Importing a PFX file using X509Certificate2 from ASP fails
- From: Patrick Sona <sona@xxxxxxxxxxxxx>
- Date: Thu, 17 Jul 2008 14:22:55 +0200
Hi all!
I have a problem while importing a pfx file (or a pfx-byte-array) with X509Certificate2 constructor.
When I call
X509Certificate2 cert = new X509Certificate2("a.pfx", "password");
I get the following Exception:
+++++++++++++++++++++++++
System.Security.Cryptography.CryptographicException: The system cannot find the file specified
at System.Security.Cryptography.CryptographicException.ThrowCryptogaphicException(Int32 hr)
at System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromFile(String fileName, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx)
at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromFile(String fileName, Object password, X509KeyStorageFlags keyStorageFlags)
at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password)
+++++++++++++++++++++++++++
The problem occurs, because the asp.net application runs under a different account as "Networkservice", so this account hasn't a loaded userprofile.
The X509Certificate2-constructor couldn't access the Usercertificates- store.
This problem is also descriped in KB948154
(http://support.microsoft.com/kb/948154) But the descriped workaround in this article is not applicable for me.
Her the workaround-text:
############################
1. An administrator on the machine where the ASP.NET/COM+ application runs should install the certificate in the machine certificate store, called the "Local Computer" store. This should be done when the ASP.NET/COM+ application is installed.
2. The administrator should set the permissions on the private key associated with the certificate to give the ASP.NET process and the impersonated users access to the key. This is needed because only the user account that installs the certificate or private key in the "Local Computer" store can later use the RSA private key associated with the certificate.
3. The ASP.NET/COM+ application code should use the installed certificate rather than attempt to install one from a PFX file. Have the code locate the installed certificate using X509Store class.
a. Use StoreLocation.LocalMachine in the constructor of X509Store.
b. Once the store is opened, locate the desired certificate based on subject name programmatically using X509Certificate2Collection.Find method.
Example code will look similar to:
X509Store store = new X509Store("My", StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
System.Security.Cryptography.X509Certificates.X509Certificate2 newCert =
store.Certificates.Find(X509FindType.FindBySubjectName, "XXXXXXXXXXXXX", false)[0];
…
The subject name to use above in the second parameter of Find method will depend on the subject name of the installed certificate from p12 or PFX file in the Local Computer certificate store.
##############################
Has anyone a similar problem an another solution?
Thanx for all posts!
Greetings
Pat
.
- Prev by Date: HttpWebRequest With SSL, Problem while deploying to IIS
- Next by Date: RE: DsCrackName with DS_NAME_FLAG_TRUST_REFERRAL flag not working
- Previous by thread: HttpWebRequest With SSL, Problem while deploying to IIS
- Next by thread: RE: DsCrackName with DS_NAME_FLAG_TRUST_REFERRAL flag not working
- Index(es):
Relevant Pages
|
