Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Runtime error loading certificate in Azure Functions

I want to create an Azure function (C# API Generic HTTP) method that uploads a file to an Office365 Sharepoint document library.

Because OneDrive API allows me to upload large files (using daemon process & certificate authentication), I have succeeded in achieving the goal with a C# Console Application.

The idea would be now to move the code into an Azure function. However, I receive an error during runtime of the function on the loading of the pfx-certificate.

public static async Task<bool> Run(HttpRequestMessage req, TraceWriter log)
{
   string certfile = System.IO.Path.Combine(Environment.ExpandEnvironmentVariable‌​s("%HOME%"), @"site\wwwroot\<functionname>\mykeyfile.pfx"); 

    X509Certificate2 cert = new X509Certificate2(certfile, "<myinsanepwd>");

    return true; //temporary 
}

The line X509Certificate2 cert = new X509Certificate2(certfile, ""); throws an Exception System.Security.Cryptography.CryptographicException: The system cannot find the file specified.

This is really strange because the file exists on the specified path (I checked using File.Exists() in the method :) ) Could this error have something to do with support.microsoft.com/en-us/kb/948154 ? How can I solve this?

Best regards, Jens

like image 928
Jens Avatar asked Oct 25 '16 12:10

Jens


People also ask

How do I troubleshoot Azure function?

Navigate to your function app in the Azure portal. Select Diagnose and solve problems to open Azure Functions diagnostics. Choose a category that best describes the issue of your function app by using the keywords in the homepage tile. You can also type a keyword that best describes your issue in the search bar.

How do I upgrade Azure function runtime?

Use the following procedure to view and update the runtime version currently used by a function app. In the Azure portal, browse to your function app. Under Settings, choose Configuration. In the Function runtime settings tab, locate the Runtime version.

What is AzureWebJobsStorage?

AzureWebJobsStorage. The Azure Functions runtime uses this storage account connection string for normal operation. Some uses of this storage account include key management, timer trigger management, and Event Hubs checkpoints. The storage account must be a general-purpose one that supports blobs, queues, and tables.


1 Answers

Adding X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable to the constructor. This code works for me:

using System.Net;
using System;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;

public static async Task<HttpResponseMessage> Run(HttpRequestMessage req, TraceWriter log)
{
    string certfile = System.IO.Path.Combine(Environment.ExpandEnvironmentVariable‌​s("%HOME%"), @"site\wwwroot\HttpTriggerCSharp4\myCertFile.pfx");        
    log.Info(certfile); 
    log.Info(System.IO.File.Exists(certfile).ToString());
    X509Certificate2 cert = new X509Certificate2(certfile, "password", X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);     
    log.Info(cert.Thumbprint);
like image 66
Alexey Rodionov Avatar answered Sep 21 '22 15:09

Alexey Rodionov