为什么此应用程序要查找引用程序集的旧版本、已删除版本？答案

【问题标题】：Why is this app looking for an older, removed version of a referenced assembly?为什么此应用程序要查找引用程序集的旧版本、已删除版本？
【发布时间】：2019-09-10 08:24:55
【问题描述】：

我从我的应用程序中引用两个 (nuget) 包并设置 KeyVault DI 配置。这两个包都引用了 Microsoft.IdentityModel.Clients.ActiveDirectory nuget 包。一个引用主要版本 3，另一个引用主要版本 4。主要版本 4 删除了 dll Microsoft.IdentityModel.Clients.ActiveDirectory.Platform。

当我使用证书调用 AddAzureKeyVault() 以添加 KV 配置时，我会在运行时为 dll Microsoft.IdentityModel.Clients.ActiveDirectory.Platform 获得一个 AssemblyNotFoundException。该文件正确不存在，并且我已将关联 dll 的绑定重定向到主要版本，那么为什么在运行时请求它？有没有办法将对Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dll 的调用绑定回Microsoft.IdentityModel.Clients.ActiveDirectory.dll？我提供了绑定重定向并尝试了多种排列方式。

要复制，您可以从控制台应用程序引用包：

Microsoft.Extensions.Configuration.AzureKeyVault 2.2.0 Microsoft.IdentityModel.Client.ActiveDirectory 4.5.1

using System.Linq;
using System.Security.Cryptography.X509Certificates;
using Microsoft.Extensions.Configuration;

namespace ConsoleApp1
{
    class Program
    {
        static void Main(string[] args)
        {
            var cb = new ConfigurationBuilder();

            using (var store = new X509Store(StoreName.My, StoreLocation.LocalMachine))
            {
                store.Open(OpenFlags.ReadOnly);

                var certs = store.Certificates.Find(X509FindType.FindBySubjectName, "DummyValue", false);

                cb.AddAzureKeyVault("https://this-is-a-dummy.vault.azure.net", "dummy-client-id", certs.OfType<X509Certificate2>().Single());

                store.Close();
            }


            var config = cb.Build();
        } 
    }
}

无法加载文件或程序集“Microsoft.IdentityModel.Clients.ActiveDirectory.Platform, Version=3.14.2.11, Culture=neutral, PublicKeyToken=31bf3856ad364e35”或其依赖项之一。系统找不到指定的文件。

预绑定 FusionLog

日志：DisplayName = Microsoft.IdentityModel.Clients.ActiveDirectory.Platform，版本=3.14.2.11，文化=中性，PublicKeyToken=31bf3856ad364e35 （完全指定）

日志：Appbase = file:///C:/Code/sandbox/why-doesnt-this-work/ConsoleApp1/ConsoleApp1/bin/Debug/

日志：初始 PrivatePath = NULL 调用程序集：Microsoft.Extensions.Configuration.AzureKeyVault，Version=2.2.0.0，Culture=neutral，PublicKeyToken=adb9793829ddae60。

【问题讨论】：

您使用什么版本的 .NET Framework / .NET Core？
.NET Core 2.2 或 .NET Framework 4.7.2 的结果相同。再深入一点，我可以看到其他人对这个包有类似的问题：github.com/aspnet/Extensions/issues/1728

标签： c# .net .net-core

【解决方案1】：

我在 .net core 3.1 中遇到了完全相同的问题，看来我的问题已通过手动获取证书并改用 AddAzureClient(string vault, KeyVaultClient client, IKeyVaultSecretManager manager) 来解决。

我正在使用 Azure Stack Hub，并没有在常规 Azure 中对此进行测试，但不明白为什么这在常规 Azure 中不起作用。

我是这样实现的：

using System;
using System.Security.Cryptography.X509Certificates;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Azure.KeyVault;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.Configuration.AzureKeyVault;
using Microsoft.Extensions.Hosting;
using Microsoft.IdentityModel.Clients.ActiveDirectory;

namespace MyOrganization.Host
{
    public class Program
    {
        public static void Main(string[] args)
        {
            CreateHostBuilder(args).Build().Run();
        }

        public static IHostBuilder CreateHostBuilder(string[] args) =>
            Microsoft.Extensions.Hosting.Host.CreateDefaultBuilder(args)
                .ConfigureAppConfiguration((context, config) =>
                {
                    var root = config.Build();
                    var client = GetKeyVaultClient(root["AzureKeyVault:CertificateThumbprint"], root["AzureKeyVault:ClientId"]);
                    config.AddAzureKeyVault(root["AzureKeyVault:KeyVaultURL"], client, new DefaultKeyVaultSecretManager());
                })
                .ConfigureWebHostDefaults(webBuilder =>
                {
                    webBuilder.UseStartup<Startup>();
                });

        private static KeyVaultClient GetKeyVaultClient(string certificateThumbprint, string clientId)
        {
            string token = null;
            var client = new KeyVaultClient(async (authority, resource, _) =>
            {
                if (token != null)
                    return token;
                var adFsAuthority = GetAdFsAuthority(authority);
                var certificate = GetCertificate(certificateThumbprint);
                token = await GetAccessTokenAsync(resource, clientId, adFsAuthority, certificate);
                return token;
            });
            return client;
        }

        private static string GetAdFsAuthority(string authority)
        {
            // Azure Stack Key Vault gives authentication challenge at an authority which has an invalid uri.
            // For cause, see https://<your azure stack hub adfs address>/adfs/.well-known/openid-configuration.
            return $"{new Uri(authority).GetLeftPart(UriPartial.Authority)}/adfs";
        }

        public static X509Certificate2 GetCertificate(string thumbprint)
        {
            X509Store store = new X509Store(StoreLocation.CurrentUser);
            try
            {
                store.Open(OpenFlags.ReadOnly);
                var certs = store.Certificates.Find(X509FindType.FindByThumbprint, thumbprint, false);
                if (certs.Count == 0)
                    throw new Exception("Could not find certificate!");
                return certs[0];
            }
            finally
            {
                store.Close();
            }
        }

        private static async Task<string> GetAccessTokenAsync(
            string resource, string clientId, string authority, X509Certificate2 certificate)
        {
            // Must set to false with authorities with URL starting with adfs
            const bool validateAuthority = false;
            var context = new AuthenticationContext(authority, validateAuthority);
            var assertionCertificate = new ClientAssertionCertificate(clientId, certificate);
            var result = await context.AcquireTokenAsync(resource, assertionCertificate);
            return result.AccessToken;
        }
    }
}

【讨论】：