Rom*_*nik 35 c# azure x509certificate2 azure-web-sites
我在Azure网站(不是托管服务)中有网站,我需要在那里处理带有私钥的.pfx证书.
var x509Certificate2 = new X509Certificate2(certificate, password);
但我遇到了以下异常:
System.Security.Cryptography.CryptographicException: The system cannot find the file specified.
at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
at System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromBlob(Byte[] rawData, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx)
at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromBlob(Byte[] rawData, Object password, X509KeyStorageFlags keyStorageFlags)
at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(Byte[] rawData, String password, X509KeyStorageFlags keyStorageFlags)
at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(Byte[] rawData, String password, X509KeyStorageFlags keyStorageFlags)
在文章http://blog.tylerdoerksen.com/2013/08/23/pfx-certificate-files-and-windows-azure-websites/我发现它发生是因为默认情况下系统使用用户的本地目录存储密钥.但Azure网站没有本地用户配置文件目录.在同一篇文章中,作者建议使用X509KeyStorageFlags.MachineKeySetflag.
var x509Certificate2 = new X509Certificate2(certificate, password, X509KeyStorageFlags.MachineKeySet);
但现在我还有其他例外:
System.Security.Cryptography.CryptographicException: Access denied.
at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
at System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromBlob(Byte[] rawData, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx)
at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromBlob(Byte[] rawData, Object password, X509KeyStorageFlags keyStorageFlags)
at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(Byte[] rawData, String password, X509KeyStorageFlags keyStorageFlags)
at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(Byte[] rawData, String password, X509KeyStorageFlags keyStorageFlags)
任何人都可以帮助我理解它为什么会发生以及如何解决它?
小智 87
我猜你找到了一个解决方法,但如果其他人正在努力解决这个问题,我在另一个SO问题中找到了答案:
如何从PKCS#12字节数组构造X509Certificate2抛出CryptographicException("系统找不到指定的文件.")?
神奇的是指定X509KeyStorageFlags存储标志.例:
var myCertificae = new X509Certificate2(
certificateData,
securePasswordString,
X509KeyStorageFlags.MachineKeySet |
X509KeyStorageFlags.PersistKeySet |
X509KeyStorageFlags.Exportable);
Azure网站现在支持将证书安装到证书存储区.你有没试过?
详情请访问:http://azure.microsoft.com/blog/2014/10/27/using-certificates-in-azure-websites-applications/
| 归档时间: |
|
| 查看次数: |
8262 次 |
| 最近记录: |