Azure-docs: Getting 'HTTP Error 502.5 - Process Failure' running this example.
I'm getting the above error when the project is published. The status of the service says 'Your app is healthy' when I use the 'web app down' link in the diagnostics.
Running 'dotnet .keyvault.blahblah..dll' in the app service console results in this:
Unhandled Exception: Microsoft.Azure.KeyVault.Models.KeyVaultErrorException: Operation returned an invalid status code 'Forbidden'
at Microsoft.Azure.KeyVault.KeyVaultClient.<GetSecretsWithHttpMessagesAsync>d__66.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Azure.KeyVault.KeyVaultClientExtensions.<GetSecretsAsync>d__50.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Extensions.Configuration.AzureKeyVault.AzureKeyVaultConfigurationProvider.<LoadAsync>d__5.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Extensions.Configuration.AzureKeyVault.AzureKeyVaultConfigurationProvider.Load()
at Microsoft.Extensions.Configuration.ConfigurationRoot..ctor(IList`1 providers)
at Microsoft.Extensions.Configuration.ConfigurationBuilder.Build()
at Microsoft.AspNetCore.Hosting.WebHostBuilder.BuildCommonServices(AggregateException& hostingStartupErrors)
at Microsoft.AspNetCore.Hosting.WebHostBuilder.Build()
at key_vault_dotnet_core_quickstart.Program.BuildWebHost(String[] args) in C:projectsazurekeyvaultkey-vault-dotnet-core-quickstartProgram.cs:line 24
at key_vault_dotnet_core_quickstart.Program.Main(String[] args) in C:projectsazurekeyvaultkey-vault-dotnet-core-quickstartProgram.cs:line 2
I followed the documentation exactly and everything up to this point works as expected. However, the published project gives this error every time (I have gone through the documentation twice).
The secret is obtained normally when running locally.
Document Details
⚠Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
- ID: bc43d849-5b06-7185-0c9e-aaf240363aca
- Version Independent ID: 385f4dfe-326a-9e63-80ce-3c71903edf3c
- Content: Quickstart: Set and retrieve a secret from Azure Key Vault by using a node web app
- Content Source: articles/key-vault/quick-create-net.md
- Service: key-vault
- GitHub Login: @prashanthyv
- Microsoft Alias: barclayn
FieldMarshallVague
All 11 comments
Hi @FieldMarshallVague ,
Is this error when you deploy to Azure?
prashanthyv
on 10 Sep 2018
As above, it's when it is already published on azure. That's how I get the messages about 'your app is healthy'. I get on the first publish (i.e. the section: https://docs.microsoft.com/en-us/azure/key-vault/quick-create-net#publish-the-web-application-to-azure), but thought that this may be because I hadn't done the following section (where I authorise the app to get vault secrets). But re-reading the section, it looks like this should work anyway. Either way, I get the error.
So, I have gone through the whole document at https://docs.microsoft.com/en-us/azure/key-vault/quick-create-net. I get the error on first publish and when I reach the last part ("Now when you run the application, you should see your secret value retrieved.") I also get the error.
FieldMarshallVague
on 10 Sep 2018
One thing I noticed, the .Net version on the running app (Azure) says .Net 4.7, with no option for .Net core. From similar issues on StackOverflow, this might be a version mismatch. Could this be it?
I have tried to update the .Net core package to 2.1.3, but this has no effect on the problem. It looks like the app fails when trying to retrieve the secret on startup. For some reason, the request is denied with a 403. I have manually added the access policy for this app service to the keyvault through both the CLI and the Azure portal interface. I have only added it via the 'Application' setting and assigned 'get' role as described in the docs.
FieldMarshallVague
on 11 Sep 2018
OK, I've figured out the problem through trial and error. It's because the docs tell you to assign the 'get' permission, but it needs both 'get' and 'list' permissions. Where the docs say "Then, run this command by using the name of your key vault and the value of PrincipalId:", you should update it to read:
az keyvault set-policy --name '<YourKeyVaultName>' --object-id <PrincipalId> --secret-permissions get list
FieldMarshallVague
on 11 Sep 2018
Hi @FieldMarshallVague ,
Thank you. I was sure it was a permissions issue. Thank you for this note. We will update the docs
prashanthyv
on 11 Sep 2018
@barclayn - Can we close this issue?
prashanthyv
on 11 Sep 2018
please-close
barclayn
on 11 Sep 2018
I have tried to update your docs for you, using the auto-fork and edit option here in GH. When I make the change (adding 'list' to the list of permissions) I can't click the 'propose file change' button, it's slightly greyed-out. Having wasted 4 hours on this issue (which is basically a 4-letter typo), I'm keen to see this change made.
Also, the documentation for updating another user's files is out of date and doesn't apply to what I'm seeing:
https://help.github.com/articles/editing-files-in-another-user-s-repository/
p.s. I re-opened this issue because the cause isn't actually fixed yet :)
FieldMarshallVague
on 12 Sep 2018
@FieldMarshallVague the change should go live within 24 hours from now.
barclayn
on 12 Sep 2018
Hey @FieldMarshallVague We will now proceed to close this thread. If there are further questions regarding this matter, please reopen it and we will gladly continue the discussion.
mike-urnun-msft
on 12 Sep 2018
You may also want to consider updating this readme to match https://github.com/Azure-Samples/key-vault-dotnet-core-quickstart
FreedCapybara
on 25 Nov 2018
Related issues
paulmarshall
·
3Comments
Ponant
·
3Comments
jharbieh
·
3Comments
Favna
·
3Comments
Agazoth
·
3Comments