Base solution for your next web application
Open Closed

Azure Key Vault Configuration Changes in Rc Candidate #11323


0
maharatha created

Prerequisites

Please answer the following questions before submitting an issue. YOU MAY DELETE THE PREREQUISITES SECTION.

  • What is your product version? - 11.4.0 (Release Candidate)
  • What is your product type (Angular or MVC)? - Angular
  • What is product framework type (.net framework or .net core)? - 6

I have downloaded the Release candidate and I see the Azure Keyvault configuration has changed :

Configuration": { "AzureKeyVault": { "IsEnabled": "false", "KeyVaultName": "" }

Where are we going to put the clientid and clientsecret ?

Previous configuration :

"Configuration": { "AzureKeyVault": { "IsEnabled": "false", "KeyVaultName": "xxx", "AzureADApplicationId": "", "AzureADCertThumbprint": "", "ClientId": "", "ClientSecret": "" }


13 Answer(s)
  • 0
    ismcagdas created
    Support Team
  • 0
    maharatha created

    I am hosting my application in AWS. I am not sure how this will work. i went through the article but it doesnt say anything about how an external app hosted oitside azure will.authenticate using thenew azureRBAC . please provide some details.

  • 0
    maharatha created

    AuthenticationFailedException: ManagedIdentityCredential authentication failed: Managed Identity response was not in the expected format.

    This is the issue we are getting as we are hosted in AWS. We need to know how to pass the Azure Client ID and Client Secret to Azure to authenticate and get token and access the KeyVault.

    This is a breaking change for systems which are hosted in non-azure environments and we need more documentation around this change.

  • 0
    maharatha created

    Please provide an answer at the earliest as it's holding our upgrades big time.

    Thank you in advance.

  • 0
    maharatha created

    Any updates ?

  • 0
    ismcagdas created
    Support Team

    Hi @maharatha

    For now, please use the old approach. We also couldn't find any info on Microsoft documentaion about this and we are trying to find a solution for this. We will inmform you once we get a solution.

  • 0
    maharatha created

    Not sure what the old approach means here. are you asking not to use the release candidate or not to use azure key vault? i can't use azure key vault with the release candidate as there is no way of passing clientid & client secret

  • 0
    ismcagdas created
    Support Team

    Hi @maharatha

    Just revert the changes in this PR https://github.com/aspnetzero/aspnet-zero-core/pull/4582, we will do the same for 11.4 final release.

  • 0
    ismcagdas created
    Support Team

    Hi,

    Could you apply changes on this commit and see if it works ?

  • 0
    maharatha created

    No that didn't work as it was somehow expecting the AzureTenantId when I am not using certificate which was not in the case in the past. So I had to use the code from my other project and make it work.

  • 0
    ismcagdas created
    Support Team

    Hi @maharatha

    If you have an Azure Key Vault account, I guess, you should have a tenantId. Could you contact with Azure support and ask for it ?

  • 0
    maharatha created

    That's incorrect. The previous implementation only needed ClientId , Client Secret and KeyVault Name.

    The tenantId is the AzureADtenantID in case you are using Certificate Thumbprint.

    I made the code to work on the release candidate by copying the code from previous project.

    I have downloaded the Released version today, will let you know if i come across the same issue

  • 0
    ismcagdas created
    Support Team

    Hi @maharatha

    Thanks for the update. This implementation is changed by Microsoft. However, you can try other options instead of ClientSecretCredential herehttps://github.com/aspnetzero/aspnet-zero-core/blob/dev/aspnet-core/src/MyCompanyName.AbpZeroTemplate.Core/Configuration/AppAzureKeyVaultConfigurer.cs#L20