c# - 尝试从 .Net Framework 项目访问 Azure Keyvault 已挂起
问题描述
我目前正在为我的工作开发一个 256 位 AES 加密 API 项目。这些加密 API 的一个方面是它们需要访问我们的 Azure Keyvault 以检索密钥(我们对不同的项目有不同的密钥)。
由于某种原因,.Net Framework 项目在第一次成功执行后尝试访问密钥保管库时挂起。它将挂在这条线上:var key = client.GetKeyAsync($"https://automationkeys.vault.azure.net/keys/{product}").GetAwaiter().GetResult();
我有使用 .Net Core 制作的相同加密 API,并且我能够连续多次执行调用而不会出现问题。
在做了一些阅读之后,我觉得它与async
/await
有关,但我对这一切的了解还不够,无法看出问题出在哪里。
这是我的完整KeyVaultAccessor类:
public static class KeyVaultAccessor
{
public static string GetKey(string product)
{
var keyValue = string.Empty;
try
{
var client = GetKeyVaultClient(<my_app_id>, <keyvault_cert_thumbprint>);
var key = client.GetKeyAsync($"https://automationkeys.vault.azure.net/keys/{product}").GetAwaiter().GetResult();
keyValue = key?.KeyIdentifier.Version;
if (string.IsNullOrEmpty(keyValue))
{
Assert.Fail($"Key was null or empty for product: {product}");
}
}
catch (Exception e)
{
Assert.Fail($"Error occurred while attempting to retrieve key for product: {product}. {e.Message}");
}
return keyValue;
}
private static KeyVaultClient GetKeyVaultClient(string appId, string thumbprint)
{
var keyVault = new KeyVaultClient(async (authority, resource, scope) =>
{
var authenticationContext = new AuthenticationContext(authority, null);
X509Certificate2 certificate;
var store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
try
{
store.Open(OpenFlags.ReadOnly);
var certificateCollection = store.Certificates.Find(X509FindType.FindByThumbprint, thumbprint, false);
if (certificateCollection.Count == 0)
{
throw new Exception("<certificate name> not installed in the store");
}
certificate = certificateCollection[0];
}
finally
{
store.Close();
}
var clientAssertionCertificate = new ClientAssertionCertificate(appId, certificate);
var result = await authenticationContext.AcquireTokenAsync(resource, clientAssertionCertificate);
return result.AccessToken;
});
return keyVault;
}
}
解决方案
不太确定您的根本原因,但如果您想通过ClientCertificateCredential
本地证书获取 Azure keyVault 中的密钥,请尝试以下代码,该代码对我来说非常有效:
using System;
using System.Security.Cryptography.X509Certificates;
using System.Threading.Tasks;
using Azure.Identity;
using Azure.Security.KeyVault.Keys;
namespace key_vault_console_app
{
class Program
{
static void Main(string[] args)
{
var keyVaultName = "";
var tenantID = "";
var appID = "";
var certThumbprint = "";
var kvUri = $"https://{keyVaultName}.vault.azure.net";
var certCred = new ClientCertificateCredential(tenantID, appID, GetLocalCert(certThumbprint));
var client = new KeyClient(new Uri(kvUri), certCred);
Console.Write(client.GetKey("<your key name>").Value.Key.Id);
}
public static X509Certificate2 GetLocalCert(string thumbprint)
{
var store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
try
{
store.Open(OpenFlags.ReadOnly);
var certificateCollection = store.Certificates.Find(X509FindType.FindByThumbprint, thumbprint, false);
if (certificateCollection.Count == 0)
{
throw new Exception("cert not installed in the store");
}
return certificateCollection[0];
}
finally
{
store.Close();
}
}
}
}
推荐阅读
- tailwind-css - 如何使用tailwindcss 2.1制作水平滚动表格?
- javascript - 代码只运行第一个 if 函数,或者有时同时运行所有函数
- perl - Perl:使重复哈希键的声明成为致命错误?
- git - 使用 git 在 CI 中创建测试分支
- react-native - 如何在离线反应原生中播放加密视频?
- r - 错误:在 R 中的 sparklyr 中收集字数时出现“在字符串中嵌入 nul”
- semantic-ui - 语义 UI - 如何将下拉菜单清除为默认值?
- ios - SKLabel 在分配给特定元素时未显示
- pdf - 谷歌脚本;不支持格式 application/pdf 到 application/pdf 的转换
- r - 这段 r 代码是连接两个表并创建一个图吗?