使用Azure网站实例中的客户端证书 [英] Use client certificate from Azure Website instance

问题描述

我有一个Azure网站实例，需要将 out 连接到在其他位置运行的WCF服务，该服务使用客户端证书进行保护.

I have an Azure Website instance that needs to connect out to a WCF service running elsewhere that is secured using a client certificate.

Client -> Azure Website (MVC Controller) -> WCF Service (Not Azure) that requires Client Certificate

已向我提供了一个CER文件，该文件在本地安装时允许我的网站连接到WCF服务.如何在Azure网站上安装/提供此证书?

I have been supplied a CER file that when installed locally allows my website to connect to the WCF service. How do I install/make available this certificate available on the Azure Website?

我在研究此文档时发现的所有文档都是关于在Azure中运行时保护WCF服务的，并且需要安装带有密码的PFX文件.我正尝试相反的做法，将Azure网站的出站连接到第三方WCF服务.

All the documentation I've found when researching this is all about securing a WCF service when running in Azure, and requires the installation of PFX files with passwords. I'm trying to do the opposite and connect outbound from an Azure Website to a third party WCF service.

推荐答案

来自: https://azure.microsoft.com/en-us/blog/using-certificates-in-azure-websites-applications/

添加以下应用程序设置:

Add the following Application Setting:

• 应用设置名称:WEBSITE_LOAD_CERTIFICATES
• 值:*或{CERT_THUMBPRINT}

• App Setting name: WEBSITE_LOAD_CERTIFICATES
• Value: * or {CERT_THUMBPRINT}

然后您可以从My商店中获取证书:

You can then grab the certificate from My store:

X509Store certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
certStore.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certCollection = certStore.Certificates.Find(
                                 X509FindType.FindByThumbprint,
                                 // Replace below with yourcert's thumbprint
                                 "E661583E8FABEF4C0BEF694CBC41C28FB81CD870",
                                 false);

现在，我认为您将无法上传.cer.
.pfx似乎是App Service中唯一接受的格式.

Now, i don't think you'll be able to upload a .cer.
.pfx seems to be the only accepted format in App Service.

或者，如果没有私钥值得担心，只需从磁盘加载它. 这样一来，您也可以加载.cer(DER也可以，也许也可以是Base64):

Or just load it from the disk if there's no private key to worry about. This lets you load .cer as well (DER works, probably Base64 too):

// The path to the certificate.
string Certificate = @"d:\home\site\cert.cer";

// Load the certificate into an X509Certificate object.
X509Certificate cert = X509Certificate.CreateFromCertFile(Certificate);

// Print to console
string result = cert.ToString(true);
Console.WriteLine(result);

在App Service中工作正常(此处在 Kudu控制台中运行):

Works just fine in App Service (here it is running in the Kudu console):

这篇关于使用Azure网站实例中的客户端证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！