问题描述

按照 我创建了一个托管服务标识，一个功能应用程序，并设置了一个密钥库来存储凭据.

不幸的是，无论我尝试了什么，执行时似乎都无法避免出现403禁止消息:

As per the example at https://blog.kloud.com.au/2017/09/19/enabling-and-using-managed-service-identity-to-access-an-azure-key-vault-with-azure-powershell-functions/ I've created a Managed Service Identity, a Function App, and set up a Key Vault to store credentials.

Unfortunately, no matter what I've I tried, I can't seem to get past a 403 forbidden message resulting when executing:

$authenticationResult = Invoke-RestMethod -Method Get -Headers $header -Uri ($endpoint +'?resource=' +$vaultTokenURI)

从授予访问权限到应用程序功能简单的GET权限，到授予完全的权限而没有任何更改. 

任何人都可以提出其他可能与该博客文章示例场景不同的其他因素的建议，例如查询字符串中的API版本，缺少其他一些设置步骤吗?

基思·托米| Twitter: @itgroove_keith |博客: http://yalla.itgroove.net

请点击提议作为答案"如果帖子解决了问题或投票为有帮助的"，

I've gone from granting simple GET permissions on the Access Policy to the function App, to granting full permissions, with no change. 

Would anyone be able to suggest some other factor that might be different from that blog posts example scenario e.g. API version in the querystring, some other setup step missing?

Keith Tuomi | Twitter: @itgroove_keith | Blog:http://yalla.itgroove.net

Please click "Propose As Answer" if a post solves the problem or "Vote As Helpful" if a post has been useful to you.

推荐答案

这篇关于检索凭据时，Key Vault + Function App 403被禁止的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！