我正在尝试将Azure Key Vault证书启用到现有的API中。我们已经在Azure Key Vault账户中拥有了密钥和Azure Key Vault证书。以下是配置证书的代码:
Original Answer翻译成“最初的回答”
public static IWebHost BuildWebHost() =>
WebHost.CreateDefaultBuilder()
.ConfigureAppConfiguration((context, config) =>
{
var env = context.HostingEnvironment;
config.SetBasePath(Directory.GetCurrentDirectory())
.AddJsonFile("appsettings.json", optional: false, reloadOnChange: true);
var builtConfig = config.Build();
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
var cert = store.Certificates.Find(X509FindType.FindByThumbprint, builtConfig["AzureKeyVault:CertThumbprint"], false);
config.AddAzureKeyVault(
$"https://{builtConfig["AzureKeyVault:Vault"]}.vault.azure.net/",
builtConfig["AzureKeyVault:ClientId"],
cert.OfType<X509Certificate2>().Single());
store.Close();
})
.UseStartup<Startup>()
.Build();
在我的本地计算机上,我已正确导入了证书,其中包括下载pfx格式。但是我收到的错误消息是:“Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException:'AADSTS700027:客户端声明包含无效签名。[原因-未找到密钥。客户端使用的指纹:'xxx']”造成这种情况的原因是什么?“最初的回答”
cert是空的吗?如果不是,那么私钥未找到或导入。 - undefined