X509Certificate2未能在Azure中Webjobs调用谷歌API [英] X509Certificate2 failing in Azure Webjobs calling Google API

问题描述

我有一个使用Azure的WebJobs安排一个控制台应用程序。试图读取P12证书的私钥时，执行总是失败。有趣的是，我不能捕获的异常，我不得不用好老 Console.WriteLine 调试。

I have a console app that is scheduled using Azure WebJobs. The execution always fails when attempting to read the private key of p12 certificate. Interestingly enough I can't catch the exception, I've had to use good old Console.WriteLine to debug.

下面是我的code的片段：

Here is my snippet of code:

var certificate = new X509Certificate2(data, "notasecret", X509KeyStorageFlags.Exportable);

ServiceAccountCredential credential = new ServiceAccountCredential(
 new ServiceAccountCredential.Initializer(serviceAccountEmail)
 {
     Scopes = new[] { BigqueryService.Scope.Bigquery }
 }.FromCertificate(certificate));

其他的帖子有提到，标志应该是导致谷歌API中的错误 X509KeyStorageFlags.MachineKeySet 可惜。它要求 X509KeyStorageFlags.Exportable 标志被设置。

Other posts have mention that the flags should be X509KeyStorageFlags.MachineKeySet but unfortunately that causes an error in the Google API. It requires the X509KeyStorageFlags.Exportable flag to be set.

任何人都可以确认 X509KeyStorageFlags.Exportable 是在Azure上的网站和WebJobs使用吗？

Can anyone confirm that X509KeyStorageFlags.Exportable is usable on Azure Websites and WebJobs?

推荐答案

使用 X509KeyStorageFlags.Exportable 不是在IIS中使用。我已经与Azure的Webjobs，Azure的网站和IIS试了一下我自己的虚拟机上。使用IISEx preSS的时候，因为这个过程是在用户的上下文中运行它的工作原理在开发环境中。

Using X509KeyStorageFlags.Exportable is not usable in IIS. I've tried it with Azure Webjobs, Azure Websites and IIS on my own virtual machine. It works in a development environment when using IISExpress because the process is running in the user's context.

所以，它在一个IIS环境（包括Webjobs）工作，它必须被设置为 MachineKeySet 但是，因为它需要的私钥的谷歌API将失败。

So for it work in an IIS context (including Webjobs), it has to be set to MachineKeySet but the Google API will fail since it needs the private key.

我的问题的解决方案实际上是pretty简单，创建一个用于创建与可导出 X509Certificate2 对象的控制台应用程序$ C>标志设置，然后调用
ToXmlString（）。这里是片段：

The solution to my problem was actually pretty simple, create a console app that creates the X509Certificate2 object with Exportable flag set and then call ToXmlString(). Here is the snippet:

VAR证书=新X509Certificate2（数据，notasecret，X509KeyStorageFlags.Exportable）;
VAR XML = certificate.PrivateKey.ToXmlString（真）;

我然后保存XML和使用XML来创建一个的RSACryptoServiceProvider 是这样的：

I then save the XML and use that XML to create an RSACryptoServiceProvider like this:

var rsa = new RSACryptoServiceProvider();
rsa.FromXmlString(xmlKey);
ServiceAccountCredential credential = new ServiceAccountCredential(
new ServiceAccountCredential.Initializer(serviceAccountEmail)
 {
  Scopes = new[] { BigqueryService.Scope.Bigquery },
  Key = rsa
 });

希望这会帮助别人。

Hope this helps others.

这篇关于X509Certificate2未能在Azure中Webjobs调用谷歌API的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！