0

在运行 net472 Web 应用程序的 Azure 应用程序服务中,我从密钥库访问证书,如下所示:

var certSecret = await kvClient.GetSecretAsync(kvName, secretName);

然后我需要发送证书以向外部服务进行身份验证

var cert = new X509Certificate2(Convert.FromBase64String(certSecret.Value));

此行会引发错误

System.Security.Cryptography.CryptographicException: The system cannot find the file specified.

   at System.Security.Cryptography.CryptographicException.ThrowCryptogaphicException(Int32 hr)
   at System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromBlob(Byte[] rawData, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx)
   at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromBlob(Byte[] rawData)
   at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(Byte[] rawData)
4

1 回答 1

0

尝试获取如下秘密:

var certSecret = await kvClient.GetSecretAsync(vaultBaseUrl, secretName);

您可以检索certSecret.value以检查它是否具有值,然后将其发送到X509Certificate2指定X509KeyStorageFlags存储标志的位置。

X509Certificate2 x509 = new X509Certificate2(Convert.FromBase64String(certSecret.value), string.Empty, X509KeyStorageFlags.MachineKeySet)
于 2020-06-25T09:42:09.643 回答