我有一个Service Fabric应用程序,我正在尝试使用基于证书的身份验证调用API。
WebRequestHandler handler = new WebRequestHandler();
//fetching certificate from key vault. The fetch url is identical in both the cases and thumbprint is same
X509Certificate certificate = GetCertificate();
handler.ClientCertificates.Add(certificate);
var baseUrl = "https://myUrl";
var requestUri = "request";
var content = "content";
using (HttpClient httpClient = new HttpClient(handler))
{
httpClient.BaseAddress = new Uri(baseUrl);
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Post, requestUri)
{
Content = new StringContent(content, Encoding.UTF8, MediaTypeNames.Text.Plain)
};
HttpResponseMessage result;
using (var cts = new CancellationTokenSource(TimeSpan.FromSeconds(100)))
{
try
{
result = httpClient.SendAsync(request, cts.Token).Result;
//check the result here
}
catch (OperationCanceledException e) when (cts.IsCancellationRequested)
{
...
}
}
}
当我在本地运行完全相同的代码时,它可以工作,当我在 Azure 服务结构中运行它时,它会失败。下面是我正在检查代码的结果。
Service Fabric 本地群集:
StatusCode: 200, ReasonPhrase: 'OK', Version: 1.1, Content: System.Net.Http.StreamContent, Headers: { Pragma: no-cache Cache-Control: no-cache Date: Sat, 06 Jun 2020 03:40:44 GMT Server: Microsoft-IIS/10.0 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Content-Length: 67 Content-Type: application/json; charset=utf-8 Expires: -1 }
Azure 中的 Service Fabric 群集:
StatusCode: 401, ReasonPhrase: 'Unauthorized', Version: 1.1, Content: System.Net.Http.StreamContent, Headers: { Pragma: no-cache Cache-Control: no-cache Date: Sat, 06 Jun 2020 03:30:33 GMT Server: Microsoft-IIS/10.0 WWW-Authenticate: Bearer X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Content-Length: 61 Content-Type: application/json; charset=utf-8 Expires: -1 }
我检查了 WWW-身份验证标头是身份验证服务器接受的。我知道它接受基于证书的身份验证并且正在本地工作。为什么当我在云中运行时,它会拒绝授权并发回WWW-Authenticate: Bearer标头?
我发现证书需要有私钥才能授权,而我使用的密钥保管库证书没有私钥。
这有点令人困惑,因为证书。HasPrivateKey在我的机器和Azure环境中都是错误的。它在我的机器中工作的原因是我的机器中安装了证书。
我通过从存储中删除证书进行了测试,并通过使用具有私钥的证书更新密钥保管库来解决此问题。