堆栈内存溢出
  简体   繁体   English

使用 x509 证书向 Azure AD 验证 Asp.net 4.7.2 应用程序

[英]Authenticate Asp.net 4.7.2 application to Azure AD using x509 certificate

 原文  2022-01-29 20:03:42       c#/ asp.net/ azure-active-directory/ azure-keyvault/ asp.net-mvc-5.2

问题描述

We have updated several.Net Core / 5 applications to authenticate with Azure AD at the application level (not user) by registering them in Azure AD with x509 certificates.我们更新了几个.Net Core / 5 应用程序,通过在 Azure AD 中使用 x509 证书注册它们,在应用程序级别(不是用户)使用 Azure AD 进行身份验证。 With the purpose of pulling down Azure Key Vault secrets into our dev / production applications.目的是将 Azure Key Vault 机密信息下拉到我们的开发/生产应用程序中。 I am currently looking for a solution to do this with our asp.net 4.7.2 MVC web applications.我目前正在寻找使用我们的 asp.net 4.7.2 MVC web 应用程序执行此操作的解决方案。 Ideally this would update our web.config appSettings and connections strings automatically like it does when using the built in User Secrets file locally and like it does with our json files in the .net Core / 5 apps.理想情况下,这将自动更新我们的 web.config appSettings 和连接字符串,就像在本地使用内置用户机密文件时一样,就像在 Z2D50972FECD376129545507F106208 应用程序中使用 json 文件一样。

Currently I have the registered app and associated cert in Azure AD.目前我在 Azure AD 中有注册的应用程序和相关证书。 The registered app has permissions to the Key Vault.注册的应用程序有权访问 Key Vault。 If I open the app locally and add a connected service -> Azure Key Vault when signed into VS with an account that has access to my Azure domain, it all works without issue.如果我在本地打开应用程序并添加连接的服务-> Azure Key Vault,当我使用有权访问我的 Azure 域的帐户登录 VS 时,一切正常。 Keys are replaced in my web.config with those values stored in Azure Key Vault instead of using what is saved in my local user secret file.我的 web.config 中的密钥被存储在 Azure Key Vault 中的值替换,而不是使用保存在我的本地用户机密文件中的值。 Example of web.config config builder for reference: web.config 配置生成器示例供参考:

<add name="AppSettings_AzureKeyVault" vaultName="vault-name" vaultUri="https://vault-name.vault.azure.net/" prefix="AppSetting-" stripPrefix="true" mode="Greedy" type="Microsoft.Configuration.ConfigurationBuilders.AzureKeyVaultConfigBuilder, Microsoft.Configuration.ConfigurationBuilders.Azure, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />

How do I adjust this approach so that I can load and use the x509 certificate as opposed to having to be logged in as a specific user that has access to the key vault?如何调整此方法以便我可以加载和使用 x509 证书,而不必以有权访问密钥保管库的特定用户身份登录? Assuming there is something I would need to do in Global.asax or Startup.cs like I have done in the past with OWIN setups but uncertain on where to start there.假设我需要在 Global.asax 或 Startup.cs 中做一些事情,就像我过去在 OWIN 设置中所做的那样,但不确定从哪里开始。

1 个解决方案

解决方案1
 0  2022-02-02 12:26:56

• I would suggest you to please refer to the following link regarding configuring certificate authentication in ASP.NET core application as it suggests using and importing an 'Microsoft.AspNetCore.Authentication.Certificate' Nuget package first and then calling the 'builder.Services.AddAuthentication(CertificateAuthenticationDefaults.AuthenticationScheme).AddCertificate(...);' • I would suggest you to please refer to the following link regarding configuring certificate authentication in ASP.NET core application as it suggests using and importing an 'Microsoft.AspNetCore.Authentication.Certificate' Nuget package first and then calling the 'builder.Services.AddAuthentication( CertificateAuthenticationDefaults.AuthenticationScheme).AddCertificate(...);' class in the 'Program.cs' file of the application. class 在应用程序的“Program.cs”文件中。 Then configure the certificate validation through the 'CertificateAuthenticationOptions' handler that performs some validations that should be performed on a certificate and then it can be incorporated and used in the ASP.Net application.然后通过“CertificateAuthenticationOptions”处理程序配置证书验证,该处理程序执行一些应在证书上执行的验证,然后可以将其合并并在 ASP.Net 应用程序中使用。

https://docs.microsoft.com/en-us/aspnet/core/security/authentication/certauth?view=aspnetcore-6.0 https://docs.microsoft.com/en-us/aspnet/core/security/authentication/certauth?view=aspnetcore-6.0

Once, the above stated has been done as told in the link, then you can try again to connect to your application hosted in the Azure API Management service through this certificate.一旦按照链接中的说明完成了上述操作,那么您可以再次尝试通过此证书连接到托管在 Azure API 管理服务中的应用程序。 For more information regarding configuration of Azure Keyvault in ASP.Net application and retrieving the certificate details from there to use it in your application, you can also refer to the below related documentation links: -有关在 ASP.Net 应用程序中配置 Azure Keyvault 并从那里检索证书详细信息以在您的应用程序中使用它的更多信息,您还可以参考以下相关文档链接:-

https://docs.microsoft.com/en-us/aspnet/core/security/key-vault-configuration?view=aspnetcore-6.0 https://docs.microsoft.com/en-us/aspnet/core/security/key-vault-configuration?view=aspnetcore-6.0

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用 HTTPS 连接 Docker Compose Prometheus ASP.NET Core Web API - X509 证书无效 - Wiring up Docker Compose Prometheus with bare ASP.NET Core Web API using HTTPS - Invalid X509 certificate 以编程方式将x509证书上传到Azure应用清单 - upload x509 certificate to azure application manifest programmatically 在 android .net 6.0 应用程序中读取 X509 证书 - Read X509 certificate in android .net 6.0 application Xamarin.iOS =&gt; 创建密钥对并将公钥(X.509)发送到 Z9E0DA8438E1E38A1C30F4B76CE73B8DZ MVC 应用程序 Z303CB8DZ25D9072D640EF9EDB9072. - Xamarin.iOS => Create Key Pair and send public key (X.509) to ASP.NET MVC Application .NET 4.7.2 使用X509证书进行解密 - Using a X509 certificate for decryption 使用Rsa和x509证书的ProtectedConfigurationProvider - ProtectedConfigurationProvider using Rsa and x509 certificate 使用X509证书的邮件签名 - Message Signing using X509 certificate 我可以在ASP.NET中使用X509Certificate2而不使用证书存储吗? - Can I use an X509Certificate2 within ASP.NET without using a certificate store? x509certificate2 到 .NET FR 中的 PEM。 4.7.2 - x509certificate2 to PEM in NET FR. 4.7.2 在Azure云服务中获取x509证书 - Get x509 Certificate In Azure Cloud Service
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM