Kev*_*ANG 3 c# x509certificate azure-keyvault azure-functions
我正在使用函数应用程序来获取密钥保管库证书,但出现如下异常:
系统无法
在 System.Security.Cryptography.CryptographyException.ThrowCryptographyException(Int32 hr)
处找到指定的文件 System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromBlob(Byte[] rawData, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx)
在System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromBlob(Byte [] rawData,对象密码,X509KeyStorageFlags keyStorageFlags)
在System.Security.Cryptography.X509Certificates.X509Certificate2 ..ctor(Byte [] rawData)
在DWP.CDA。 FunctionApp.Utils.CertificateHelper.GetKeyVaultCertificate(字符串 keyvaultName,字符串名称)
在 DWP.CDA.FunctionApp.ProcessRequest.Run(JObject eventGridEvent,TraceWriter 日志)
它在我的本地视觉工作室中运行良好,因为我使用自己的帐户来获得 azure 服务身份验证。我授予对我的帐户的完全访问权限,并在密钥库访问策略中授予对函数应用程序的访问权限
这是我的代码如何获取证书:
internal static X509Certificate2 GetKeyVaultCertificate(string keyvaultName, string name)
{
var serviceTokenProvider = new AzureServiceTokenProvider();
var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(serviceTokenProvider.KeyVaultTokenCallback));
// Getting the certificate
var secret = keyVaultClient.GetSecretAsync("https://" + keyvaultName + ".vault.azure.net/", name);
// Returning the certificate
return new X509Certificate2(Convert.FromBase64String(secret.Result.Value));
}
我使用与您的代码相同的代码,并且它没有显示错误消息(无论是在本地还是天蓝色门户中)。我是在Visual Studio中编辑的,代码如下:
namespace FunctionApp7
{
public static class Function1
{
[FunctionName("Function1")]
public static async Task<IActionResult> Run(
[HttpTrigger(AuthorizationLevel.Function, "get", "post", Route = null)] HttpRequest req,
ILogger log)
{
log.LogInformation("C# HTTP trigger function processed a request.");
var serviceTokenProvider = new AzureServiceTokenProvider();
var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(serviceTokenProvider.KeyVaultTokenCallback));
// Getting the certificate
var secret = keyVaultClient.GetSecretAsync("https://***.vault.azure.net/", "***");
var certificate = new X509Certificate2(Convert.FromBase64String(secret.Result.Value));
log.LogInformation(certificate.ToString());
return new OkObjectResult("success");
}
}
}
它在 Visual Studio 中运行良好,当我将其从 Visual Studio 部署到 Azure 门户时也运行良好。
这里有一篇文章提到了一个解决方案,你也可以尝试一下。帖子告诉我们
如果您将此代码包含在 ASP.NET Core 项目中并在本地运行它,它将按预期工作。但如果将其部署到 Azure(作为 Web 应用程序或 Azure 函数),您将收到此异常:
The system cannot find the file specified
解决办法是:
var certificate = new X509Certificate2(Convert.FromBase64String(secret.Value),
(string)null,
X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);
希望有帮助~
| 归档时间: |
|
| 查看次数: |
3751 次 |
| 最近记录: |