Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
KeyVault fails on .Net Framework 4.7
See original GitHub issueCode that works on .Net Framework 4.61 fails on .Net Framework 4.7
To Repro:
packages: Microsoft.Extensions.Configuration.1.1.2 Microsoft.Extensions.Configuration.AzureKeyVault.1.0.2
namespace ConsoleApp1
{
using System;
using System.Security.Cryptography.X509Certificates;
using Microsoft.Extensions.Configuration;
class Program
{
static void Main(string[] args)
{
X509Certificate2 clientCertificate;
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
try
{
store.Open(OpenFlags.ReadOnly);
var certificates = store.Certificates.Find(X509FindType.FindByThumbprint, "SOME_THUMBPRINT", false);
clientCertificate = certificates[0];
}
finally
{
store.Close();
}
var builder = new ConfigurationBuilder()
.AddAzureKeyVault("https://YOUR_VAULT.vault.azure.net/", "CLIENT_ID", clientCertificate);
builder.Build(); // Exception happens here
Console.WriteLine("Done!");
Console.ReadLine();
}
}
}
Simplified exception stacktrace
Exception: Object reference not set to an instance of an object.
at Microsoft.IdentityModel.Clients.ActiveDirectory.CryptographyHelper.GetCryptoProviderForSha256(RSACryptoServiceProvider rsaProvider)
at Microsoft.IdentityModel.Clients.ActiveDirectory.CryptographyHelper.SignWithCertificate(String message, X509Certificate2 certificate)
at Microsoft.IdentityModel.Clients.ActiveDirectory.ClientAssertionCertificate.Sign(String message)
at Microsoft.IdentityModel.Clients.ActiveDirectory.JsonWebToken.Sign(IClientAssertionCertificate credential)
at Microsoft.IdentityModel.Clients.ActiveDirectory.ClientKey.AddToParameters(IDictionary`2 parameters)
at Microsoft.IdentityModel.Clients.ActiveDirectory.AcquireTokenHandlerBase.<SendTokenRequestAsync>d__64.MoveNext()
at Microsoft.IdentityModel.Clients.ActiveDirectory.AcquireTokenHandlerBase.<RunAsync>d__55.MoveNext()
at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.<AcquireTokenForClientCommonAsync>d__49.MoveNext()
at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.<AcquireTokenAsync>d__27.MoveNext()
at Microsoft.Extensions.Configuration.AzureKeyVaultConfigurationExtensions.<GetTokenFromClientCertificate>d__5.MoveNext()
at Microsoft.Azure.KeyVault.KeyVaultCredential.<PostAuthenticate>d__9.MoveNext()
at Microsoft.Azure.KeyVault.KeyVaultCredential.<ProcessHttpRequestAsync>d__10.MoveNext()
at Microsoft.Azure.KeyVault.KeyVaultClient.<GetSecretsWithHttpMessagesAsync>d__66.MoveNext()
at Microsoft.Azure.KeyVault.KeyVaultClientExtensions.<GetSecretsAsync>d__49.MoveNext()
at Microsoft.Extensions.Configuration.AzureKeyVault.AzureKeyVaultConfigurationProvider.<LoadAsync>d__5.MoveNext()
at Microsoft.Extensions.Configuration.AzureKeyVault.AzureKeyVaultConfigurationProvider.Load()
at Microsoft.Extensions.Configuration.ConfigurationRoot..ctor(IList`1 providers)
at Microsoft.Extensions.Configuration.ConfigurationBuilder.Build()
Issue Analytics
- State:
- Created 6 years ago
- Reactions:3
- Comments:18 (5 by maintainers)
Top Results From Across the Web
How to Access Azure Key Vault from Local Dev on .Net ...
How to get Azure Key Vault to work with .Net Framework 4.7.2 Web App (non-MVC) with web.config in VS 2019 or VS 2022?...
Read more >Add Key Vault to your web application by using Visual ...
Use this tutorial to help you learn how to add Key Vault support to an ASP.NET or ASP.NET Core web application.
Read more >Secure Secrets with Azure Key Vault Not In Connected ...
I have attempted this using Microsoft .NET Core 2.2 and Microsoft .NET Framework 4.7.2. The option shows up in my list of connected...
Read more >KeyVault fails on .Net Framework 4.7 -
Code that works on .Net Framework 4.61 fails on .Net Framework 4.7. To Repro: packages: Microsoft.Extensions.Configuration.1.1.2. Microsoft.
Read more >Azure.Security.KeyVault.Secrets 4.5.0
See our troubleshooting guide for details on how to diagnose various failure scenarios. General. When you interact with the Azure Key Vault secret...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
OK so there is a fairly simple workaround for this; not completely elegant, but pragmatic.
I added to my project an explicit nuget package reference to a later minor version of
Microsoft.IdentityModel.Clients.ActiveDirectoryand this issue went away. So instead of the default nested reference of 3.14.2, the project specifies 3.19.8 and all is good. You can see by browsing the nested dependencies that this later version is substituted there also.If anyone thinks there is risk with this please do register your thoughts.
Is there anything blocking progress on this issue? If I understand correctly,
Microsoft.Azure.Services.AppAuthenticationmust reference a newer version ofMicrosoft.IdentityModel.Clients.ActiveDirectoryandMicrosoft.Extensions.Configuration.AzureKeyVaultmust reference the new version ofMicrosoft.Azure.Services.AppAuthentication?