Azure Key Vault Certificate: the key was not found

Question

I am trying to enable Azure Key Vault Certificate to the existing API. We already have secrets and Azure Key Vault certificate in the Azure Key Vault account. Here's the code to configure the certificate:

 public static IWebHost BuildWebHost() =>
               WebHost.CreateDefaultBuilder()
                   .ConfigureAppConfiguration((context, config) =>
                   {
                       var env = context.HostingEnvironment;
                       config.SetBasePath(Directory.GetCurrentDirectory())
                            .AddJsonFile("appsettings.json", optional: false, reloadOnChange: true);

                       var builtConfig = config.Build();
                       X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
                       store.Open(OpenFlags.ReadOnly);
                       var cert = store.Certificates.Find(X509FindType.FindByThumbprint, builtConfig["AzureKeyVault:CertThumbprint"], false);
                       config.AddAzureKeyVault(
                               $"https://{builtConfig["AzureKeyVault:Vault"]}.vault.azure.net/",
                               builtConfig["AzureKeyVault:ClientId"],
                               cert.OfType<X509Certificate2>().Single());
                       store.Close();
                   })
                   .UseStartup<Startup>()
                   .Build();

On my local computer, I imported the certificate properly, which includes downloading the pfx format.

But the error message I received was:

Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException: 'AADSTS700027: Client assertion contains an invalid signature. [Reason - The key was not found., Thumbprint of key used by client: 'xxx'

Any reason that causes this?

Answer 1

该消息表明证书未使用私钥（ cermgr.msc ）导入，或者未为请求用户设置权限（使用机器存储时certlm.msc ）