从密钥库获取证书失败

时间:2020-03-17 05:36:07

标签: c# azure-functions x509certificate azure-keyvault

我正在使用功能应用程序获取密钥库证书,但出现以下异常:

系统找不到指定的文件
在System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
at System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromBlob(Byte [] rawData,IntPtr密码,UInt32 dwFlags,布尔值persistKeySet,SafeCertContextHandle和pCertCtx)
在System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromBlob(Byte [] rawData,Object password,X509KeyStorageFlags keyStorageFlags)中
在System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(Byte [] rawData)
在DWP.CDA.FunctionApp.Utils.CertificateHelper.GetKeyVaultCertificate(String keyvaultName,String name)
在DWP.CDA.FunctionApp.ProcessRequest.Run(JObject eventGridEvent,TraceWriter日志)

在我自己的本地Visual Studio中,它运行良好,因为我使用自己的帐户进行Azure服务认证。我拥有对帐户的完全访问权限,并可以在关键文件库访问策略中访问功能应用程序

这是我的代码如何获得证书:

internal static X509Certificate2 GetKeyVaultCertificate(string keyvaultName, string name)
        {
            var serviceTokenProvider = new AzureServiceTokenProvider();
            var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(serviceTokenProvider.KeyVaultTokenCallback));

            // Getting the certificate
            var secret = keyVaultClient.GetSecretAsync("https://" + keyvaultName + ".vault.azure.net/", name);

            // Returning the certificate
            return new X509Certificate2(Convert.FromBase64String(secret.Result.Value));
        }

1 个答案:

答案 0 :(得分:3)

我使用与您相同的代码,并且没有显示错误消息(在本地或天蓝色门户中)。我在Visual Studio中对其进行编辑,代码如下所示:

namespace FunctionApp7
{
    public static class Function1
    {
        [FunctionName("Function1")]
        public static async Task<IActionResult> Run(
            [HttpTrigger(AuthorizationLevel.Function, "get", "post", Route = null)] HttpRequest req,
            ILogger log)
        {
            log.LogInformation("C# HTTP trigger function processed a request.");

            var serviceTokenProvider = new AzureServiceTokenProvider();
            var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(serviceTokenProvider.KeyVaultTokenCallback));

            // Getting the certificate
            var secret = keyVaultClient.GetSecretAsync("https://***.vault.azure.net/", "***");


            var certificate = new X509Certificate2(Convert.FromBase64String(secret.Result.Value));

            log.LogInformation(certificate.ToString());

            return new OkObjectResult("success");
        }
    }
}

它在Visual Studio中工作正常,当我将其从Visual Studio部署到Azure门户时也可以工作。

这里是post,其中提到了您也可以尝试的解决方案。帖子告诉我们

如果将此代码包含在ASP.NET Core项目中并在本地运行,它将按预期运行。但是,如果将其部署到Azure(作为Web应用程序或Azure功能),则会出现以下异常:The system cannot find the file specified

解决方案是:

var certificate = new X509Certificate2(Convert.FromBase64String(secret.Value), 
                    (string)null, 
                    X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);

希望有帮助〜

相关问题
最新问题