我正在通过MVC / Durandal Web应用程序将身份证明文件保存到Azure blob存储中。我正在按照this示例使用Azure密钥保险库存储加密密钥来加密Azure存储中的Blob。

这是我的代码：


    公共异步任务UploadIdentityDocumentForClient（string fileName，ParsedClientModel parsedClientModel）
    {
        BlobRequestOptions options =等待GetBlobRequestOptions（）;
        等待
            _storageRepository.CreateEncryptedBlobFromByteArray（_storageManager，_containerName，文件名，parsedClientModel.IdentityDocumentFile，parsedClientModel.IdentityDocumentContentType，选项）;
        返回文件名;
    }


    私有静态异步任务GetBlobRequestOptions（）
    {
        字符串secretUri = WebConfigurationManager.AppSettings [“ SecretUri”];
        字符串secretName = WebConfigurationManager.AppSettings [“ SecretEncryptionName”];
    * 1 KeyVaultKeyResolver keyVaultKeyResolver =新的KeyVaultKeyResolver（GetAccessToken）;

    * 2 IKey rsaKey = keyVaultKeyResolver.ResolveKeyAsync（$“ {secretUri} / secrets / {secretName}”，CancellationToken.None）.GetAwaiter（）。GetResult（）;
        BlobEncryptionPolicy策略=新的BlobEncryptionPolicy（rsaKey，null）;
        BlobRequestOptions选项=新的BlobRequestOptions
        {
            EncryptionPolicy =策略
        };
        返回选项；
    }


     公共静态异步任务GetAccessToken（字符串授权，字符串资源，字符串范围）
    {
        字符串clientId = WebConfigurationManager.AppSettings [“ ClientId”];
        字符串clientSecret = WebConfigurationManager.AppSettings [“ ClientSecret”];
        ClientCredential clientCredential =新的ClientCredential（clientId，clientSecret）;
        AuthenticationContext authenticationContext =新的AuthenticationContext（authority，TokenCache.DefaultShared）;
        AuthenticationResult结果=等待authenticationContext.AcquireTokenAsync（resource，clientCredential）;
        如果（结果==空）
        {
            抛出新的InvalidOperationException（
                “ GetAccessToken-无法获取应用程序的Active Directory令牌。”）；
        }
    * 3返回结果.AccessToken;
    }


    公共异步任务CreateEncryptedBlobFromByteArray（IStorageManager storageManager，字符串containerName，字符串fileName，
        byte [] byteArray，字符串contentType，BlobRequestOptions选项）
    {
        CloudBlobContainer容器=等待CreateStorageContainerIfNotExists（storageManager，containerName）;
        CloudBlockBlob blob = container.GetBlockBlobReference（fileName）;
        blob.Properties.ContentType = contentType;
        等待blob.UploadFromByteArrayAsync（byteArray，0，byteArray.Length，AccessCondition.GenerateEmptyCondition（），options，new OperationContext（））;
    }



这条线...


    IKey rsaKey = keyVaultKeyResolver.ResolveKeyAsync（$“ {secretUri} / secrets / {secretName}”，CancellationToken.None）.GetAwaiter（）。GetResult（）;



始终返回null。

我在上面的代码中添加了断点（* 1至* 3），并注意到* 2总是在* 3之前被命中。这意味着KeyVaultKeyResolver（GetAccessToken）调用不等待GetAccessToken调用返回该值。

关于我在做什么错的任何想法吗？

我发现自己在做什么错。

我在哪里断点2应该使用此代码：

SymmetricKey sec = (SymmetricKey) cloudResolver
            .ResolveKeyAsync("https://yourkeyvault.vault.azure.net/secrets/MiplanAdminLocalEncryption",
                CancellationToken.None)
            .GetAwaiter()
            .GetResult();

I also had to add the secret to my Azure Key Vault using PowerShell. Creating the secret via the management UI did not work. Here are the commands I used:

Sorry for image but SO would not accept the above text even when pasted as a code sample.

See this site for the original example.

I found a way to add the secret via the Azure portal:

    //If entering via Azure UI:
    //Your secret string must be 16 characters (28 bits) long or end up being 28, 192, 256, 384, or 512 bits.
    // Base64 encode using https://www.base64encode.org/
    //Take this encoded value and enter it as the secret value in the UI.