我在Azure中有一个作为经典云服务运行的工作进程。此过程需要从Azure密钥保管库检索值,并且我需要在我的源树之外将保管库身份验证保密。
传统的云工作者似乎无法使用托管身份,因此我正在查看证书。通过创建证书然后在Azure Active Directory中上载我的应用程序注册,我已经通过证书进行了身份验证以在本地工作:
证书创建:
New-SelfSignedCertificate -Subject "CN=MyFineCertificate" -CertStoreLocation "Cert:\CurrentUser\My" -KeyExportPolicy Exportable -KeySpec Signature
使用它连接到密钥库的代码(在本地工作):
private static KeyVaultClient GetClient()
{
var certificate = GetCertificate();
var assertion = new ClientAssertionCertificate(clientId, certificate);
var client = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback((a, r, s) => GetAccessTokenUsingCert(a, r, s, assertion)));
return client;
}
private static X509Certificate2 GetCertificate()
{
var certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
certStore.Open(OpenFlags.ReadOnly);
var results = certStore.Certificates.Find(/* criteria */);
return results[0];
}
private static async Task<string> GetAccessToken(string authority, string resource, string scope, ClientAssertionCertificate cert)
{ …c# azure x509certificate2 azure-cloud-services azure-keyvault