AddDataProtection().PersistKeysToAzureBlobStorage().ProtectKeysWithAzureKeyVault() getting httpVerb Error while accessing the blob storage
Application is hosted in Web Farm Scenario. I dont have an option to persist keys for dataprotection() in Database. I am not able to Persist the Key file in blob storage.
I have referred documentation and used these lines of code to store keyfile in blob.
builder.Services.AddDataProtection().PersistKeysToAzureBlobStorage('blob-sas-uri')
.ProtectKeysWithAzureKeyVault('keyvault identifier')
When i run the application I am getting the following error.
RequestFailedException: The resource doesn't support specified Http Verb.
ErrorCode: UnsupportedHttpVerb Content:
Azure.Storage.Blobs.BlockBlobRestClient.Upload(long contentLength, Stream body, Nullable<int> timeout, byte[] transactionalContentMD5, string blobContentType, string blobContentEncoding, string blobContentLanguage,...
Am I missing any configuration in Azure portal ?
Thanks in Advance.
Solution
code to store keyfile in blob.
As an alternative to SAS url , I have given RBAC role Storage Contributor and KeyVault Crypto User role, I used below code and it works for me:
Program.cs:
rith_b.Services.AddAzureClients(ri_cb =>
{
ri_cb.AddBlobServiceClient(new Uri("https://rithwik.blob.core.windows.net"));
});
rith_b.Services.AddDataProtection()
.PersistKeysToAzureBlobStorage(new Uri("https://rithwik.blob.core.windows.net/rithwik/test.xml"), new DefaultAzureCredential())
.ProtectKeysWithAzureKeyVault(new Uri("https://rith98.vault.azure.net/keys/test"), new DefaultAzureCredential());
Key in KeyVault:
Output:
Blob got created:
Edit:
You can use App registration and create service principal to which you have to give the needed roles:
For Cloud you can use:
using Azure.Identity;
-----
-----
string clntId = "xxx";
string clntSecret = "xxx";
string tenantId = "xxx";
var r_cred = new ClientSecretCredential(tenantId, clntId, clntSecret);
rith_b.Services.AddAzureClients(ri_cb =>
{
ri_cb.AddBlobServiceClient(new Uri("https://rithwik.blob.core.windows.net"))
.WithCredential(r_cred);
});
rith_b.Services.AddDataProtection()
.PersistKeysToAzureBlobStorage(new Uri("https://stgname.blob.core.windows.net/rithwik/test.xml"), r_cred)
.ProtectKeysWithAzureKeyVault(new Uri("https://keyvaultname.vault.azure.net/keys/test"), r_cred);
-----
-----
- Azure PowerShell command to list all Azure VM SKU Sizes enabled for Confidential Computing Azure ACC
- Create Azure TimerTrigger Durable Function in python
- Azure File Share: Cannot map network drive
- RBAC with bicep
- ADF expression to convert array to comma separated string
- How to get status of Azure machine learning service pipeline run using Rest Api?
- How do I deploy a Nuxt 3 solution to an Azure Node Web App
- Azure Blob Upload not working in ASP .Net Core Application
- How to clear a Cosmos DB database or delete all items using Azure portal
- Using script commands, how to add multiple scale rules to an Azure Container App?
- User Assigned Managed Identity: No User Assigned or Delegated Managed Identity found for specified ClientId/ResourceId/PrincipalId
- Generate resources dynamically from another group of dynamically generated resources in Terraform
- Column reordering in ADF
- Logic App AuthorizationFailure - vnet integration needed
- Azure blob, controlling filename on download
- Azure VNet peering with Private Link
- Get Private FQDNs, IPs, Names of the Private Endpoints for the Azure resources deployed in an Virtual Network using PowerShell Script
- How to configure appsettings on a auto-generated preview environment
- Using Azure DevOps, how do I migrate a release pipeline to code, similar to build pipeline yml?
- Root login Ubuntu VM on Azure
- Filtering azure devops release build based upon build tag with "Continuous deployment trigger"
- Azure WebApp autoscale
- How to handle long startup times in Azure App Service deployment
- Frontend not available when front and back on same Web App Azure
- Use Salesforce Connectors from Hosted Azure Logic App in VSCode?
- What is considered an ingestion request in Azure Data Explorer?
- Provisioning (SCIM) by Entra/Azure: Why can I not select the "groups" attribute in my attribute mapping?
- Azure function verbose trace logging to Application Insights
- Azure function app GraphServiceClient create list
- Cypress tests fail to run in parallel mode due to mismatched specs between different runs