问题:
Hashicorp Vault Kerberos Auth with VaultSharp
洪季萌
public string GetSecretWithKerberosAuthUsingVaultSharp(string keyName, string vaultBaseAddress, string vaultResourcePath, string mountPoint)
{
IAuthMethodInfo authMethod = new KerberosAuthMethodInfo(); // uses network credential by default.
var vaultClientSettings = new VaultClientSettings(vaultBaseAddress, authMethod);
IVaultClient vaultClient = new VaultClient(vaultClientSettings);
var result = vaultClient.V1.Secrets.KeyValue.V2.ReadSecretAsync(vaultResourcePath, mountPoint: mountPoint).Result;
//Above line gives this error message:
//{"request_id":"a85dfbb3-b283-3513-7cd3-01ad757eed1b","lease_id":"","renewable":false,"lease_duration":0,"data":null,"wrap_info":null,"warnings":["Unauthorised.\n\n"],"auth":null}
var resultData = result.Data;
string secret = resultData.Data[keyName].ToString();
return secret;
}
authmethod.credentials.username/domain都是空字符串。我不知道在这种情况下是否应该填充它们,但文档声明它“默认情况下使用网络凭据”
任何帮助都很感激。
共有1个答案
卫兴邦
您的web应用程序是否运行在集成Windows Auth模式下,禁用匿名Auth?
如果没有,请在该模式下使您的web应用程序具有Windows集成Auth上下文,以便从VaultSharp到Vault API的web调用具有安全上下文。
如果是,那么你能试几样吗?
var kerberosAuthInfo = new KerberosAuthMethodInfo(CredentialCache.DefaultCredentials);
var kerberosAuthInfo = new KerberosAuthMethodInfo(new NetworkCredential(userName, password, domain));
类似资料: