Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

The system cannot find the file specified - azure key vault certificat

Tags:

azure-web-app-service

asp.net-core-3.1

azure-keyvault

azure-managed-identity

  • I have added a pfx certificate in azure key vault.

  • I have one asp.net web api application where through one of the endpoint I am trying to access certificate information from key vault.

    public class ValuesController : ControllerBase
{
     public async Task<string> Get()
 {


     AzureServiceTokenProvider azureServiceTokenProvider = new AzureServiceTokenProvider();
     var keyVaultClient = new KeyVaultClient(
         new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));

     var secret = await keyVaultClient.GetSecretAsync("<certificateSecretIdentifier>").ConfigureAwait(false);
     X509Certificate2 certificateWithPrivateKey = new X509Certificate2(Convert.FromBase64String(secret.Value));

     return certificateWithPrivateKey.FriendlyName;
 }
}

  • I am using Azure Managed Identity and everything configured correctly.

  • When I am running the web app in local IIS express, there is NO error and endpoint giving me desired result.

  • Now when I am publishing the web app over azure and app service app and trying to call the endpoint, getting this error,

I have added my app service app with azure key vault's access policies (get, list), please suggest what could be the reason?

2020-07-08 03:20:48.986 +00:00 [Error] Microsoft.AspNetCore.Server.IIS.Core.IISHttpServer: Connection ID "16717361818409901973", Request ID "80001f98-0000-e800-b63f-84710c7967bb": An unhandled exception was thrown by the application. Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: The system cannot find the file specified. at Internal.Cryptography.Pal.CertificatePal.FilterPFXStore(Byte[] rawData, SafePasswordHandle password, PfxCertStoreFlags pfxCertStoreFlags) at Internal.Cryptography.Pal.CertificatePal.FromBlobOrFile(Byte[] rawData, String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(Byte[] data) at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(Byte[] rawData) at Gateway.Controllers.ValuesController.Get() in C:\Work\AzureAdAuth\Gateway\Controllers\ValuesController.cs:line 26 at lambda_method(Closure , Object ) at Microsoft.Extensions.Internal.ObjectMethodExecutorAwaitable.Awaiter.GetResult() at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.AwaitableObjectResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.g__Awaited|12_0(ControllerActionInvoker invoker, ValueTask1 actionResultValueTask) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeNextActionFilterAsync>g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeInnerFilterAsync>g__Awaited|13_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted) at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeFilterPipelineAsync>g__Awaited|19_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted) at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Logged|17_1(ResourceInvoker invoker) at Microsoft.AspNetCore.Routing.EndpointMiddleware.<Invoke>g__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger) at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Server.IIS.Core.IISHttpContextOfT1.ProcessRequestAsync()

like image 423
user584018 Avatar asked Jul 08 '20 03:07

user584018

People also ask

How do I get my azure key vault certificate?

On the Key Vault properties pages, select Certificates. Click on Generate/Import. On the Create a certificate screen choose the following values: Method of Certificate Creation: Generate.

Can Azure key vault store certificates?

Azure Key Vault is a cloud service that provides a secure store for secrets. You can securely store keys, passwords, certificates, and other secrets. Azure key vaults may be created and managed through the Azure portal.

1 Answers

Reading PFX requires the user profile to be loaded. When we added WEBSITE_LOAD_CERTIFICATES, it basically results in loading the profile on the background and hence we could read the PFX from the filesystem.

ASP.NET and ASP.NET Core on Windows must access the certificate store even if you load a certificate from a file. To load a certificate file in a Windows .NET app, add WEBSITE_LOAD_USER_PROFILE=1 option into the application's settings.

For more details, you could refer to this article.

like image 96
Joey Cai Avatar answered Sep 22 '22 14:09

Joey Cai
Sign in to Comment

Related questions

How can I set the root folder for an Azure Websites site?
Azure Website Exception: Format of the initialization string does not conform to specification starting at index 0
Create App Service subscription EMPTY
Deploying to an Azure Web App via ARM/msdeploy without deleting existing files
azure App service deploy as code or container?
How to disable source code publishing in ASP.NET 5 apps?
Azure Function Key Vault reference for certificates?
How to refresh an ID Token from Azure AD in a Web App?
Export Azure SSL certificate as pfx file
Can multiple domains point to the same Azure web app?
CPU Spikes / Wait time for ASP.NET Core application
Azure Website - configure SSL Bindings with PowerShell or cross-platform CLI
Azure Web Job - Performance impact of multiple functions in the same web job and/or multiple web jobs in the same web app?
Azure App Service applicationHost.xdt appears to have no effect
Azure App service with or without docker
How to restrict IP addresses with an Azure App Service / Web App
Azure App Service Metrics - How to interpret Sum vs. Count related to requests?
Do you need 2 instances of Azure websites for SLA like Web Roles?
How to set Azure Authentication custom login return url?
How to define an array as an environment variable for App Settings [duplicate]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!