如果Web应用程序托管在Azure应用程序服务上,则如何读取证书 [英] how to read certificate if web app is hosted over azure app service
问题描述
我有一个asp.net核心Web api(app1)应用程序,它正在调用另一个asp.net核心Web api(app2),并且我将app1视为守护程序,我想使用证书而不是应用程序跟踪客户端凭据机密.
一切正常,直到app1和app2都在本地计算机上运行,我在本地计算机上读取如下证书,
private static X509Certificate2 ReadCertificate(string certificateName)
{
if (string.IsNullOrWhiteSpace(certificateName))
{
throw new ArgumentException("certificateName should not be empty. Please set the CertificateName setting in the appsettings.json", "certificateName");
}
X509Certificate2 cert = null;
using (X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser))
{
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certCollection = store.Certificates;
// Find unexpired certificates.
X509Certificate2Collection currentCerts = certCollection.Find(X509FindType.FindByTimeValid, DateTime.Now, false);
// From the collection of unexpired certificates, find the ones with the correct name.
X509Certificate2Collection signingCert = currentCerts.Find(X509FindType.FindBySubjectDistinguishedName, certificateName, false);
// Return the first certificate in the collection, has the right name and is current.
cert = signingCert.OfType<X509Certificate2>().OrderByDescending(c => c.NotBefore).FirstOrDefault();
}
return cert;
}
该证书位于本地计算机中,我正在从此处读取它,
using (X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser))
现在,我要同时托管app1和& 2借助azure应用程序服务,现在的问题是如何读取证书?
谢谢!
在Azure计算(例如App服务)上进行部署时,不存在诸如local磁盘或证书存储之类的东西. >
因此,连同 KeyVault 中(或等效证书)并从您的代码中获取
I have a asp.net core web api (app1) application which is calling another asp.net core web api (app2) and I am considering app1 as deamon app and I would like to follow client credentials with certificate rather than application secrets.
Everything works fine till my both app1 and app2 running in local machine where I am reading the certificate like below,
private static X509Certificate2 ReadCertificate(string certificateName)
{
if (string.IsNullOrWhiteSpace(certificateName))
{
throw new ArgumentException("certificateName should not be empty. Please set the CertificateName setting in the appsettings.json", "certificateName");
}
X509Certificate2 cert = null;
using (X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser))
{
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certCollection = store.Certificates;
// Find unexpired certificates.
X509Certificate2Collection currentCerts = certCollection.Find(X509FindType.FindByTimeValid, DateTime.Now, false);
// From the collection of unexpired certificates, find the ones with the correct name.
X509Certificate2Collection signingCert = currentCerts.Find(X509FindType.FindBySubjectDistinguishedName, certificateName, false);
// Return the first certificate in the collection, has the right name and is current.
cert = signingCert.OfType<X509Certificate2>().OrderByDescending(c => c.NotBefore).FirstOrDefault();
}
return cert;
}
The certificate is in local machine and I am reading it from here,
using (X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser))
Now I want to host both app1 & 2 with azure app service, now question is how to read certificate?
Thanks!
When deploying on an Azure compute (App service for example), there is no such thing as a local disk or certificate store available as such.
So, along with the suggested changes to your application's configuration, you'd also need to do the following
- Store your certificates in the KeyVault (or equivalent) and fetch it from your code
- Better, consider using Managed Identities.
这篇关于如果Web应用程序托管在Azure应用程序服务上,则如何读取证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
