Azure App Service stops working after enabling Managed Identity

扶醉桌前 提交于 2021-01-07 03:42:53

问题


I've deployed a Docker container in Azure App Services. I have a public API that I can call, which returns "Hello world".

I would like to use Azure Managed Identity in my app, so I enabled it in Azure portal. I enabled the "System assigned" one, following this documentation: https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity?tabs=dotnet

After enabling the Managed Identity, my web app stops working. Restarting it doesn't help. Disabling the Managed identity fixes it.

If I try to call my API I get an error: ":( Application Error If you are the application administrator, you can access the diagnostic resources."

It's not just my API, it's the whole application that stops working. If I try to navigate to https://[myApp].azurewebsites.net I get the same error. Without Managed Identity, I get "404 page not found" when navigating to this address.

Has anyone encountered this? How to fix it?

Update: I could not reproduce it with the sample "Static site" container, so it has to be somehow related to the container that we deploy. But I don't understand what could cause it - does enabling the Managed Identity somehow change (reduce) things that the app can do?

Update 2: The container contains a Go application that uses Azure SDK to authenticate with AAD. It seems to us that this authentication attempt makes the whole app crash during startup, if Managed Identity is enabled. Our intention is to get a secret from Azure Key Vault, using Managed Identity. Then use this secret to authenticate with AAD. Right now our app doesn't even attempt to talk with the Managed Identity service.


回答1:


Summarize comment into reply to let others more clear to find solution.

The moment we define MSI_SECRET as blank (existing, but blank; nonexistent is fine), the SDK crashes.

So define the MSI_SECRET value as it is show in KUDU environment.



来源:https://stackoverflow.com/questions/59284488/azure-app-service-stops-working-after-enabling-managed-identity

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!