I'm using the Google Analytics API and I followed this SO question to set up the OAuth: https://stackoverflow.com/a/13013265/1299363
Here is my OAuth code:
public void SetupOAuth () { var Cert = new X509Certificate2( PrivateKeyPath, "notasecret", X509KeyStorageFlags.Exportable); var Provider = new AssertionFlowClient(GoogleAuthenticationServer.Description, Cert) { ServiceAccountId = ServiceAccountUser, Scope = ApiUrl + "analytics.readonly" }; var Auth = new OAuth2Authenticator<AssertionFlowClient>(Provider, AssertionFlowClient.GetState); Service = new AnalyticsService(Auth); }
PrivateKeyPath is the path of the private key file provided by Google API Console. This works perfectly on my local machine, but when I push it up to our test server I get
System.Security.Cryptography.CryptographicException: An internal error occurred.
with the following stack trace (irrelevant parts removed):
System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr) +33 System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromFile(String fileName, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx) +0 System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromFile(String fileName, Object password, X509KeyStorageFlags keyStorageFlags) +237 System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags) +140 Metrics.APIs.GoogleAnalytics.SetupOAuth() in <removed>\Metrics\APIs\GoogleAnalytics.cs:36 Metrics.APIs.GoogleAnalytics..ctor(String PrivateKeyPath) in <removed>\Metrics\APIs\GoogleAnalytics.cs:31
So it appears as if it is having trouble loading the file. I've checked the PrivateKeyPath that is passed in and it is pointing to the correct location.
Any ideas? I don't know if this is an issue with the server, the file, the code or what.
Assign the existing private key to a new certificateSign in to the computer that issued the certificate request by using an account that has administrative permissions. Select Start, select Run, type mmc, and then select OK. On the File menu, select Add/Remove Snap-in. In the Add/Remove Snap-in dialog box, select Add.
Navigate to Personal | Certificates pane. Right-click within the Certificates panel and click All Tasks | Import to start the Certificate Import Wizard. Follow the wizard to import the signed certificate along with the private key.
In the Certificate windows that appears, you should see a note with a key symbol underneath the Valid from field that says, "You have a private key that corresponds to this certificate." If you do not see this, then your private key is not attached to this certificate, indicating a certificate installation issue.
Go to: Certificates > Personal > Certificates. Right-click on the certificate you wish to export and go to All Tasks and hit Export. Hit Next on the Certificate Export Wizard to begin the process. Select “Yes, export the private key” and hit next.
One of things that comes to my mind is the identity of your app pool, make sure that the Load user profile is turned on otherwise the crypto subsystem does not work.
I'm loading my p12
file with
new X509Certificate2( HostingEnvironment.MapPath(@"~/App_Data/GoogleAnalytics-privatekey.p12"), ....
I actually got a FileNotFoundException even though File.Exists(filename)
returned true.
As @Wiktor Zychla said it's as simple as enabling Load User Profile
Here's an image of the setting that needs changing
Just right click on the app pool under 'Application Pools' in IIS and select 'Advanced Settings' and the setting you need is about halfway down.
Tip: I'd recommend commenting your code with this to prevent future time wasted since it's so obscure if you've never come across it before.
// If this gives FileNotFoundException see // http://stackoverflow.com/questions/14263457/
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With