C# KeyVaultKeyResolver中的Azure密钥始终为空
我正在通过我的MVC/Durandal web应用程序将身份文档保存到Azure blob存储。我下面的示例使用Azure密钥库对Azure存储中的Blob进行加密,以存储加密机密 这是我的密码: public async Task UploadIdentityDocumentForClient(string fileName, ParsedClientModel parsedClientModel) { BlobRequestOptions options = await GetBlobRequestOptions(); await _storageRepository.CreateEncryptedBlobFromByteArray(_storageManager, _containerName, fileName, parsedClientModel.IdentityDocumentFile, parsedClientModel.IdentityDocumentContentType, options); return fileName; } private static async Task GetBlobRequestOptions() { string secretUri = WebConfigurationManager.AppSettings["SecretUri"]; string secretName = WebConfigurationManager.AppSettings["SecretEncryptionName"]; *1 KeyVaultKeyResolver keyVaultKeyResolver = new KeyVaultKeyResolver(GetAccessToken); *2 IKey rsaKey = keyVaultKeyResolver.ResolveKeyAsync($"{secretUri}/secrets/{secretName}", CancellationToken.None).GetAwaiter().GetResult(); BlobEncryptionPolicy policy = new BlobEncryptionPolicy(rsaKey, null); BlobRequestOptions options = new BlobRequestOptions { EncryptionPolicy = policy }; return options; } public static async Task GetAccessToken(string authority, string resource, string scope) { string clientId = WebConfigurationManager.AppSettings["ClientId"]; string clientSecret = WebConfigurationManager.AppSettings["ClientSecret"]; ClientCredential clientCredential = new ClientCredential(clientId, clientSecret); AuthenticationContext authenticationContext = new AuthenticationContext(authority, TokenCache.DefaultShared); AuthenticationResult result = await authenticationContext.AcquireTokenAsync(resource, clientCredential); if (result == null) { throw new InvalidOperationException( "GetAccessToken - Failed to obtain the Active Directory token for application."); } *3 return result.AccessToken; } public async Task CreateEncryptedBlobFromByteArray(IStorageManager storageManager, string containerName, string fileName, byte[] byteArray, string contentType, BlobRequestOptions options) { CloudBlobContainer container = await CreateStorageContainerIfNotExists(storageManager, containerName); CloudBlockBlob blob = container.GetBlockBlobReference(fileName); blob.Properties.ContentType = contentType; await blob.UploadFromByteArrayAsync(byteArray, 0, byteArray.Length, AccessCondition.GenerateEmptyCondition(), options, new OperationContext()); } 公共异步任务UploadIdentityDocumentForClient(字符串文件名,ParsedClientModel ParsedClientModel) { BlobRequestOptions options=等待GetBlobRequestOptions(); 等待 _storageRepository.CreateEncryptedBlobFromByteArray(_storageManager,_containerName,文件名,parsedClientModel.IdentityDocumentFile,parsedClientModel.IdentityDocumentContentType,选项); 返回文件名; } 私有静态异步任务GetBlobRequestOptions() { string secretUri=WebConfigurationManager.AppSettings[“secretUri”]; string secretName=WebConfigurationManager.AppSettings[“secretncryptionname”]; *1 KeyVaultKeyResolver KeyVaultKeyResolver=新的KeyVaultKeyResolver(GetAccessToken); *2 IKey rsaKey=keyVaultKeyResolver.ResolveKeyAsync($“{secretUri}/secrets/{secretName}”,CancellationToken.None).GetWaiter().GetResult(); BlobenchryPtionPolicy policy=新的BlobenchryPtionPolicy(rsaKey,null); BlobRequestOptions选项=新建BlobRequestOptions { EncryptionPolicy=策略 }; 返回选项; } 公共静态异步任务GetAccessToken(字符串权限、字符串资源、字符串范围) { 字符串clientId=WebConfigurationManager.AppSettings[“clientId”]; 字符串clientSecret=WebConfiguration Manager.AppSettings[“clientSecret”]; ClientCredential ClientCredential=新的ClientCredential(clientId,clientSecret); AuthenticationContext AuthenticationContext=新的AuthenticationContext(authority,TokenCache.DefaultShared); AuthenticationResult=等待authenticationContext.AcquireTokenAsync(资源,clientCredential); 如果(结果==null) { 抛出新的InvalidOperationException( “GetAccessToken-无法获取应用程序的Active Directory令牌。”); } *3返回result.AccessToken; } 公共异步任务CreateEncryptedBlobFromByteArray(IStorageManager storageManager,字符串容器名称,字符串文件名, 字节[]字节数组、字符串内容类型、BlobRequestOptions选项) { CloudBlobContainer container=等待CreateStorageContainerFnotexists(storageManager,containerName); CloudBlockBlob blob=container.GetBlockBlobReference(文件名); blob.Properties.ContentType=ContentType; 等待blob.UploadFromByteArrayAsync(byteArray,0,byteArray.Length,AccessCondition.GenerateEmptyCondition(),options,new OperationContext()); } 这条线 IKey rsaKey = keyVaultKeyResolver.ResolveKeyAsync($"{secretUri}/secrets/{secretName}", CancellationToken.None).GetAwaiter().GetResult(); IKey rsaKey=keyvaultkeysolver.ResolveKeyAsync($“{secretUri}/secrets/{secretName}”,CancellationToken.None).GetAwaiter().GetResult(); 始终返回null 我在上面的代码中添加了断点(*1到*3),并注意到*2总是在*3之前被击中。这意味着KeyVaultKeyResolver(GetAccessToken)调用没有等待GetAccessToken调用返回值C# KeyVaultKeyResolver中的Azure密钥始终为空,c#,azure,encryption,storage,azure-keyvault,C#,Azure,Encryption,Storage,Azure Keyvault,我正在通过我的MVC/Durandal web应用程序将身份文档保存到Azure blob存储。我下面的示例使用Azure密钥库对Azure存储中的Blob进行加密,以存储加密机密 这是我的密码: public async Task UploadIdentityDocumentForClient(string fileName, ParsedClientModel parsedClientModel) { BlobRequestOptions options = awai
你知道我做错了什么吗?我知道我做错了什么 在断点2所在的位置,我应该使用以下代码: SymmetricKey sec = (SymmetricKey) cloudResolver .ResolveKeyAsync("https://yourkeyvault.vault.azure.net/secrets/MiplanAdminLocalEncryption", CancellationToken.None) .GetAwaiter() .GetResult();
//If entering via Azure UI:
//Your secret string must be 16 characters (28 bits) long or end up being 28, 192, 256, 384, or 512 bits.
// Base64 encode using https://www.base64encode.org/
//Take this encoded value and enter it as the secret value in the UI.