Azure key vault access denied

Question

While performing the task to obtain secret from Azure key vault, I got an error states "Access denied" herewith I have attached the following code.

public static async Task<string> GetToken(string authority, string resource, string scope)

    {

        var authContext = new AuthenticationContext(authority);

        ClientCredential clientCred = new ClientCredential(...); //app id, app secret

        AuthenticationResult result = await authContext.AcquireTokenAsync(resource, clientCred);

        if (result == null)

            throw new InvalidOperationException("Failed to obtain the JWT token");

        return result.AccessToken;

    }

    public static string GetSecret(string secretName)

    {

        KeyVaultClient keyVaultClient = new KeyVaultClient(GetToken);

        try

        {

            return keyVaultClient.GetSecretAsync("my-key-vault-url", secretName).Result.Value;

        }

        catch(Exception ex)

        {

            return "Error";

        }

    }

Can anyone please help me, what exactly I have to change in this code so that the error will rectify or is there any changes which I have to make in Azure Portal?

Answer 1

In order to fix this error you need to configure some permissions of azure active directory and grant access to key vault.

To do that using Azure portal follow these steps :

1. Open key Vault

2. Select Access Policies from key vault bar.

3. Click on Add Access Policy.

4. Select Principal to select your application.

5. From key permissions drop down menu, select 'Decrypt','Sign','Get','UnwrapKey' permissions.

6. Save the changes

I hope this will work for you.

Want to know more about Azure? Join azure certification now !