问题描述
我最近在使用托管服务标识时遇到了一个问题,事实证明这是在托管我的应用程序的Azure App Service计划内在托管服务标识终结点(MSI_ENDPOINT)中进行缓存的副作用.
I recently ran into a problem using Managed Service Identity which turned out to be a side effect of caching in the Managed Service Identity endpoint (MSI_ENDPOINT) within the Azure App Service Plan hosting my application.
当我的应用程序请求Key Vault的访问令牌时,它似乎返回了一个缓存的令牌,这意味着在更新缓存的值之前,我对服务主体和组所做的任何更改都不会应用.
When my application requests an access token for Key Vault, it appears to return a cached one, which means any changes I've made to Service Principals and groups doesn't apply until the cached value is updated.
azureServiceTokenProvider.GetAccessTokenAsync("https://vault.azure.net");
由于我找不到重置缓存或请求未缓存值的方法,并且无法重新启动整个App Service计划,因此,我发现的唯一解决方法是扩大App Service计划并然后再次返回-重置缓存(因为它是 新的VM?),意味着我得到了正确的访问令牌.
Since I can't find a way of resetting the cache, or requesting an uncached value, and I can't restart the entire App Service Plan, the only workaround I've found is to scale the App Service Plan up and then back again - which resets the cache (as it's a new VM?) and means I get the correct access token returned.
还有另一种解决方法吗?什么是缓存持续时间?
另请参阅我的原始问题:https://social.msdn.microsoft.com/Forums/azure/zh-CN/aaa1871f-2f35-4e21-97d6-9f863a4e9d53/assigning-azure-key-vault-access-policies -to-azure-active-directory-security-groups- contains?forum = AzureKeyVault
See also my original issue: https://social.msdn.microsoft.com/Forums/azure/en-US/aaa1871f-2f35-4e21-97d6-9f863a4e9d53/assigning-azure-key-vault-access-policies-to-azure-active-directory-security-groups-containing?forum=AzureKeyVault
推荐答案
这篇关于托管服务身份-通过MSI_ENDPOINT缓存访问令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!