问题
I've deployed a Docker container in Azure App Services. I have a public API that I can call, which returns "Hello world".
I would like to use Azure Managed Identity in my app, so I enabled it in Azure portal. I enabled the "System assigned" one, following this documentation: https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity?tabs=dotnet
After enabling the Managed Identity, my web app stops working. Restarting it doesn't help. Disabling the Managed identity fixes it.
If I try to call my API I get an error: ":( Application Error If you are the application administrator, you can access the diagnostic resources."
It's not just my API, it's the whole application that stops working. If I try to navigate to https://[myApp].azurewebsites.net I get the same error. Without Managed Identity, I get "404 page not found" when navigating to this address.
Has anyone encountered this? How to fix it?
Update: I could not reproduce it with the sample "Static site" container, so it has to be somehow related to the container that we deploy. But I don't understand what could cause it - does enabling the Managed Identity somehow change (reduce) things that the app can do?
Update 2: The container contains a Go application that uses Azure SDK to authenticate with AAD. It seems to us that this authentication attempt makes the whole app crash during startup, if Managed Identity is enabled. Our intention is to get a secret from Azure Key Vault, using Managed Identity. Then use this secret to authenticate with AAD. Right now our app doesn't even attempt to talk with the Managed Identity service.
回答1:
Summarize comment into reply to let others more clear to find solution.
The moment we define MSI_SECRET as blank (existing, but blank; nonexistent is fine), the SDK crashes.
So define the MSI_SECRET value as it is show in KUDU environment.
来源:https://stackoverflow.com/questions/59284488/azure-app-service-stops-working-after-enabling-managed-identity