X509Certificate2 Constructor Throwing 磁盘空间不足 [英] X509Certificate2 Constructor Throwing There is not enough space on the disk

问题描述

突然之间，没有部署或进行任何其他环境更改，我们得到了

All of a sudden, without deploying or making any other environment changes, we are getting

磁盘空间不足.在 System.Security.Cryptography.CryptographicException.ThrowCryptographicException(mscorlib，版本=4.0.0.0，文化=中性，PublicKeyToken=b77a5c561934e089)在 System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromBlob(mscorlib，版本=4.0.0.0，文化=中性，PublicKeyToken=b77a5c561934e089)在 System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromBlob(mscorlib，版本=4.0.0.0，文化=中性，PublicKeyToken=b77a5c561934e089)在 System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(系统，版本=4.0.0.0，文化=中性，PublicKeyToken=b77a5c561934e089)在[我们的代码]

There is not enough space on the disk. at System.Security.Cryptography.CryptographicException.ThrowCryptographicException (mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089) at System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromBlob (mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089) at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromBlob (mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089) at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor (System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089) at [OUR CODE]

使用这一行:

var certificateByes = Convert.FromBase64String(clientCertificateBody);
factory.Credentials.ClientCertificate.Certificate = new X509Certificate2(certificateByes);

我正在努力了解这会如​​何在 Azure Web 应用程序的上下文中突然中断.我们上次部署是在 11 月 20 日，昨天开始投掷.此基本功能已使用数月没有问题.

I'm struggling to see how this all of a sudden would break in the context of an Azure web app. We last deployed on November 20th, and this started throwing yesterday. This basic functionality has been in place for months without issue.

我们以前肯定在这方面遇到过问题，我们正在读取的字符串是从密钥保管库中检索到的，但同样，这里没有任何变化.

We've certainly had trouble in this area before, and the string we are reading from is retrieved from a key vault, but again, nothing here has changed.

我已经阅读了不同类型的错误 此处 和此处 但我们的错误消息是不同的，而且这几个月来一直正常工作.

I've read about different types of errors here and here but our error message is different and again, this has been working fine for months.

这是否与应用运行了多长时间或其他一些缓存问题(填充了一些临时存储位置)有关?

Could this be related to how long the app has been running or some other caching issue that is filling up some temporary storage location?

推荐答案

以下是经过数小时研究/调试后我所知道的:

Here's what I know after many hours of research/debugging:

• 我们有一个逻辑错误，我们在每次加载它时创建一个新的 X509Certificate2 对象而不是缓存它
• 我们不得不更频繁地创建这些证书

一旦我们解决了这两个问题，并在创建证书时遵循了此处中的提示 #5，我们不再看到这些错误.作为参考，提示是不要从字节数组创建这些证书对象，因为临时文件是在幕后为您创建的，并且它们可能无法清除.相反，我们正在做一些作者建议的事情:

Once we solved those two problems, and followed Tip #5 from here when creating certs, we are not seeing these errors anymore. For reference, the tip is to not create these cert objects from byte arrays as temp files get created behind the scenes for you and they potentially could not get cleaned up. Instead, we are doing something like the author suggests:

var bytes = new byte[]{}; //byte array representing cert body
var file = Path.Combine(Path.GetTempPath(), "Cert" + Guid.NewGuid());
try
{
    File.WriteAllBytes(file, bytes);
    return new X509Certificate2(file, /* ...options... */);
}
finally
{
    File.Delete(file);
}

这篇关于X509Certificate2 Constructor Throwing 磁盘空间不足的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！