azure - Is Key Vault the cause of 500 error App Service - Stack Overflow

I recently deployed a .NET 8 Application in Azure but got the HTTP Error 500.30 - ASP.NET Core app failed to start when navigating to the default URL Azure provides. I have a couple of Azure services that the application is consuming. Blob Storage, Key Vaults (KV), and SQL database.

After some investigation, I came to the conclusion that it had to do with networking issues, however, I have set the network to be public because the website can be accessed by anyone. Just not the DB and KV. I don't believe that the DB could cause the 500 error but I do believe now that KV could be the culprit.

My question is in two parts. Is KV the reason my application is not running? If so, how to fix it? I see that I may need to provide some sort of access policy, possibly? Any help is appreciated.

Edit:

Here is how I'm trying to access the KV in the Program.cs file.

var builder = WebApplication.CreateBuilder(args);

string keyVaultUri = builder.Configuration["KeyVaultConfig:KVUrl"];

var credentials = new DefaultAzureCredential();
var client = new SecretClient(new Uri(keyVaultUri), credentials);
string tenantId = "TenantId";
string blobStorageName = "BlobStorageName";
string blobConnString = "BlobConnectionString";
string azureConnectionString = "AzureSQLConnectionString";

KeyVaultSecret blobName = await client.GetSecretAsync(blobStorageName);
KeyVaultSecret blobConnectionString = await client.GetSecretAsync(blobConnString);
KeyVaultSecret azConnString = await client.GetSecretAsync(azureConnectionString);

string dbValue = azConnString.Value;
builder.Configuration["BlobConfig:BlobStorageName"] = blobName.Value;
builder.Configuration["BlobConfig:BloblConnectionString"] = blobConnectionString.Value;

builder.Services.AddDbContext<SuperAnchorDBContext>(options => options.UseSqlServer(dbValue));

I recently deployed a .NET 8 Application in Azure but got the HTTP Error 500.30 - ASP.NET Core app failed to start when navigating to the default URL Azure provides. I have a couple of Azure services that the application is consuming. Blob Storage, Key Vaults (KV), and SQL database.

After some investigation, I came to the conclusion that it had to do with networking issues, however, I have set the network to be public because the website can be accessed by anyone. Just not the DB and KV. I don't believe that the DB could cause the 500 error but I do believe now that KV could be the culprit.

My question is in two parts. Is KV the reason my application is not running? If so, how to fix it? I see that I may need to provide some sort of access policy, possibly? Any help is appreciated.

Edit:

Here is how I'm trying to access the KV in the Program.cs file.

var builder = WebApplication.CreateBuilder(args);

string keyVaultUri = builder.Configuration["KeyVaultConfig:KVUrl"];

var credentials = new DefaultAzureCredential();
var client = new SecretClient(new Uri(keyVaultUri), credentials);
string tenantId = "TenantId";
string blobStorageName = "BlobStorageName";
string blobConnString = "BlobConnectionString";
string azureConnectionString = "AzureSQLConnectionString";

KeyVaultSecret blobName = await client.GetSecretAsync(blobStorageName);
KeyVaultSecret blobConnectionString = await client.GetSecretAsync(blobConnString);
KeyVaultSecret azConnString = await client.GetSecretAsync(azureConnectionString);

string dbValue = azConnString.Value;
builder.Configuration["BlobConfig:BlobStorageName"] = blobName.Value;
builder.Configuration["BlobConfig:BloblConnectionString"] = blobConnectionString.Value;

builder.Services.AddDbContext<SuperAnchorDBContext>(options => options.UseSqlServer(dbValue));

• azure
• deployment
• azure-web-app-service
• azure-keyvault

Share Improve this question Follow edited Jan 18 at 19:33 DonDavid12 asked Jan 17 at 21:31 DonDavid12DonDavid12 20911 silver badge1111 bronze badges 4

• Can you share your GitHub repository? – Dasari Kamali Commented Jan 18 at 3:43
• It could be kv indirectly that causes app crash on start. Typically you would load secrets from kv or via app settings during app startup. But depending on your code. – qkfang Commented Jan 18 at 7:21
• Have you granted your app service access to the key vault? – Rui Jarimba Commented Jan 18 at 13:37
• I have added the Program.cs file code on how I'm accessing the KV – DonDavid12 Commented Jan 18 at 21:54

Add a comment  | 

2 Answers 2

Sorted by: Reset to default 0

var credentials = new DefaultAzureCredential(); will use the app service's identity to connect to keyvault. if the rbac is not configured on the app service, this line will fail and crash the startup of the app service.

please follow Rui's link to configure the access: https://learn.microsoft.com/en-us/azure/app-service/app-service-key-vault-references?tabs=azure-cli#grant-your-app-access-to-a-key-vault

the app probably would work locally, because DefaultAzureCredential will likely to use your account when running locally.

if you would like to do a test to make sure KV is the issue, you can replace client.GetSecretAsync bit with actual string value to see if app starts or not to be 100%.

KeyVaultSecret blobName = await client.GetSecretAsync(blobStorageName);
KeyVaultSecret blobConnectionString = await client.GetSecretAsync(blobConnString);
KeyVaultSecret azConnString = await client.GetSecretAsync(azureConnectionString);

I have found my solution. I forgot to add the Client Id, Tenant Id, and CLient Secret in the environment variables in the app services. Added those and now it is working properly