使用Azure网站实例中的客户端证书 [英] Use client certificate from Azure Website instance
问题描述
我有一个Azure网站实例,需要将 out 连接到在其他位置运行的WCF服务,该服务使用客户端证书进行保护.
I have an Azure Website instance that needs to connect out to a WCF service running elsewhere that is secured using a client certificate.
Client -> Azure Website (MVC Controller) -> WCF Service (Not Azure) that requires Client Certificate
已向我提供了一个CER文件,该文件在本地安装时允许我的网站连接到WCF服务.如何在Azure网站上安装/提供此证书?
I have been supplied a CER file that when installed locally allows my website to connect to the WCF service. How do I install/make available this certificate available on the Azure Website?
我在研究此文档时发现的所有文档都是关于在Azure中运行时保护WCF服务的,并且需要安装带有密码的PFX文件.我正尝试相反的做法,将Azure网站的出站连接到第三方WCF服务.
All the documentation I've found when researching this is all about securing a WCF service when running in Azure, and requires the installation of PFX files with passwords. I'm trying to do the opposite and connect outbound from an Azure Website to a third party WCF service.
推荐答案
来自: https://azure.microsoft.com/en-us/blog/using-certificates-in-azure-websites-applications/
添加以下应用程序设置:
Add the following Application Setting:
- 应用设置名称:
WEBSITE_LOAD_CERTIFICATES
- 值:
*
或{CERT_THUMBPRINT}
- App Setting name:
WEBSITE_LOAD_CERTIFICATES
- Value:
*
or{CERT_THUMBPRINT}
然后您可以从My
商店中获取证书:
You can then grab the certificate from My
store:
X509Store certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
certStore.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certCollection = certStore.Certificates.Find(
X509FindType.FindByThumbprint,
// Replace below with yourcert's thumbprint
"E661583E8FABEF4C0BEF694CBC41C28FB81CD870",
false);
现在,我认为您将无法上传.cer
.
.pfx
似乎是App Service中唯一接受的格式.
Now, i don't think you'll be able to upload a .cer
.
.pfx
seems to be the only accepted format in App Service.
或者,如果没有私钥值得担心,只需从磁盘加载它.
这样一来,您也可以加载.cer
(DER也可以,也许也可以是Base64):
Or just load it from the disk if there's no private key to worry about.
This lets you load .cer
as well (DER works, probably Base64 too):
// The path to the certificate.
string Certificate = @"d:\home\site\cert.cer";
// Load the certificate into an X509Certificate object.
X509Certificate cert = X509Certificate.CreateFromCertFile(Certificate);
// Print to console
string result = cert.ToString(true);
Console.WriteLine(result);
在App Service中工作正常(此处在 Kudu控制台中运行):
Works just fine in App Service (here it is running in the Kudu console):
这篇关于使用Azure网站实例中的客户端证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!