如何通过C＃连接到蔚蓝的（管理）REST API在IIS [英] how to connect to azure (management) rest api via C# in IIS

问题描述

我想建立一个网站（本地测试大气压），连接到蔚蓝的REST API，看看我们的设置。我创建一个本地证书（W7机）：

I am trying to setup a website (local testing atm), to connect to azure rest api to see our settings. I created a cert locally (W7 machine):

makecert -sky exchange -r -n "CN=azureConnectionNew" -pe -a sha1 -len 2048 -ss My "azureConnectionNew.cer"

我可以看到在证书MMC管理单元的证书。（没有右键单击编辑权限选项，当我在这里查看证书）。

I can see the cert in the certs MMC snap in. (do not have a right click edit permissions option when I view the cert in here).

我有设置了连接一个类库，该证书是由获得证书（通过拇指字符串）传递，这对于控制台应用程序的伟大工程，但是当我尝试在Web应用程序做到这一点一切都错了。我得到403错误。

I have a class library that setups up the connection, the cert is passed in by getting the cert (via the thumb string), this works great for the console app, but when I try and do this in a web app it all goes wrong. I get 403 errors.

我首先认为，这是由于该网站正在运行作为ApplicationPoolIdentity所以不具有访问该证书的事实。于是，我就在证书传递（相同的code作为控制台应用程序），通过加载实际的文件：

I first thought that this was due to the fact that the website is running as the ApplicationPoolIdentity so doesn't have access to the cert. So I tried passing in the cert (to the same code as the console app), by loading the actual file:

var path = @"C:\temp\azureconnection\azureConnectionNew.cer";
var cert = new X509Certificate2();
cert.Import(path);

我仍然得到403错误。

I still get 403 errors.

我试过导出文件CER从MMC证书管理单元作为一个PFX文件（与私钥在内）。我设置了本地IIS设置为使用此证书，并导航到我的本地站点的HTTPS版本，但仍然得到了403。

I tried exporting the cer file from MMC certificates snap in as a pfx file, (with private keys included). I set the local IIS set to use this cert and navigated to the https version of my local site but still got 403.

我不知道如何将/设置/引用证书，使IIS可以从服务器端天青发送HttpWebRequest和获取有效响应。

I am not sure how to include / setup / reference the cert so that IIS can send a HttpWebRequest from the server side to Azure and get a valid response.

推荐答案

这始终是更好地使用该证书的指纹，以获得证书。请确保你已经正确创建的证书。另外，也请您放置在本地计算机上的个人证书部分的证书。您可以检查此使用MMC管理单元。请尝试以下code ..

It is always better to use Thumbprint of the certificate to get the certificate. Please make sure you have created the certificate correctly. Also please check you have placed the certificate in Personal certificate section in Local Machine. You can check this using MMC snap in. please try below code..

var store = new X509Store(StoreName.My, StoreLocation.LocalMachine);  
           store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadOnly);

           var certificate = store.Certificates
             .Cast<X509Certificate2>()
             .SingleOrDefault(c => string.Equals(c.Thumbprint, "CertificateThumbprint", StringComparison.OrdinalIgnoreCase));  // please replace CertificateThumbprint with original Thumbprint

这篇关于如何通过C＃连接到蔚蓝的（管理）REST API在IIS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！