gpt4 book ai didi

c# - 来自 KeyVaultKeyResolver 的 Azure rsaKey 始终为 null

转载 作者:行者123 更新时间:2023-11-30 17:33:53 24 4
gpt4 key购买 nike

我正在通过 MVC/Durandal Web 应用程序将身份文档保存到 Azure Blob 存储。我正在关注this使用 Azure key 保管库来存储加密 key 来加密 Azure 存储中的 blob 的示例。

这是我的代码:

    public async Task UploadIdentityDocumentForClient(string fileName, ParsedClientModel parsedClientModel)    {        BlobRequestOptions options = await GetBlobRequestOptions();        await            _storageRepository.CreateEncryptedBlobFromByteArray(_storageManager, _containerName, fileName, parsedClientModel.IdentityDocumentFile, parsedClientModel.IdentityDocumentContentType, options);        return fileName;    }    private static async Task GetBlobRequestOptions()    {        string secretUri = WebConfigurationManager.AppSettings["SecretUri"];        string secretName = WebConfigurationManager.AppSettings["SecretEncryptionName"];    *1  KeyVaultKeyResolver keyVaultKeyResolver = new KeyVaultKeyResolver(GetAccessToken);    *2  IKey rsaKey = keyVaultKeyResolver.ResolveKeyAsync($"{secretUri}/secrets/{secretName}", CancellationToken.None).GetAwaiter().GetResult();        BlobEncryptionPolicy policy = new BlobEncryptionPolicy(rsaKey, null);        BlobRequestOptions options = new BlobRequestOptions        {            EncryptionPolicy = policy        };        return options;    }     public static async Task GetAccessToken(string authority, string resource, string scope)    {        string clientId = WebConfigurationManager.AppSettings["ClientId"];        string clientSecret = WebConfigurationManager.AppSettings["ClientSecret"];        ClientCredential clientCredential = new ClientCredential(clientId, clientSecret);        AuthenticationContext authenticationContext = new AuthenticationContext(authority, TokenCache.DefaultShared);        AuthenticationResult result = await authenticationContext.AcquireTokenAsync(resource, clientCredential);        if (result == null)        {            throw new InvalidOperationException(                "GetAccessToken - Failed to obtain the Active Directory token for application.");        }    *3  return result.AccessToken;    }    public async Task CreateEncryptedBlobFromByteArray(IStorageManager storageManager, string containerName, string fileName,        byte[] byteArray, string contentType, BlobRequestOptions options)    {        CloudBlobContainer container = await CreateStorageContainerIfNotExists(storageManager, containerName);        CloudBlockBlob blob = container.GetBlockBlobReference(fileName);        blob.Properties.ContentType = contentType;        await blob.UploadFromByteArrayAsync(byteArray, 0, byteArray.Length, AccessCondition.GenerateEmptyCondition(), options, new OperationContext());    }

这一行...

    IKey rsaKey = keyVaultKeyResolver.ResolveKeyAsync($"{secretUri}/secrets/{secretName}", CancellationToken.None).GetAwaiter().GetResult();

始终返回 null。

我在上面的代码中添加了断点(*1 到 *3),并注意到 *2 总是在 *3 之前被命中。这意味着 KeyVaultKeyResolver(GetAccessToken) 调用不会等待 GetAccessToken 调用返回值。

关于我做错了什么有什么想法吗?

最佳答案

我发现自己做错了什么

断点2在哪里我应该使用这段代码:

SymmetricKey sec = (SymmetricKey) cloudResolver            .ResolveKeyAsync("https://yourkeyvault.vault.azure.net/secrets/MiplanAdminLocalEncryption",                CancellationToken.None)            .GetAwaiter()            .GetResult();

I also had to add the secret to my Azure Key Vault using PowerShell. Creating the secret via the management UI did not work. Here are the commands I used:

enter image description here

Sorry for image but SO would not accept the above text even when pasted as a code sample.

See this site for the original example.

I found a way to add the secret via the Azure portal:

    //If entering via Azure UI:
//Your secret string must be 16 characters (28 bits) long or end up being 28, 192, 256, 384, or 512 bits.
// Base64 encode using https://www.base64encode.org/
//Take this encoded value and enter it as the secret value in the UI.

关于c# - 来自 KeyVaultKeyResolver 的 Azure rsaKey 始终为 null,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/43208042/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com