我通过我的MVC / Durandal Web应用程序将身份文档保存到Azure blob存储 . 我正在关注this示例,使用Azure密钥保管库加密Azure存储中的Blob以存储加密密钥 .
这是我的代码:
public async Task UploadIdentityDocumentForClient(string fileName, ParsedClientModel parsedClientModel)
{
BlobRequestOptions options = await GetBlobRequestOptions();
await
_storageRepository.CreateEncryptedBlobFromByteArray(_storageManager, _containerName, fileName, parsedClientModel.IdentityDocumentFile, parsedClientModel.IdentityDocumentContentType, options);
return fileName;
}
private static async Task GetBlobRequestOptions()
{
string secretUri = WebConfigurationManager.AppSettings["SecretUri"];
string secretName = WebConfigurationManager.AppSettings["SecretEncryptionName"];
*1 KeyVaultKeyResolver keyVaultKeyResolver = new KeyVaultKeyResolver(GetAccessToken);
*2 IKey rsaKey = keyVaultKeyResolver.ResolveKeyAsync($"{secretUri}/secrets/{secretName}", CancellationToken.None).GetAwaiter().GetResult();
BlobEncryptionPolicy policy = new BlobEncryptionPolicy(rsaKey, null);
BlobRequestOptions options = new BlobRequestOptions
{
EncryptionPolicy = policy
};
return options;
}
public static async Task GetAccessToken(string authority, string resource, string scope)
{
string clientId = WebConfigurationManager.AppSettings["ClientId"];
string clientSecret = WebConfigurationManager.AppSettings["ClientSecret"];
ClientCredential clientCredential = new ClientCredential(clientId, clientSecret);
AuthenticationContext authenticationContext = new AuthenticationContext(authority, TokenCache.DefaultShared);
AuthenticationResult result = await authenticationContext.AcquireTokenAsync(resource, clientCredential);
if (result == null)
{
throw new InvalidOperationException(
"GetAccessToken - Failed to obtain the Active Directory token for application.");
}
*3 return result.AccessToken;
}
public async Task CreateEncryptedBlobFromByteArray(IStorageManager storageManager, string containerName, string fileName,
byte[] byteArray, string contentType, BlobRequestOptions options)
{
CloudBlobContainer container = await CreateStorageContainerIfNotExists(storageManager, containerName);
CloudBlockBlob blob = container.GetBlockBlobReference(fileName);
blob.Properties.ContentType = contentType;
await blob.UploadFromByteArrayAsync(byteArray, 0, byteArray.Length, AccessCondition.GenerateEmptyCondition(), options, new OperationContext());
}
这条线......
IKey rsaKey = keyVaultKeyResolver.ResolveKeyAsync($"{secretUri}/secrets/{secretName}", CancellationToken.None).GetAwaiter().GetResult();
始终返回null .
我在上面的代码中添加了断点(* 1到* 3),并注意到* 2总是在* 3之前被击中 . 这意味着KeyVaultKeyResolver(GetAccessToken)调用不等待GetAccessToken调用返回值 .
关于我做错了什么的任何想法?
1 回答
我弄清楚我做错了什么 .
断点2是我应该使用此代码:
我还必须使用PowerShell将秘密添加到我的Azure密钥保管库 . 通过管理UI创建秘密不起作用 . 以下是我使用的命令:
对不起图片,但即使粘贴为代码示例,SO也不接受上述文字 .
有关原始示例,请参见this site .
我找到了一种通过Azure门户添加秘密的方法: