C# 从密钥库获取证书失败
我正在使用function app获取密钥保险库证书,但获得以下异常:C# 从密钥库获取证书失败,c#,azure-functions,x509certificate,azure-keyvault,C#,Azure Functions,X509certificate,Azure Keyvault,我正在使用function app获取密钥保险库证书,但获得以下异常: namespace FunctionApp7 { public static class Function1 { [FunctionName("Function1")] public static async Task<IActionResult> Run( [HttpTrigger(AuthorizationLevel.Function,
namespace FunctionApp7
{
public static class Function1
{
[FunctionName("Function1")]
public static async Task<IActionResult> Run(
[HttpTrigger(AuthorizationLevel.Function, "get", "post", Route = null)] HttpRequest req,
ILogger log)
{
log.LogInformation("C# HTTP trigger function processed a request.");
var serviceTokenProvider = new AzureServiceTokenProvider();
var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(serviceTokenProvider.KeyVaultTokenCallback));
// Getting the certificate
var secret = keyVaultClient.GetSecretAsync("https://***.vault.azure.net/", "***");
var certificate = new X509Certificate2(Convert.FromBase64String(secret.Result.Value));
log.LogInformation(certificate.ToString());
return new OkObjectResult("success");
}
}
}
在System.Security.Cryptographics.CryptographicException.ThrowCryptographicException(Int32 hr)中
在System.Security.Cryptography.X509Certificates.X509Utils.\u LoadCertFromBlob(字节[]rawData、IntPtr密码、UInt32 dwFlags、布尔persistKeySet、SafeCertContextHandle和pCertCtx)
位于System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromBlob(字节[]rawData,对象密码,X509KeyStrageFlags KeyStrageFlags)
位于System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(字节[]rawData)
在DWP.CDA.functionpp.Utils.CertificateHelper.GetKeyVaultCertificate(字符串keyvaultName,字符串名称)
在DWP.CDA.functionpp.ProcessRequest.Run(JObject eventGridEvent,TraceWriter日志) 它在我本地的visual studio中运行良好,因为我使用自己的帐户获得azure服务身份验证。我在密钥vault访问策略中授予对我的帐户的完全访问权限,并授予对功能应用程序的访问权限 以下是我的代码如何获取证书:
internal static X509Certificate2 GetKeyVaultCertificate(string keyvaultName, string name)
{
var serviceTokenProvider = new AzureServiceTokenProvider();
var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(serviceTokenProvider.KeyVaultTokenCallback));
// Getting the certificate
var secret = keyVaultClient.GetSecretAsync("https://" + keyvaultName + ".vault.azure.net/", name);
// Returning the certificate
return new X509Certificate2(Convert.FromBase64String(secret.Result.Value));
}
我对您的使用了相同的代码,但它不会显示错误消息(在本地或azure门户中)。我在visual studio中编辑它,代码如下所示:
namespace FunctionApp7
{
public static class Function1
{
[FunctionName("Function1")]
public static async Task<IActionResult> Run(
[HttpTrigger(AuthorizationLevel.Function, "get", "post", Route = null)] HttpRequest req,
ILogger log)
{
log.LogInformation("C# HTTP trigger function processed a request.");
var serviceTokenProvider = new AzureServiceTokenProvider();
var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(serviceTokenProvider.KeyVaultTokenCallback));
// Getting the certificate
var secret = keyVaultClient.GetSecretAsync("https://***.vault.azure.net/", "***");
var certificate = new X509Certificate2(Convert.FromBase64String(secret.Result.Value));
log.LogInformation(certificate.ToString());
return new OkObjectResult("success");
}
}
}
希望有帮助~您能尝试使用“var certificate=new X509Certificate2(privateKeyBytes,(string)null);”吗?您好@KevinYANG问题解决后,您能将答案标记为“已接受”,谢谢~您能告诉我为什么通常的版本不能按预期工作吗?