Azure:在应用服务中使用从 Key Vault 获得的证书时出错
[英]Azure : Error using certificate obtained from Key Vault in App Service
问题描述
In my Azure App Service which runs a net472 web app, I access certificate from key vault as follows:
在运行 net472 web 应用程序的 Azure 应用程序服务中,我从密钥库访问证书,如下所示:
var certSecret = await kvClient.GetSecretAsync(kvName, secretName);
I then need to send the certificate to authenticate to an external service然后我需要发送证书以向外部服务进行身份验证
var cert = new X509Certificate2(Convert.FromBase64String(certSecret.Value));
This line throws an error此行会引发错误
System.Security.Cryptography.CryptographicException: The system cannot find the file specified.
at System.Security.Cryptography.CryptographicException.ThrowCryptogaphicException(Int32 hr)
at System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromBlob(Byte[] rawData, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx)
at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromBlob(Byte[] rawData)
at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(Byte[] rawData)
1 个解决方案
解决方案1
0 已采纳 2020-06-25 09:42:09
Try to get secret as below:尝试获取如下秘密:
var certSecret = await kvClient.GetSecretAsync(vaultBaseUrl, secretName);
You could retrieve certSecret.value to check whether it has value then send it to X509Certificate2 which specify the X509KeyStorageFlags storage flags.您可以检索certSecret.value以检查它是否具有值,然后将其发送到指定X509KeyStorageFlags存储标志的X509Certificate2 。
X509Certificate2 x509 = new X509Certificate2(Convert.FromBase64String(certSecret.value), string.Empty, X509KeyStorageFlags.MachineKeySet)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.