ASP.NET - The specified network password is not correct

Question

I have in my dev machine a WCF Client which requires certificate and it is working fine.
After the deployment to production server I get the following Error:

[CryptographicException: The specified network password is not correct.] 

DEV - Win7 32BIT IIS 7.5
PRODUCTION - Win SERVER 64BIT 2008 IIS 7.5

Even though there is no password between the networks and there is not certificate password. (I know because the dev works with no password). The only password that I have is the WCF one that is the same as the DEV.

CrmServiceClient crm = new CrmServiceClient("CrmServiceEndpoint"); crm.ClientCredentials.UserName.UserName = CrmConfigRepository.CrmUserName;//fine crm.ClientCredentials.UserName.Password = CrmConfigRepository.CrmPassword;//fine crm.ClientCredentials.ClientCertificate.Certificate = new X509Certificate2(Path); ///THIS WONT WORK AS WELL crm.ClientCredentials.ClientCertificate.Certificate = new X509Certificate2(Path, "", X509KeyStorageFlags.Exportable);  

this is the full stack

[CryptographicException: The specified network password is not correct. ]    System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr) +41    System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromFile(String fileName, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx) +0    System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromFile(String fileName, Object password, X509KeyStorageFlags keyStorageFlags) +372    System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName) +101    Externals.CrmConnection.Get() in C:\Users\avi\Documents\Visual Studio 2010\Projects\ExpressBroker\Externals\CrmConnection.cs:31    ExpressBroker.Models.ActionsMetadata.Handlers.LeadAccountHandler.Handle(BrokerAction brokerAction, ActionStep step, Dictionary`2 httpPostDataCollection) in C:\Users\avi\Documents\Visual Studio 2010\Projects\ExpressBroker\ExpressBroker\Models\ActionsMetadata\Handlers\LeadAccountHandler.cs:45    ExpressBroker.Models.ActionsMetadata.Handlers.BaseStepHandler.SecuredHandle(BrokerAction brokerAction, ActionStep step, Dictionary`2 httpPostDataCollection) in C:\Users\avi\Documents\Visual Studio 2010\Projects\ExpressBroker\ExpressBroker\Models\ActionsMetadata\Handlers\BaseStepHandler.cs:49    ExpressBroker.Models.ActionsMetadata.Handlers.HandlerInvoker.Invoke(BrokerAction brokerAction, ActionStep actionStep, Dictionary`2 stepValues) in C:\Users\avi\Documents\Visual Studio 2010\Projects\ExpressBroker\ExpressBroker\Models\ActionsMetadata\Handlers\StepServerInoker.cs:29    ExpressBroker.Controllers.LeadAccountController.Register(String step) in C:\Users\avi\Documents\Visual Studio 2010\Projects\ExpressBroker\ExpressBroker\Controllers\LeadAccountController.cs:28    lambda_method(Closure , ControllerBase , Object[] ) +127    System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters) +264    System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters) +39    System.Web.Mvc.<>c__DisplayClass15.<InvokeActionMethodWithFilters>b__12() +129    System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilter filter, ActionExecutingContext preContext, Func`1 continuation) +784922    System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodWithFilters(ControllerContext controllerContext, IList`1 filters, ActionDescriptor actionDescriptor, IDictionary`2 parameters) +314    System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName) +784976    System.Web.Mvc.Controller.ExecuteCore() +159    System.Web.Mvc.ControllerBase.Execute(RequestContext requestContext) +335    System.Web.Mvc.<>c__DisplayClassb.<BeginProcessRequest>b__5() +62    System.Web.Mvc.Async.<>c__DisplayClass1.<MakeVoidDelegate>b__0() +20    System.Web.Mvc.<>c__DisplayClasse.<EndProcessRequest>b__d() +54    System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +453    System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +371 

Thanks

Answer 1

Try this:

new X509Certificate2(Path, "", X509KeyStorageFlags.MachineKeySet);  

It appears that the X509Certificate2 constructor tries to access the private key store of the local user (even when loading a PFX and the private key is in the PFX). With asp.net, the user profile typically isn't loaded, so the user key store doesn't exist. Specifying MachineKeySet tells the constructor to look at the Local Computer key store which always exists.

Answer 2

I also had an issue with a pfx file, problem was, it was exported using AES256-SHA256 encryption, which threw the same exception as in the question. According to this, AES256-SHA256 is only supported on Windows 10 1703, Windows Server 2016 and above. Changing to TripleDES-SHA1 'solved' the issue.