Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

IdentityServer4, WindowsCryptographicException: The system cannot find the file specified

Tags:

I create an IdentityServer4 project with several client apps. I use a self-signed certificate file my_certificate.pfx to generate login token. It works fine on localhost.

However, it does not work when employing it to a shared web hosting server.

The app that hosts the IdentityServer4 works fine, indicating that the server app can access the certificate file. However, it generates the following error when trying to log in from a client app:

WindowsCryptographicException: The system cannot find the file specified.
System.Security.Cryptography.CngKey.Open(string keyName, CngProvider provider, CngKeyOpenOptions openOptions)
System.Security.Cryptography.CngKey.Open(string keyName, CngProvider provider)
Internal.Cryptography.Pal.CertificatePal.GetPrivateKey<T>(Func<CspParameters, T> createCsp, Func<CngKey, T> createCng)
Internal.Cryptography.Pal.CertificatePal.GetRSAPrivateKey()
System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()
Microsoft.IdentityModel.Tokens.X509SecurityKey.get_PrivateKey()
Microsoft.IdentityModel.Tokens.X509SecurityKey.get_PrivateKeyStatus()
Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider.FoundPrivateKey(SecurityKey key)
Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider..ctor(SecurityKey key, string algorithm, bool willCreateSignatures)
Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider..ctor(SecurityKey key, string algorithm, bool willCreateSignatures, CryptoProviderFactory cryptoProviderFactory)
Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateSignatureProvider(SecurityKey key, string algorithm, bool willCreateSignatures)
Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateForSigning(SecurityKey key, string algorithm)
Microsoft.IdentityModel.JsonWebTokens.JwtTokenUtilities.CreateEncodedSignature(string input, SigningCredentials signingCredentials)
System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.WriteToken(SecurityToken token)
IdentityServer4.Services.DefaultTokenCreationService.CreateJwtAsync(JwtSecurityToken jwt)
IdentityServer4.Services.DefaultTokenCreationService.CreateTokenAsync(Token token)
IdentityServer4.Services.DefaultTokenService.CreateSecurityTokenAsync(Token token)
IdentityServer4.ResponseHandling.AuthorizeResponseGenerator.CreateImplicitFlowResponseAsync(ValidatedAuthorizeRequest request, string authorizationCode)
IdentityServer4.ResponseHandling.AuthorizeResponseGenerator.CreateHybridFlowResponseAsync(ValidatedAuthorizeRequest request)
IdentityServer4.ResponseHandling.AuthorizeResponseGenerator.CreateResponseAsync(ValidatedAuthorizeRequest request)
IdentityServer4.Endpoints.AuthorizeEndpointBase.ProcessAuthorizeRequestAsync(NameValueCollection parameters, ClaimsPrincipal user, ConsentResponse consent)
IdentityServer4.Endpoints.AuthorizeEndpoint.ProcessAsync(HttpContext context)
IdentityServer4.Hosting.IdentityServerMiddleware.Invoke(HttpContext context, IEndpointRouter router, IUserSession session, IEventService events)
IdentityServer4.Hosting.IdentityServerMiddleware.Invoke(HttpContext context, IEndpointRouter router, IUserSession session, IEventService events)
IdentityServer4.Hosting.MutualTlsTokenEndpointMiddleware.Invoke(HttpContext context, IAuthenticationSchemeProvider schemes)
Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
IdentityServer4.Hosting.BaseUrlMiddleware.Invoke(HttpContext context)
Microsoft.AspNetCore.Session.SessionMiddleware.Invoke(HttpContext context)
Microsoft.AspNetCore.Session.SessionMiddleware.Invoke(HttpContext context)
NWebsec.AspNetCore.Middleware.Middleware.MiddlewareBase.Invoke(HttpContext context)
NWebsec.AspNetCore.Middleware.Middleware.MiddlewareBase.Invoke(HttpContext context)
Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)

How to make the client app works?

Thanks

like image 329
jjkk Avatar asked Apr 27 '20 20:04

jjkk

1 Answers

I ran into this when setting up IdentityServer on AWS ElasticBeanstalk infrastructure and using a local file, rather than the certificate store - however the solution in my case is the same. I found that the app pools on the EC2 instances did not have Load User Profile set true. When set, the permissions model changes and allows the process to load in the cert. You can enable through the IIS management UI on the app pool details, or use a version of the script below. 

Import-Module WebAdministration
Set-ItemProperty "IIS:\AppPools\DefaultAppPool" -Name "processModel.loadUserProfile" -Value "True"
like image 155
Dan Avatar answered Sep 30 '22 21:09

Dan
Sign in to Comment

Related questions

How do I use Go with Bitbucket private repositories?
How to connect EC2 using pysftp via AWS Lambda without .pem file or alternate to .pem file
Is there a way to use kotlin.random.Random inside GraalVM native image
Inline CSS with Webpack, without HtmlWebpackInlineSourcePlugin?
Serial communication between raspberry pi and teensy (using UART / GPIO pins)
How to enable/disable OneTimeCode feature for specific text field?
Can I trust the .Length property on IFormFile in ASP.NET Core?
Why do I get 'ImproperlyConfigured' exception, implying circular imports?
How to define exceptions for nx-lint?
Formatting Date labels using Seaborn FacetGrid
Time complexity : Getting incorrect result
SQL Server geography testing if a point is within a bounds - what does STWithin() do?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!