Azure:在应用服务中使用从 Key Vault 获取的证书时出错
Azure : Error using certificate obtained from Key Vault in App Service
在我运行 net472 网络应用程序的 Azure 应用程序服务中,我按如下方式从密钥保管库访问证书:
var certSecret = await kvClient.GetSecretAsync(kvName, secretName);
然后我需要发送证书以向外部服务进行身份验证
var cert = new X509Certificate2(Convert.FromBase64String(certSecret.Value));
这一行抛出错误
System.Security.Cryptography.CryptographicException: The system cannot find the file specified.
at System.Security.Cryptography.CryptographicException.ThrowCryptogaphicException(Int32 hr)
at System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromBlob(Byte[] rawData, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx)
at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromBlob(Byte[] rawData)
at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(Byte[] rawData)
尝试如下获取秘密:
var certSecret = await kvClient.GetSecretAsync(vaultBaseUrl, secretName);
您可以检索 certSecret.value
以检查它是否有价值,然后将其发送到 X509Certificate2
,后者指定 X509KeyStorageFlags
存储标志。
X509Certificate2 x509 = new X509Certificate2(Convert.FromBase64String(certSecret.value), string.Empty, X509KeyStorageFlags.MachineKeySet)
在我运行 net472 网络应用程序的 Azure 应用程序服务中,我按如下方式从密钥保管库访问证书:
var certSecret = await kvClient.GetSecretAsync(kvName, secretName);
然后我需要发送证书以向外部服务进行身份验证
var cert = new X509Certificate2(Convert.FromBase64String(certSecret.Value));
这一行抛出错误
System.Security.Cryptography.CryptographicException: The system cannot find the file specified.
at System.Security.Cryptography.CryptographicException.ThrowCryptogaphicException(Int32 hr)
at System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromBlob(Byte[] rawData, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx)
at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromBlob(Byte[] rawData)
at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(Byte[] rawData)
尝试如下获取秘密:
var certSecret = await kvClient.GetSecretAsync(vaultBaseUrl, secretName);
您可以检索 certSecret.value
以检查它是否有价值,然后将其发送到 X509Certificate2
,后者指定 X509KeyStorageFlags
存储标志。
X509Certificate2 x509 = new X509Certificate2(Convert.FromBase64String(certSecret.value), string.Empty, X509KeyStorageFlags.MachineKeySet)