Azure Key Vault 证书:找不到密钥
Azure Key Vault Certificate: the key was not found
我正在尝试为现有 API 启用 Azure Key Vault 证书。我们的 Azure Key Vault 帐户中已经有了机密和 Azure Key Vault 证书。这是配置证书的代码:
public static IWebHost BuildWebHost() =>
WebHost.CreateDefaultBuilder()
.ConfigureAppConfiguration((context, config) =>
{
var env = context.HostingEnvironment;
config.SetBasePath(Directory.GetCurrentDirectory())
.AddJsonFile("appsettings.json", optional: false, reloadOnChange: true);
var builtConfig = config.Build();
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
var cert = store.Certificates.Find(X509FindType.FindByThumbprint, builtConfig["AzureKeyVault:CertThumbprint"], false);
config.AddAzureKeyVault(
$"https://{builtConfig["AzureKeyVault:Vault"]}.vault.azure.net/",
builtConfig["AzureKeyVault:ClientId"],
cert.OfType<X509Certificate2>().Single());
store.Close();
})
.UseStartup<Startup>()
.Build();
在我的本地计算机上,我正确导入了证书,其中包括下载 pfx 格式。
但是我收到的错误信息是:
Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException:
'AADSTS700027: Client assertion contains an invalid signature. [Reason
- The key was not found., Thumbprint of key used by client: 'xxx'
有什么原因造成的吗?
该消息表明证书未使用私钥导入 (certmgr.msc
) 或未为请求用户设置权限(使用机器商店时 - certlm.msc
)
我正在尝试为现有 API 启用 Azure Key Vault 证书。我们的 Azure Key Vault 帐户中已经有了机密和 Azure Key Vault 证书。这是配置证书的代码:
public static IWebHost BuildWebHost() =>
WebHost.CreateDefaultBuilder()
.ConfigureAppConfiguration((context, config) =>
{
var env = context.HostingEnvironment;
config.SetBasePath(Directory.GetCurrentDirectory())
.AddJsonFile("appsettings.json", optional: false, reloadOnChange: true);
var builtConfig = config.Build();
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
var cert = store.Certificates.Find(X509FindType.FindByThumbprint, builtConfig["AzureKeyVault:CertThumbprint"], false);
config.AddAzureKeyVault(
$"https://{builtConfig["AzureKeyVault:Vault"]}.vault.azure.net/",
builtConfig["AzureKeyVault:ClientId"],
cert.OfType<X509Certificate2>().Single());
store.Close();
})
.UseStartup<Startup>()
.Build();
在我的本地计算机上,我正确导入了证书,其中包括下载 pfx 格式。
但是我收到的错误信息是:
Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException: 'AADSTS700027: Client assertion contains an invalid signature. [Reason - The key was not found., Thumbprint of key used by client: 'xxx'
有什么原因造成的吗?
该消息表明证书未使用私钥导入 (certmgr.msc
) 或未为请求用户设置权限(使用机器商店时 - certlm.msc
)