C# 在azure上存储和使用现有数据保护密钥
我正在尝试将prem密钥与azure云设置同步,以便两个环境都可以解密授权标头访问令牌 目前我有以下设置: 已将此格式的现有xml密钥文件添加到azure blob存储:C# 在azure上存储和使用现有数据保护密钥,c#,azure,asp.net-core,azure-storage-blobs,data-protection,C#,Azure,Asp.net Core,Azure Storage Blobs,Data Protection,我正在尝试将prem密钥与azure云设置同步,以便两个环境都可以解密授权标头访问令牌 目前我有以下设置: 已将此格式的现有xml密钥文件添加到azure blob存储: <?xml version="1.0" encoding="utf-8"?> <key id="id..." version="1"> <creationDate>2018-05-08T17:44:54.9313191Z</creationDate> <activa
<?xml version="1.0" encoding="utf-8"?>
<key id="id..." version="1">
<creationDate>2018-05-08T17:44:54.9313191Z</creationDate>
<activationDate>2018-05-08T17:44:54.8979462Z</activationDate>
<expirationDate>2023-05-07T17:44:54.8979462Z</expirationDate>
<descriptor deserializerType="Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.AuthenticatedEncryptorDescriptorDeserializer, Microsoft.AspNetCore.DataProtection, Version=2.2.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60">
<descriptor>
<encryption algorithm="AES_256_CBC" />
<validation algorithm="HMACSHA256" />
<masterKey p4:requiresEncryption="true" xmlns:p4="http://schemas.asp.net/2015/03/dataProtection">
<!-- Warning: the key below is in an unencrypted form. -->
<value>my-shared-key</value>
</masterKey>
</descriptor>
</descriptor>
</key>
在启动过程中看到这些警告/错误:
warn: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[15]
Unknown element with name 'creationDate' found in keyring, skipping.
Loaded
Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager:Warning: Unknown element with name 'creationDate' found in keyring, skipping.
Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager:Warning: Unknown element with name 'activationDate' found in keyring, skipping.
warn: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[15]
Unknown element with name 'activationDate' found in keyring, skipping.
Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager:Warning: Unknown element with name 'expirationDate' found in keyring, skipping.
warn: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[15]
Unknown element with name 'expirationDate' found in keyring, skipping.
Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager:Warning: Unknown element with name 'descriptor' found in keyring, skipping.
warn: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[15]
Unknown element with name 'descriptor' found in keyring, skipping.
Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingProvider:Error: An error occurred while reading the key ring.
System.InvalidOperationException: The key ring does not contain a valid default protection key. The data protection system cannot create a new key because auto-generation of keys is disabled.
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingProvider.CreateCacheableKeyRingCore(DateTimeOffset now, IKey keyJustAdded)
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingProvider.Microsoft.AspNetCore.DataProtection.KeyManagement.Internal.ICacheableKeyRingProvider.GetCacheableKeyRing(DateTimeOffset now)
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingProvider.GetCurrentKeyRingCore(DateTime utcNow)
fail: Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingProvider[48]
An error occurred while reading the key ring.
我哪里出了问题
提前谢谢
更新:
还尝试了这种注册azure密钥的方法,但仍然看到相同的错误:
var storageAccount = CloudStorageAccount.Parse("<connectionstring + access key>");
var client = storageAccount.CreateCloudBlobClient();
var container = client.GetContainerReference("dev");
container.CreateIfNotExistsAsync().GetAwaiter().GetResult();
services.AddDataProtection()
.SetApplicationName("common-name")
.PersistKeysToAzureBlobStorage(container, "keys.xml")
.DisableAutomaticKeyGeneration();
var-storageAccount=CloudStorageAccount.Parse(“”);
var client=storageAccount.CreateCloudBlobClient();
var container=client.GetContainerReference(“dev”);
container.CreateIfNotExistsAsync().GetAwaiter().GetResult();
services.AddDataProtection()
.SetApplicationName(“通用名称”)
.PersistKeysAzureBlobstorage(容器,“keys.xml”)
.DisableAutomaticyGeneration();
最后我自己找到了答案,不幸的是,这些信息没有记录在任何地方的MS Azure文档中
简单地说,您需要将关键xml元素包装在根
元素中
var storageAccount = CloudStorageAccount.Parse("<connectionstring + access key>");
var client = storageAccount.CreateCloudBlobClient();
var container = client.GetContainerReference("dev");
container.CreateIfNotExistsAsync().GetAwaiter().GetResult();
services.AddDataProtection()
.SetApplicationName("common-name")
.PersistKeysToAzureBlobStorage(container, "keys.xml")
.DisableAutomaticKeyGeneration();