使用Azure.ResourceManager .net库时,如何将证书从KeyVault导入到AppService?

问题描述 投票:0回答:1

我已经在这里问过这个问题:https://github.com/Azure/azure-sdk-for-net/issues/46369,但由于我还没有得到任何回复,所以我希望有人能有一条线索。

库名称和版本 Azure.ResourceManager 1.12.0

查询/问题 创建/更新 AppService(网站)时,我找不到从 KeyVault 导入证书的工作方法。

我没有使用证书进行 TLS/SSL 主机绑定。 应用程序代码使用该证书对数据库服务进行身份验证。

我试过这个:

// First set up WebSiteData (a function app in my case)
var webSiteData = new WebsiteData(...);

new CertificateClient(new Uri(_keyVaultUrl), new DefaultAzureCredential());
KeyVaultCertificateWithPolicy vaultCertificate = await certificateClient.GetCertificateAsync("cert-name");

webSiteData.HostNameSslStates.Add(new HostNameSslState
{
    Name = vaultCertificate.Name,
    ThumbprintString = vaultCertificate.Properties.X509ThumbprintString,
    SslState = HostNameBindingSslState.SniEnabled
});

var webSite = (await resourceGroup.GetWebSites().CreateOrUpdateAsync(
    WaitUntil.Completed,
    "site-name",
    webSiteData
)).Value;

除了类似于 webSiteData.HostNameSslStates.Add 之外,我还没有找到任何示例代码。如果我通过门户添加证书,它会完美运行,我只需要能够使用 Azure.ResourceManager 执行相同的操作

我想要做的与 Azure CLI 命令相同:

az webapp config ssl import --resource-group MyResourceGroup --name MyWebapp --key-vault MyKeyVault --key-vault-certificate-name MyCertificateName

这个效果很好。但是如何在 .net 代码中使用 Azure.ResourceManager 执行相同的操作?

azure certificate azure-resource-manager
1个回答
0
投票

使用 Azure.ResourceManager .net 库时,如何将证书从 KeyVault 导入到 AppService?

使用下面给出的代码检索证书并将其从 Key Vault 导入到应用程序服务。

参考 MS 文档,用于创建和检索使用 .NET 进行认证的Azure Key Vault 证书客户端库

证书检索代码片段:

namespace key_vault_app
{
    class Program
    {
        static async Task Main(string[] args)
        {
            const string certificateName = "mynewCertificate";
            var keyVaultName = Environment.GetEnvironmentVariable("KEY_VAULT_NAME");
            string AppserviceName = "appsjah";
            var resourceGroupName = Environment.GetEnvironmentVariable("RESOURCE_GROUP_NAME");
            var SubscriptionID = Environment.GetEnvironmentVariable("AZURE_SUBSCRIPTION_ID");
            var kvUri = $"https://{keyVaultName}.vault.azure.net";

            var client = new CertificateClient(new Uri(kvUri), new DefaultAzureCredential());
            var secretClient = new SecretClient(new Uri(kvUri), new DefaultAzureCredential());


            Console.WriteLine($"Retrieving your certificate from {keyVaultName}.");
            var certificate = await client.GetCertificateAsync(certificateName);
            var secret = await secretClient.GetSecretAsync(certificateName);
            string Base64 = secret.Value.Value;
            byte[] Bytes = Convert.FromBase64String(Base64);
            string certPassword = string.Empty;

            Console.WriteLine("retrieved from Key Vault.");

完整代码:

Program.cs

using System;
using System.Threading.Tasks;
using Azure.Identity;
using Azure.Security.KeyVault.Certificates;
using Azure.Security.KeyVault.Secrets;
using Azure.ResourceManager;
using Azure.ResourceManager.AppService;
using Azure.ResourceManager.Resources;
using Azure.Core;

namespace key_vault_app
{
    class Program
    {
        static async Task Main(string[] args)
        {
            const string certificateName = "mynewCertificate";
            var keyVaultName = Environment.GetEnvironmentVariable("KEY_VAULT_NAME");
            string AppserviceName = "appsjah";
            var resourceGroupName = Environment.GetEnvironmentVariable("RESOURCE_GROUP_NAME");
            var SubscriptionID = Environment.GetEnvironmentVariable("AZURE_SUBSCRIPTION_ID");
            var kvUri = $"https://{keyVaultName}.vault.azure.net";

            var client = new CertificateClient(new Uri(kvUri), new DefaultAzureCredential());
            var secretClient = new SecretClient(new Uri(kvUri), new DefaultAzureCredential());


            Console.WriteLine($"Retrieving your certificate from {keyVaultName}.");
            var certificate = await client.GetCertificateAsync(certificateName);
            var secret = await secretClient.GetSecretAsync(certificateName);
            string Base64 = secret.Value.Value;
            byte[] Bytes = Convert.FromBase64String(Base64);
            string certPassword = string.Empty;

            Console.WriteLine("retrieved from Key Vault.");
            var armClient = new ArmClient(new DefaultAzureCredential());
            
            var subscription = armClient.GetSubscriptionResource(new ResourceIdentifier($"/subscriptions/{SubscriptionID}"));
            var resourceGroup = subscription.GetResourceGroup(resourceGroupName);
            var webSite = await resourceGroup.Value.GetWebSites().GetAsync(AppserviceName);
            var appServiceLocation = webSite.Value.Data.Location;
            Console.WriteLine("Uploading to App Service...");
            var certData = new AppCertificateData(new AzureLocation(appServiceLocation))
            {
                PfxBlob = Bytes,
                Password = certPassword
            };
            var certCollection = webSite.Value;

            var certRes = await certCollection.CreateOrUpdateAsync(WaitUntil().Completed, certificateName, certData);
            Console.WriteLine("Certificate uploaded to App Service.");
        }
    }
}

enter image description here

enter image description here

其他参考资料:

应用服务证书Azure.ResourceManager 库

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.