Menu
I'm working on Azure. I have a windows service which accesses the Azure Key Vault.
My code looks something like this:
public static async Task<string> GetToken(string authority, string resource, string scope)
{
var authContext = new AuthenticationContext(authority);
ClientCredential clientCred = new ClientCredential(...); //app id, app secret
AuthenticationResult result = await authContext.AcquireTokenAsync(resource, clientCred);
if (result == null)
throw new InvalidOperationException("Failed to obtain the JWT token");
return result.AccessToken;
}
public static string GetSecret(string secretName)
{
KeyVaultClient keyVaultClient = new KeyVaultClient(GetToken);
try
{
return keyVaultClient.GetSecretAsync("my-key-vault-url", secretName).Result.Value;
}
catch(Exception ex)
{
return "Error";
}
}
After I build and deploy my windows service, I have started it. Then I'm getting this exception:
Client address (IPaddress) is not authorized and caller is not a trusted service
However, I am able to do a telnet to the key vault:
telnet projectName-keyvault 443
I have searched for this issue, but couldn't find any solution.Any help in this regard will be highly helpful.
994
Yes, AzureDevOps is not considered as a trusted Azure resource yet. And we dont have any plans in the near future to address this. hence the option "“Allow trusted Microsoft services to access this storage account” would not work.
When a service threshold is exceeded, Key Vault limits any further requests from that client for a period of time, returns HTTP status code 429 (Too many requests), and the request fails. Failed requests that return a 429 do not count towards the throttle limits tracked by Key Vault.
The error properly shows that your client IP address is not authorized.
You need to add the client IP of in your Azure keyvault, if you've enabled that setting.
87
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
