Runtime error loading certificate in Azure Functio

2019-01-15 20:11发布

站内问答 / C#
1455 2 4

I want to create an Azure function (C# API Generic HTTP) method that uploads a file to an Office365 Sharepoint document library.

Because OneDrive API allows me to upload large files (using daemon process & certificate authentication), I have succeeded in achieving the goal with a C# Console Application.

The idea would be now to move the code into an Azure function. However, I receive an error during runtime of the function on the loading of the pfx-certificate.

public static async Task<bool> Run(HttpRequestMessage req, TraceWriter log)
{
   string certfile = System.IO.Path.Combine(Environment.ExpandEnvironmentVariable‌​s("%HOME%"), @"site\wwwroot\<functionname>\mykeyfile.pfx"); 

    X509Certificate2 cert = new X509Certificate2(certfile, "<myinsanepwd>");

    return true; //temporary 
}

The line X509Certificate2 cert = new X509Certificate2(certfile, ""); throws an Exception System.Security.Cryptography.CryptographicException: The system cannot find the file specified.

This is really strange because the file exists on the specified path (I checked using File.Exists() in the method :) ) Could this error have something to do with support.microsoft.com/en-us/kb/948154 ? How can I solve this?

Best regards, Jens

2条回答
神经病院院长
2楼-- · 2019-01-15 20:59

  1. Upload your certificate through the portal: Function App Settings -> Go to App Service Settings -> SSL certificates -> Upload Certificate

  2. Once you have uploaded your certificate through the Azure portal you need to add an appsetting (also through the portal) called WEBSITE_LOAD_CERTIFICATES and set the value for this to the thumbprint of your uploaded certificate. This can be a comma separated list of multiple thumbprints if you want, or even * to load all your uploaded certificates

  3. Code:

    using System.Net;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;

public static async Task<HttpResponseMessage> Run(HttpRequestMessage req, TraceWriter log)
{
    var store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
    store.Open(OpenFlags.ReadOnly);
    var certs = store.Certificates.Find(X509FindType.FindByThumbprint, "Your thumb", false);
查看更多
0人赞 添加讨论(0) 举报
走好不送
3楼-- · 2019-01-15 21:02

Adding X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable to the constructor. This code works for me:

using System.Net;
using System;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;

public static async Task<HttpResponseMessage> Run(HttpRequestMessage req, TraceWriter log)
{
    string certfile = System.IO.Path.Combine(Environment.ExpandEnvironmentVariable‌​s("%HOME%"), @"site\wwwroot\HttpTriggerCSharp4\myCertFile.pfx");        
    log.Info(certfile); 
    log.Info(System.IO.File.Exists(certfile).ToString());
    X509Certificate2 cert = new X509Certificate2(certfile, "password", X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);     
    log.Info(cert.Thumbprint);
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)