无法从 Azure Key Vault 获取令牌

Question

我有一个使用 Identity 进行身份验证的 Blazor WASM 应用程序，该应用程序在周五运行良好。昨晚我去进行更改，在 Azure 中运行的应用程序和在我的计算机上本地运行的应用程序在启动后都开始出现异常。从一切正常运行到现在，环境或代码库没有任何变化。

The app runs, redirects to the login page, the get is processed fine on the server but throws an exception on the first line of markup in the .cshtml file (assuming because it is failing to encrypt the content at that point):

An unhandled exception occurred while processing the request. CredentialUnavailableException: EnvironmentCredential authentication unavailable. Environment variables are not fully configured. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/environmentcredential/troubleshoot Azure.Identity.CredentialDiagnosticScope.FailWrapAndThrow(Exception ex, string additionalMessage)

AggregateException: Multiple exceptions were encountered while attempting to authenticate. (EnvironmentCredential authentication unavailable. Environment variables are not fully configured. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/environmentcredential/troubleshoot) (ManagedIdentityCredential authentication unavailable. Multiple attempts failed to obtain a token from the managed identity endpoint.) (Process "C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\Extensions\lybeojxv.4oe\TokenService\Microsoft.Asal.TokenService.exe" has failed with unexpected error: TS003: Error, TS004: Unable to get access token. 'AADSTS50020: User account '{EmailHidden}' from identity provider 'live.com' does not exist in tenant 'Microsoft Services' and cannot access the application '{IDREDACTED}'(Visual Studio) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account. Trace ID: {IDREDACTED} Correlation ID: {IDREDACTED} Timestamp: 2021-12-20 19:46:59Z'.) (Stored credentials not found. Need to authenticate user in VSCode Azure Account. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/vscodecredential/troubleshoot) (Azure CLI not installed) (PowerShell is not installed.) Azure.Identity.CredentialDiagnosticScope.FailWrapAndThrow(Exception ex, string additionalMessage)

CredentialUnavailableException: DefaultAzureCredential failed to retrieve a token from the included credentials. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/defaultazurecredential/troubleshoot

• EnvironmentCredential authentication unavailable. Environment variables are not fully configured. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/environmentcredential/troubleshoot
• ManagedIdentityCredential authentication unavailable. Multiple attempts failed to obtain a token from the managed identity endpoint.
• 进程“C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\Extensions\lybeojxv.4oe\TokenService\Microsoft.Asal.TokenService.exe”失败，出现意外错误：TS003：错误，TS004：无法获取访问令牌。“AADSTS50020：来自身份提供商“live.com”的用户帐户“{EmailHidden}”在租户“Microsoft Services”中不存在，并且无法访问该租户中的应用程序“{IDREDACTED}”(Visual Studio)。需要先将该帐户添加为租户中的外部用户。注销并使用不同的 Azure Active Directory 用户帐户再次登录。跟踪 ID：{IDREDACTED} 相关 ID：{IDREDACTED} 时间戳：2021-12-20 19:46:59Z'。
• 未找到存储的凭据。需要在 VSCode Azure 帐户中对用户进行身份验证。有关详细信息，请参阅故障排除指南。 https://aka.ms/azsdk/net/identity/vscodecredential/troubleshoot
• Azure CLI 未安装
• 未安装 PowerShell。Azure.Identity.DefaultAzureCredential.GetTokenFromSourcesAsync（TokenCredential[] 源、TokenRequestContext requestContext、bool async、CancellationToken CancellationToken）

CryptographicException：尝试加密提供的数据时发生错误。有关详细信息，请参阅内部异常。Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Protect（字节[]纯文本）

我在相关文档和故障排除指南中找不到与我的设置和问题相关的任何内容。我觉得我必须遗漏一些简单的东西，比如某些凭据的过期或更改，但我找不到任何看起来是罪魁祸首的东西，并且代码库的任何部分都没有更改，Azure 环境也没有更改从我知道它起作用到开始，任何人都感动过它。

Answer 1

哎呀，在我费了 2 天的时间后，我通过在我的计算机上安装 Azure CLI 并从 PowerShell 窗口运行“az login”命令解决了这个问题。就这样。希望这可以节省其他人很多时间。