C# Azure:通过证书从云工作者连接到密钥库
我有一个工作进程在Azure中作为一个经典的云服务运行。这个过程需要从Azure密钥库中检索一个值,并且我需要在我的源目录树之外对库身份验证保密 托管身份似乎不适用于传统的云工作人员,因此我将转而关注证书。通过创建证书,然后在Azure Active Directory中上载以注册我的应用程序,我已获得了本地工作的证书认证: 证书创建:C# Azure:通过证书从云工作者连接到密钥库,c#,azure,azure-cloud-services,x509certificate2,azure-keyvault,C#,Azure,Azure Cloud Services,X509certificate2,Azure Keyvault,我有一个工作进程在Azure中作为一个经典的云服务运行。这个过程需要从Azure密钥库中检索一个值,并且我需要在我的源目录树之外对库身份验证保密 托管身份似乎不适用于传统的云工作人员,因此我将转而关注证书。通过创建证书,然后在Azure Active Directory中上载以注册我的应用程序,我已获得了本地工作的证书认证: 证书创建: New-SelfSignedCertificate -Subject "CN=MyFineCertificate" -CertStoreLocation "Ce
New-SelfSignedCertificate -Subject "CN=MyFineCertificate" -CertStoreLocation "Cert:\CurrentUser\My" -KeyExportPolicy Exportable -KeySpec Signature
使用它连接到密钥库的代码(在本地工作):
为什么它没有出现?我的思路是否正确,或者我是否完全误解了这一点?你的问题有两个部分:
罗希特,你的分析很准确!添加证书配置元素确实是缺少的一部分。我的云工作者现在可以在(我的,本地计算机)下找到证书。非常感谢。
private static KeyVaultClient GetClient()
{
var certificate = GetCertificate();
var assertion = new ClientAssertionCertificate(clientId, certificate);
var client = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback((a, r, s) => GetAccessTokenUsingCert(a, r, s, assertion)));
return client;
}
private static X509Certificate2 GetCertificate()
{
var certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
certStore.Open(OpenFlags.ReadOnly);
var results = certStore.Certificates.Find(/* criteria */);
return results[0];
}
private static async Task<string> GetAccessToken(string authority, string resource, string scope, ClientAssertionCertificate cert)
{
var authContext = new AuthenticationContext(authority, TokenCache.DefaultShared);
var result = await authContext.AcquireTokenAsync(resource, cert);
return result.AccessToken;
}
foreach (StoreName name in Enum.GetValues(typeof(StoreName)))
{
foreach (StoreLocation location in Enum.GetValues(typeof(StoreLocation)))
{
var certStore = new X509Store(name, location);
certStore.Open(OpenFlags.ReadOnly);
foreach (var res in certStore.Certificates)
{
/* log certificate */
}
}
}
<Certificates>
<Certificate name="MyFineCertificate" thumbprint="<my_thumbprint>" thumbprintAlgorithm="<my_thumbprint_algo e.g. sha1>" />
</Certificates>
<Certificates>
<Certificate name="MyFineCertificate" storeLocation="LocalMachine" storeName="My" />
</Certificates>
var certStore = new X509Store(StoreName.My, StoreLocation.LocalMachine);