Not able read Azure Key Vault's secret key through windows application

0
votes

We are trying to read Azure Key vault’s secret through a windows application (not any azure application/resource. Here is what we are trying to achieve –

1. Created key vault 
2.  Added secret
3.  Added user (Azure AD User) to access policies and given required permissions.
4.  Running a windows application (not azure) to get those keys and getting error. (User who is running this application has already been added to access policies of key vault)

Below is error

at Microsoft.Azure.Services.AppAuthentication.AzureServiceTokenProvider.d__14.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Azure.KeyVault.KeyVaultCredential.d__11.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Azure.KeyVault.KeyVaultCredential.d__13.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task) at Microsoft.Azure.KeyVault.KeyVaultClient.d__65.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Azure.KeyVault.KeyVaultClientExtensions.d__13.MoveNext()

2
azureazure-keyvaultsecret-key
Probably the provider is failing to use its authentication methods. You'll need to run the app in Visual Studio (and enable the authentication in options), or you can install the AZ CLI and login to that (+ select the right subscription) before you run the app.juunas
Could you provide the error message itself as well? You only posted the stacktrace, not the actual message.Peter Bons
This isn't a Key Vault problem but an authentication problem. How are you logging into your Windows application? If you can post code, this would be easier to understand. There's also the option of using a Service Principal (a registered application). This would give you a specific identity that is always used to access the key vault for the secret.Matt Small

2 Answers

1
votes

Make sure following 3 dlls are present in your solution. If not get these from nuget

  1. Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dll

  2. Microsoft.Azure.KeyVault

  3. Microsoft.Azure.Services.AppAuthentication

0
votes

The windows application needs to have an Azure Active directory ID associated with it. If you read the basic concepts of Key Vault there are 2 recommended ways to access Key Vault. 1) Using Managed Identities where the application that's trying to interact/authenticate with Key Vault needs to have an identity that's managed by Azure. 2) Use a service principal and certificate to authenticate to Key Vault.

In this case, if it's a locally running windows application it needs to authenticate to key vault using a service principal and a certificate.