找不到证书-Azure .NET Core应用

问题描述 投票:-1回答:1

[当我从Azure运行我的Web应用程序时,出现一个异常,提示它找不到我的证书。

  1. 我已配置KeyVault来存储我的秘密,并且已将私钥证书上传到我的TLS / SSL设置。
  2. 在Azure Active Directory中,我注册了与我的私钥证书具有相同指纹的应用程序。
  3. 在我的Web应用程序的配置中,我添加了“ WEBSITE_LOAD_CERTIFICATES” =“ *”和“ KeyVault:Vault” =“ meiwebapivault”
  4. 然后在代码中,我的Program.cs负责查找证书。但是,这是失败的地方。

知道我缺少什么步骤或为什么失败了?

我遵循了此tutorial

KeyVault - Secrets

Azure Active Directory - App Registration

Uploaded certificate

webApp TSL/SSL Settings - private certificate

Configuration - App Settings

public class Program
    {
        public static void Main(string[] args)
        {
            CreateHostBuilder(args).Build().Run();
        }

        public static IHostBuilder CreateHostBuilder(string[] args) =>
            Host.CreateDefaultBuilder(args)
                .ConfigureAppConfiguration(builder =>
                {
                    var root = builder.Build();
                    var vaultName = root["KeyVault:Vault"];
                    if (!string.IsNullOrEmpty(vaultName))
                    {
                        builder.AddAzureKeyVault($"https://{vaultName}.vault.azure.net/",
                            root["KeyVault:ClientId"],
                            GetCertificate(root["KeyVault:Thumbprint"]),
                            new PrefixKeyVaultSecretManager("WebApi"));
                    }
                })
                .ConfigureWebHostDefaults(webBuilder =>
                {
                    webBuilder.UseStartup<Startup>();
                });

        private static X509Certificate2 GetCertificate(string thumbprint)
        {
            var store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
            try
            {
                store.Open(OpenFlags.ReadOnly);
                var certificateCollection = store.Certificates.Find(X509FindType.FindByThumbprint, thumbprint, true);

                if (certificateCollection.Count == 0)
                    throw new Exception("Certificate is not installed"); //<------------- FAILS HERE

                return certificateCollection[0];
            }
            finally
            {
                store.Close();
            }
        }
    }

{
  "KeyVault": {
    "Vault": "",
    "ClientId": "6ac#####-####-####-####-######ffe96",
    "Thumbprint": "4EC2C##############################4507C"
  },

public class PrefixKeyVaultSecretManager : IKeyVaultSecretManager
    {
        private readonly string _prefix;

        public PrefixKeyVaultSecretManager(string prefix)
        {
            _prefix = $"{prefix}-";
        }
        public string GetKey(SecretBundle secret)
        {
            return secret.SecretIdentifier.Name.Substring(_prefix.Length)
                .Replace("--", ConfigurationPath.KeyDelimiter);
        }

        public bool Load(SecretItem secret)
        {
            return secret.Identifier.Name.StartsWith(_prefix);
        }
    }
.net-core azure-active-directory ssl-certificate azure-web-sites azure-keyvault
1个回答
0
投票

我的设置正确。我只需要从[

更改这一行
var certificateCollection = store.Certificates.Find(X509FindType.FindByThumbprint, thumbprint, true);

to

var certificateCollection = store.Certificates.Find(X509FindType.FindByThumbprint, thumbprint, false);
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.