Azure Vault 中的 GetSecret 在尝试连接时抛出 NullReferenceException
GetSecret from Azure Vault throwing NullReferenceException when trying to connect
我有以下问题:
我正在尝试使用证书凭据连接到 Azure Vault。
尝试读取机密时,我得到 AuthenticationFailedException 内部 NullReferenceException。
为简洁起见,我只包含 NullReferenceException 的堆栈跟踪:
This exception was originally thrown at this call stack:
Azure.Identity.AadIdentityClient.CreateClientAssertionJWT(string, string, System.Security.Cryptography.X509Certificates.X509Certificate2)
Azure.Identity.AadIdentityClient.CreateClientCertificateAuthRequest(string, string, System.Security.Cryptography.X509Certificates.X509Certificate2, string[])
Azure.Identity.AadIdentityClient.Authenticate(string, string, System.Security.Cryptography.X509Certificates.X509Certificate2, string[], System.Threading.CancellationToken)
Azure.Identity.ClientCertificateCredential.GetToken(Azure.Core.TokenRequestContext, System.Threading.CancellationToken)
代码:
string keyVaultUrl = "https://somevault.vault.azure.net/";
var clientId = "<Application (client) ID>";
var tenantId = "<Directory (tenant) ID>";
X509Certificate2 clientCertificate = new X509Certificate2(@"someCerFile.cer");
ClientCertificateCredential certificateCreadential = new ClientCertificateCredential(tenantId, clientId, clientCertificate);
var client = new SecretClient(new Uri(keyVaultUrl), certificateCreadential);
var secret = client.GetSecret("Password"); //This line throws the exception
根据此处列出的步骤完成 Vault 配置:
https://docs.microsoft.com/en-us/azure/key-vault/general/authentication
有什么想法吗?
不幸的是,这个例外不是很有帮助。但是,我认为这里的问题是您需要提供具有私钥的 X509Certificate2,以便 ClientCertificateCredential 可以签署客户端断言。 .cer 文件只是证书的 public 部分。您将需要提供一个 .pfx 文件,其中还包含证书和私钥。
我有以下问题:
我正在尝试使用证书凭据连接到 Azure Vault。
尝试读取机密时,我得到 AuthenticationFailedException 内部 NullReferenceException。
为简洁起见,我只包含 NullReferenceException 的堆栈跟踪:
This exception was originally thrown at this call stack:
Azure.Identity.AadIdentityClient.CreateClientAssertionJWT(string, string, System.Security.Cryptography.X509Certificates.X509Certificate2)
Azure.Identity.AadIdentityClient.CreateClientCertificateAuthRequest(string, string, System.Security.Cryptography.X509Certificates.X509Certificate2, string[])
Azure.Identity.AadIdentityClient.Authenticate(string, string, System.Security.Cryptography.X509Certificates.X509Certificate2, string[], System.Threading.CancellationToken)
Azure.Identity.ClientCertificateCredential.GetToken(Azure.Core.TokenRequestContext, System.Threading.CancellationToken)
代码:
string keyVaultUrl = "https://somevault.vault.azure.net/";
var clientId = "<Application (client) ID>";
var tenantId = "<Directory (tenant) ID>";
X509Certificate2 clientCertificate = new X509Certificate2(@"someCerFile.cer");
ClientCertificateCredential certificateCreadential = new ClientCertificateCredential(tenantId, clientId, clientCertificate);
var client = new SecretClient(new Uri(keyVaultUrl), certificateCreadential);
var secret = client.GetSecret("Password"); //This line throws the exception
根据此处列出的步骤完成 Vault 配置:
https://docs.microsoft.com/en-us/azure/key-vault/general/authentication
有什么想法吗?
不幸的是,这个例外不是很有帮助。但是,我认为这里的问题是您需要提供具有私钥的 X509Certificate2,以便 ClientCertificateCredential 可以签署客户端断言。 .cer 文件只是证书的 public 部分。您将需要提供一个 .pfx 文件,其中还包含证书和私钥。