我有一个 asp.net core web api (app1) 应用程序,它正在调用另一个 asp.net core web api (app2),我正在考虑将 app1 作为守护应用程序,我想使用证书而不是应用程序机密来跟踪客户端凭据。
一切正常,直到我的
app1
和 app2
都在本地计算机上运行,我正在本地计算机上读取如下所示的证书,
private static X509Certificate2 ReadCertificate(string certificateName)
{
if (string.IsNullOrWhiteSpace(certificateName))
{
throw new ArgumentException("certificateName should not be empty. Please set the CertificateName setting in the appsettings.json", "certificateName");
}
X509Certificate2 cert = null;
using (X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser))
{
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certCollection = store.Certificates;
// Find unexpired certificates.
X509Certificate2Collection currentCerts = certCollection.Find(X509FindType.FindByTimeValid, DateTime.Now, false);
// From the collection of unexpired certificates, find the ones with the correct name.
X509Certificate2Collection signingCert = currentCerts.Find(X509FindType.FindBySubjectDistinguishedName, certificateName, false);
// Return the first certificate in the collection, has the right name and is current.
cert = signingCert.OfType<X509Certificate2>().OrderByDescending(c => c.NotBefore).FirstOrDefault();
}
return cert;
}
证书位于本地计算机中,我正在从这里读取它,
using (X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser))
现在我想使用azure应用程序服务托管app1和2,现在的问题是如何读取证书?
谢谢!
您需要使证书可访问。您可以添加应用程序设置:
WEBSITE_LOAD_CERTIFICATES
,并加载要加载的comma-separated certificate thumbprints
值。