Accessing certificate in Azure KeyVault from ASP.NET Core app

Question

I have created a Blazor WebAssembly app with a server backend using Identity Server out-of-box (from the template).

I want to publish it to Azure but I don't get it working with loading the certificate from Azure KeyVault.

I have used the wizards in Visual Studio to generate the boilerplate code. Everything has been configured too.

And I read this guide too: https://docs.microsoft.com/en-us/aspnet/core/blazor/security/webassembly/hosted-with-identity-server?view=aspnetcore-5.0&tabs=visual-studio#host-in-azure-app-service-with-a-custom-domain

And I have created a certificate in the Key Vault named IdentityServerSigning with CN=IdentityServerSigning .

When I then run the app I get 500.30.

Opening the Web-based Console from the Portal, I launch the app and get that it could not find a valid certificate 'CN=IdentityServerSigning' on the 'CurrentUser/My' .

What am I missing?

Answer 1

I guess you may forget to add application setting on portal, if your code has no problem.

We need to give Azure App Service permission to use the newly uploaded certificate. For that:

1. Go to Configuration in the menu of your Azure App Service
2. Click on New application setting
3. In Name, put: WEBSITE_LOAD_CERTIFICATES
4. In Value, put the Thumbprint that you copied from the previous section.
5. Click Ok, and don't forget to click Save

If it doesn't work, pls read below blogs, you will find out the issues.

Suggestion

You can refer to this blogs to check the steps, I believe it will useful to you.

Blazor: Using a Self-Signed Certificate for IdentityServer4 in Azure App Service

Answer 2

To load the cert from Azure Key Vault in IdentityServer 4, you can use ActiveLogin:( https://github.com/ActiveLogin/ActiveLogin.Authentication )

More here: https://github.com/IdentityServer/IdentityServer4/issues/2705