app service getting 500- internal server for get certficate from azure keyvault using default credentials method

azure 1 Reputation point
2021-07-06T01:35:22.463+00:00

I Published asp.net core web api 3.1 on azure app service. I am getting certificate from azure using default credentials method. it is working fine in local but production getting 500 error. help me
wha111943-capturedf.png

Microsoft.AspNetCore.Server.IIS.Core.IISHttpServer: Connection ID "11240984680117308671", Request ID "80000d00-0002-9c00-b63f-84710c7967bb": An unhandled exception was thrown by the application.Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: The system cannot find the file specified.at Internal.Cryptography.Pal.CertificatePal.FilterPFXStore(Byte[] rawData, SafePasswordHandle password, PfxCertStoreFlags pfxCertStoreFlags)at Internal.Cryptography.Pal.CertificatePal.FromBlobOrFile(Byte[] rawData, String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(Byte[] data)at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(Byte[] rawData)at EntrustDataCard.Controllers.ApiController.GetCertificate(String uri, String name) in E:\Entrustproject\EntrustData-And-Api-1\EntrustDataCard\Controllers\ApiController.cs:line 85at lambda_method(Closure , Object , Object[] )at Microsoft.Extensions.Internal.ObjectMethodExecutor.Execute(Object target, Object[] parameters)at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.SyncActionResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.InvokeActionMethodAsync()at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.InvokeNextActionFilterAsync()--- End of stack trace from previous location where exception was thrown ---at

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,149 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,035 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. brtrach-MSFT 15,356 Reputation points Microsoft Employee
    2021-07-07T04:02:51.363+00:00

    @azure There will be some changes you'd need to make to your code to adapt it for use in Azure.

    Please start by reviewing this document here, which goes into detail about how to load your certificate and then how to call it in your code.

    After loading your certificates you can verify if these were properly loaded through the Kudu Console.

    1. First, you will have to go to your app service in the Azure Portal and select the “configuration” blade under “settings”.
    2. Then, select ”+New application setting”
    3. Add the WEBSITE_LOAD_CERTIFICATES setting and in value type * as this will allow all types of certificates.
    4. Click on “OK” and then on Save Settings
    5. You can then access Kudu Console by accessing the following link <webapp name>.scm.azurewebsites.net
    6. Select PowerShell
    7. As you are in a multitenant environment, multiple tenants share the same physical instance of the app, so in this case, the certificates are stored in current user.
    8. After selecting PowerShell you can run the following command dir cert:\currentuser\my as shown in the below example. You should be able to display the loaded certificates.

    Can you please verify if you can view the certificate following the above steps?

    0 comments No comments