Mimekit - 尝试解密时访问被拒绝
我在尝试解密 MIME 消息时收到此错误:
当我在本地计算机中解密它时,我可以毫无问题地解密邮件,但部署在服务器中的应用程序无法解密并且导致此错误。这是我用于解密的代码
GraphServiceClient graphClient = new GraphServiceClient(clientSecretCredential, new string[] { _laCaixaSettings.GraphApiSettings.Scope });
var streamMessage = await graphClient.GetMessage(_laCaixaSettings.GraphApiSettings.UserId, pasarelaSettings.FicheroId);
using var message = await MimeMessage.LoadAsync(streamMessage);
var decryptedStream = await MimeMailUtils.Decrypt(message, _laCaixaSettings.GraphApiSettings.PrivateCertificate);
public static async Task<Stream> GetMessage(this GraphServiceClient graphServiceClient, string userId, string messageId)
{
var request = graphServiceClient.Users[userId].Messages[messageId].Request().GetHttpRequestMessage();
request.RequestUri = new Uri(request.RequestUri.OriginalString + "/$value");
var response = await graphServiceClient.HttpProvider.SendAsync(request);
response.EnsureSuccessStatusCode();
var content = await response.Content.ReadAsStreamAsync();
content.Position = 0;
return content;
}
public static async Task<MimeEntity> Decrypt(MimeMessage message, X509Certificate2 certificate)
{
var encryptedContent = (ApplicationPkcs7Mime)message.Body;
using var context = new WindowsSecureMimeContext(StoreLocation.CurrentUser);
context.Import(StoreName.CertificateAuthority, certificate);
return await encryptedContent.DecryptAsync(context);
}
这就是我获取证书的方式
public void SetSecrets()
{
using KeyVaultClient client = VaultClientExtensions.GetKeyVaultClient(AzureVaultManagerSettings.ClientId, AzureVaultManagerSettings.ClientSecret);
var secret = AsyncUtil.RunSync(() => client.GetSecret<string>(AzureVaultManagerSettings.SecretUrl));
GraphApiSettings.PrivateCertificate = new X509Certificate2(
Convert.FromBase64String(secret),
string.Empty,
X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.UserKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);
}
我相信问题可能是该证书未安装在服务器中。有人能帮我解决这个问题吗?提前致谢!
I'm getting this error when trying to decrypt a MIME message:
When I decrypt it in my local machine I can decrypt the mail without any problem, but the app deployed in server can't decrypt and results in this error. this is the code I'm using for decrypting
GraphServiceClient graphClient = new GraphServiceClient(clientSecretCredential, new string[] { _laCaixaSettings.GraphApiSettings.Scope });
var streamMessage = await graphClient.GetMessage(_laCaixaSettings.GraphApiSettings.UserId, pasarelaSettings.FicheroId);
using var message = await MimeMessage.LoadAsync(streamMessage);
var decryptedStream = await MimeMailUtils.Decrypt(message, _laCaixaSettings.GraphApiSettings.PrivateCertificate);
public static async Task<Stream> GetMessage(this GraphServiceClient graphServiceClient, string userId, string messageId)
{
var request = graphServiceClient.Users[userId].Messages[messageId].Request().GetHttpRequestMessage();
request.RequestUri = new Uri(request.RequestUri.OriginalString + "/$value");
var response = await graphServiceClient.HttpProvider.SendAsync(request);
response.EnsureSuccessStatusCode();
var content = await response.Content.ReadAsStreamAsync();
content.Position = 0;
return content;
}
public static async Task<MimeEntity> Decrypt(MimeMessage message, X509Certificate2 certificate)
{
var encryptedContent = (ApplicationPkcs7Mime)message.Body;
using var context = new WindowsSecureMimeContext(StoreLocation.CurrentUser);
context.Import(StoreName.CertificateAuthority, certificate);
return await encryptedContent.DecryptAsync(context);
}
And this is how I get the certificate
public void SetSecrets()
{
using KeyVaultClient client = VaultClientExtensions.GetKeyVaultClient(AzureVaultManagerSettings.ClientId, AzureVaultManagerSettings.ClientSecret);
var secret = AsyncUtil.RunSync(() => client.GetSecret<string>(AzureVaultManagerSettings.SecretUrl));
GraphApiSettings.PrivateCertificate = new X509Certificate2(
Convert.FromBase64String(secret),
string.Empty,
X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.UserKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);
}
I believe the problem could be that this certificate is not installed in the server. Could anyone help me with this? Thanks in advance!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您无权访问 StoreName.CertificateAuthority。
如果您查看异常中的堆栈跟踪,则会发现 System.Security.Cryptography.X509Certificates.X509Store.Open() 失败。
通常,StoreName.CertificateAuthority 仅可供管理员用户访问。
You don't have access to StoreName.CertificateAuthority.
If you look at the stack trace in the exception, it is failing in System.Security.Cryptography.X509Certificates.X509Store.Open()
Generally, the StoreName.CertificateAuthority is only accessible to admin users.