Azure Key Vault证书:未找到密钥

问题描述 投票:1回答:1

我正在尝试为现有API启用Azure Key Vault证书。我们已在Azure Key Vault帐户中拥有机密和Azure Key Vault证书。这是配置证书的代码:

 public static IWebHost BuildWebHost() =>
               WebHost.CreateDefaultBuilder()
                   .ConfigureAppConfiguration((context, config) =>
                   {
                       var env = context.HostingEnvironment;
                       config.SetBasePath(Directory.GetCurrentDirectory())
                            .AddJsonFile("appsettings.json", optional: false, reloadOnChange: true);

                       var builtConfig = config.Build();
                       X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
                       store.Open(OpenFlags.ReadOnly);
                       var cert = store.Certificates.Find(X509FindType.FindByThumbprint, builtConfig["AzureKeyVault:CertThumbprint"], false);
                       config.AddAzureKeyVault(
                               $"https://{builtConfig["AzureKeyVault:Vault"]}.vault.azure.net/",
                               builtConfig["AzureKeyVault:ClientId"],
                               cert.OfType<X509Certificate2>().Single());
                       store.Close();
                   })
                   .UseStartup<Startup>()
                   .Build();

在我的本地计算机上,我正确导入了证书,其中包括下载pfx格式。

但我收到的错误信息是:

Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException:'AADSTS700027:客户端断言包含无效签名。 [原因 - 未找到密钥。客户使用的密钥指纹:'xxx'

导致这种情况的任何原因?

azure asp.net-core x509certificate azure-keyvault
1个回答
2
投票

该消息表明证书未导入私钥(cermgr.msc)或未为请求用户设置权限(使用机器存储时 - certlm.msc

© www.soinside.com 2019 - 2024. All rights reserved.