从密钥库获取证书失败
Get certificate from key vault failed
我正在使用函数应用程序获取密钥保管库证书,但出现如下异常:
The system can not find the file specified
at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
at System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromBlob(Byte[] rawData, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx)
at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromBlob(Byte[] rawData, Object password, X509KeyStorageFlags keyStorageFlags)
at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(Byte[] rawData)
at DWP.CDA.FunctionApp.Utils.CertificateHelper.GetKeyVaultCertificate(String keyvaultName, String name)
at DWP.CDA.FunctionApp.ProcessRequest.Run(JObject eventGridEvent, TraceWriter log)
它在我的本地运行良好 visual studio 因为我使用自己的帐户获得 azure 服务 authentication.I 授予对我的帐户的完全访问权限并授予对密钥保管库访问策略中功能应用程序的访问权限
这是我如何获取证书的代码:
internal static X509Certificate2 GetKeyVaultCertificate(string keyvaultName, string name)
{
var serviceTokenProvider = new AzureServiceTokenProvider();
var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(serviceTokenProvider.KeyVaultTokenCallback));
// Getting the certificate
var secret = keyVaultClient.GetSecretAsync("https://" + keyvaultName + ".vault.azure.net/", name);
// Returning the certificate
return new X509Certificate2(Convert.FromBase64String(secret.Result.Value));
}
我使用与你相同的代码,但它没有显示错误消息(在本地或 Azure 门户中)。我在visual studio中编辑,代码如下:
namespace FunctionApp7
{
public static class Function1
{
[FunctionName("Function1")]
public static async Task<IActionResult> Run(
[HttpTrigger(AuthorizationLevel.Function, "get", "post", Route = null)] HttpRequest req,
ILogger log)
{
log.LogInformation("C# HTTP trigger function processed a request.");
var serviceTokenProvider = new AzureServiceTokenProvider();
var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(serviceTokenProvider.KeyVaultTokenCallback));
// Getting the certificate
var secret = keyVaultClient.GetSecretAsync("https://***.vault.azure.net/", "***");
var certificate = new X509Certificate2(Convert.FromBase64String(secret.Result.Value));
log.LogInformation(certificate.ToString());
return new OkObjectResult("success");
}
}
}
它在 visual studio 中工作正常,当我将它从 visual studio 部署到 Azure 门户时也工作正常。
这里有一个post提到了一个解决办法你也可以试试。 post 告诉我们
If you include this code in an ASP.NET Core project and run it locally, it will work as expected. But if you deploy it to Azure (as a Web App or Azure Function), you will get this exception: The system cannot find the file specified
解决方法是:
var certificate = new X509Certificate2(Convert.FromBase64String(secret.Value),
(string)null,
X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);
希望对你有帮助~
我正在使用函数应用程序获取密钥保管库证书,但出现如下异常:
The system can not find the file specified
at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
at System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromBlob(Byte[] rawData, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx)
at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromBlob(Byte[] rawData, Object password, X509KeyStorageFlags keyStorageFlags)
at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(Byte[] rawData)
at DWP.CDA.FunctionApp.Utils.CertificateHelper.GetKeyVaultCertificate(String keyvaultName, String name)
at DWP.CDA.FunctionApp.ProcessRequest.Run(JObject eventGridEvent, TraceWriter log)
它在我的本地运行良好 visual studio 因为我使用自己的帐户获得 azure 服务 authentication.I 授予对我的帐户的完全访问权限并授予对密钥保管库访问策略中功能应用程序的访问权限
这是我如何获取证书的代码:
internal static X509Certificate2 GetKeyVaultCertificate(string keyvaultName, string name)
{
var serviceTokenProvider = new AzureServiceTokenProvider();
var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(serviceTokenProvider.KeyVaultTokenCallback));
// Getting the certificate
var secret = keyVaultClient.GetSecretAsync("https://" + keyvaultName + ".vault.azure.net/", name);
// Returning the certificate
return new X509Certificate2(Convert.FromBase64String(secret.Result.Value));
}
我使用与你相同的代码,但它没有显示错误消息(在本地或 Azure 门户中)。我在visual studio中编辑,代码如下:
namespace FunctionApp7
{
public static class Function1
{
[FunctionName("Function1")]
public static async Task<IActionResult> Run(
[HttpTrigger(AuthorizationLevel.Function, "get", "post", Route = null)] HttpRequest req,
ILogger log)
{
log.LogInformation("C# HTTP trigger function processed a request.");
var serviceTokenProvider = new AzureServiceTokenProvider();
var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(serviceTokenProvider.KeyVaultTokenCallback));
// Getting the certificate
var secret = keyVaultClient.GetSecretAsync("https://***.vault.azure.net/", "***");
var certificate = new X509Certificate2(Convert.FromBase64String(secret.Result.Value));
log.LogInformation(certificate.ToString());
return new OkObjectResult("success");
}
}
}
它在 visual studio 中工作正常,当我将它从 visual studio 部署到 Azure 门户时也工作正常。
这里有一个post提到了一个解决办法你也可以试试。 post 告诉我们
If you include this code in an ASP.NET Core project and run it locally, it will work as expected. But if you deploy it to Azure (as a Web App or Azure Function), you will get this exception:
The system cannot find the file specified
解决方法是:
var certificate = new X509Certificate2(Convert.FromBase64String(secret.Value),
(string)null,
X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);
希望对你有帮助~