Reader.