[英]Authenticate Asp.net 4.7.2 application to Azure AD using x509 certificate
We have updated several.Net Core / 5 applications to authenticate with Azure AD at the application level (not user) by registering them in Azure AD with x509 certificates.我们更新了几个.Net Core / 5 应用程序,通过在 Azure AD 中使用 x509 证书注册它们,在应用程序级别(不是用户)使用 Azure AD 进行身份验证。 With the purpose of pulling down Azure Key Vault secrets into our dev / production applications.
目的是将 Azure Key Vault 机密信息下拉到我们的开发/生产应用程序中。 I am currently looking for a solution to do this with our asp.net 4.7.2 MVC web applications.
我目前正在寻找使用我们的 asp.net 4.7.2 MVC web 应用程序执行此操作的解决方案。 Ideally this would update our web.config appSettings and connections strings automatically like it does when using the built in User Secrets file locally and like it does with our json files in the .net Core / 5 apps.
理想情况下,这将自动更新我们的 web.config appSettings 和连接字符串,就像在本地使用内置用户机密文件时一样,就像在 Z2D50972FECD376129545507F106208 应用程序中使用 json 文件一样。
Currently I have the registered app and associated cert in Azure AD.目前我在 Azure AD 中有注册的应用程序和相关证书。 The registered app has permissions to the Key Vault.
注册的应用程序有权访问 Key Vault。 If I open the app locally and add a connected service -> Azure Key Vault when signed into VS with an account that has access to my Azure domain, it all works without issue.
如果我在本地打开应用程序并添加连接的服务-> Azure Key Vault,当我使用有权访问我的 Azure 域的帐户登录 VS 时,一切正常。 Keys are replaced in my web.config with those values stored in Azure Key Vault instead of using what is saved in my local user secret file.
我的 web.config 中的密钥被存储在 Azure Key Vault 中的值替换,而不是使用保存在我的本地用户机密文件中的值。 Example of web.config config builder for reference:
web.config 配置生成器示例供参考:
<add name="AppSettings_AzureKeyVault" vaultName="vault-name" vaultUri="https://vault-name.vault.azure.net/" prefix="AppSetting-" stripPrefix="true" mode="Greedy" type="Microsoft.Configuration.ConfigurationBuilders.AzureKeyVaultConfigBuilder, Microsoft.Configuration.ConfigurationBuilders.Azure, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
How do I adjust this approach so that I can load and use the x509 certificate as opposed to having to be logged in as a specific user that has access to the key vault?如何调整此方法以便我可以加载和使用 x509 证书,而不必以有权访问密钥保管库的特定用户身份登录? Assuming there is something I would need to do in Global.asax or Startup.cs like I have done in the past with OWIN setups but uncertain on where to start there.
假设我需要在 Global.asax 或 Startup.cs 中做一些事情,就像我过去在 OWIN 设置中所做的那样,但不确定从哪里开始。
• I would suggest you to please refer to the following link regarding configuring certificate authentication in ASP.NET core application as it suggests using and importing an 'Microsoft.AspNetCore.Authentication.Certificate' Nuget package first and then calling the 'builder.Services.AddAuthentication(CertificateAuthenticationDefaults.AuthenticationScheme).AddCertificate(...);' • I would suggest you to please refer to the following link regarding configuring certificate authentication in ASP.NET core application as it suggests using and importing an 'Microsoft.AspNetCore.Authentication.Certificate' Nuget package first and then calling the 'builder.Services.AddAuthentication( CertificateAuthenticationDefaults.AuthenticationScheme).AddCertificate(...);' class in the 'Program.cs' file of the application.
class 在应用程序的“Program.cs”文件中。 Then configure the certificate validation through the 'CertificateAuthenticationOptions' handler that performs some validations that should be performed on a certificate and then it can be incorporated and used in the ASP.Net application.
然后通过“CertificateAuthenticationOptions”处理程序配置证书验证,该处理程序执行一些应在证书上执行的验证,然后可以将其合并并在 ASP.Net 应用程序中使用。
https://docs.microsoft.com/en-us/aspnet/core/security/authentication/certauth?view=aspnetcore-6.0 https://docs.microsoft.com/en-us/aspnet/core/security/authentication/certauth?view=aspnetcore-6.0
Once, the above stated has been done as told in the link, then you can try again to connect to your application hosted in the Azure API Management service through this certificate.一旦按照链接中的说明完成了上述操作,那么您可以再次尝试通过此证书连接到托管在 Azure API 管理服务中的应用程序。 For more information regarding configuration of Azure Keyvault in ASP.Net application and retrieving the certificate details from there to use it in your application, you can also refer to the below related documentation links: -
有关在 ASP.Net 应用程序中配置 Azure Keyvault 并从那里检索证书详细信息以在您的应用程序中使用它的更多信息,您还可以参考以下相关文档链接:-
https://docs.microsoft.com/en-us/aspnet/core/security/key-vault-configuration?view=aspnetcore-6.0 https://docs.microsoft.com/en-us/aspnet/core/security/key-vault-configuration?view=aspnetcore-6.0
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.