我是 Azure 新手,正在尝试一个非常基本的方案:使用证书凭据对已注册的应用程序进行本地身份验证。
代码如下:
public async Task<QueueClient> GetQueueClientWithSdkWithCertificateCredentials(string storageAccountName, string queueName, string tenantId, string clientId, string certificateBase64Str)
{
var certificateCredentials = new ClientCertificateCredential(tenantId, clientId, new X509Certificate2(Convert.FromBase64String(certificateBase64Str)));
var queueClient = new QueueClient(new Uri($"https://{storageAccountName}.queue.core.windows.net/{queueName}"), certificateCredentials);
var createQueueResponse = await queueClient.CreateAsync();
if (createQueueResponse.IsError)
{
throw new Exception($"Error in creating queue: [{createQueueResponse}]");
}
return queueClient;
}
queueClient.CreateAsync
因错误而失败Azure.Identity.AuthenticationFailedException: 'ClientCertificateCredential authentication failed: The certificate certificate does not have a private key.
我的设置是:
.\openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 120 -nodes -subj "/C=XX/ST=South/L=Sderot/O=CodeValue/OU=EPIL/CN=MyCertificate"
执行所有这些操作 - 返回上述错误。 “证书证书没有私钥”是什么意思?我的意思是,本地安装的证书确实在底部显示了密钥 - 这表明它确实有私钥吗?
我缺少什么?
创建Microsoft Entra ID 申请并上传证书:
导出本机中的PFX证书:
如果没有传递私钥,通常会出现错误“证书没有私钥”。
要解决该错误,在使用客户端证书身份验证时传递私钥和证书路径。
修改如下代码以使用客户端证书身份验证创建队列:
namespace ConsoleApp1
{
class Program
{
static async Task Main(string[] args)
{
string storageAccountName = "testrukstrgacc";
string queueName = "testrukqueue";
string tenantId = "TenantID";
string clientId = "ClientID";
string certificatePath = "C:/demo/rukcert.pfx";
string certificatePassword = "Trash33!";
QueueClient queueClient = await GetQueueClientWithSdkWithCertificateCredentials(storageAccountName, queueName, tenantId, clientId, certificatePath, certificatePassword);
Console.WriteLine($"Queue client created: {queueClient.Uri}");
}
public static async Task<QueueClient> GetQueueClientWithSdkWithCertificateCredentials(string storageAccountName, string queueName, string tenantId, string clientId, string certificatePath, string certificatePassword)
{
var certificate = new X509Certificate2(certificatePath, certificatePassword);
var certificateCredentials = new ClientCertificateCredential(tenantId, clientId, certificate);
var queueClient = new QueueClient(new Uri($"https://{storageAccountName}.queue.core.windows.net/{queueName}"), certificateCredentials);
var createQueueResponse = await queueClient.CreateAsync();
if (createQueueResponse.IsError)
{
throw new Exception($"Error in creating queue: [{createQueueResponse}]");
}
return queueClient;
}
}
}
队列创建成功:
在门户中: