问题
I need to get access to my Key Vault during development and debugging. Is it possible via using managed service identity? I see that my code can get this credentials when the app is deployed on VM, but what if I need them during development on my local workstation?
回答1:
As of Visual Studio 2017 15.8.something, the extension which juunas mentioned is built into Visual Studio.
Tools -> Options -> Azure Service Authentication -> Account Selection
回答2:
One way is to install the 2.0 Azure CLI, and log in with az login
. Then make sure the right subscription is selected with az account set -s "My Azure Subscription name or id"
.
Then you will need to make sure the user account you signed in as has access to the Key Vault.
Now restart Visual Studio, and run the app. It should authenticate successfully.
Another way is to use the new Visual Studio extension instead of the CLI.
回答3:
Here is a Microsoft sample app (Github project) with fairly detailed instructions on how to get up and running with local dev using MSI and Key Vault in the readme
The key is that when you are debugging locally you're not running as the service principal of the app registered by MSI, but rather as yourself. The Azure CLI az login
and az account set
commands set the default context for your debugging session. You'll run those commands and then log in to the portal with your Azure identity and give your azure identity access to the key vault.
来源:https://stackoverflow.com/questions/47756248/how-to-use-msi-for-development-in-visual-studio