WIF无法解析私钥 [英] WIF failing to resolve private key

问题描述

我有一个使用WIF的ASP.NET MVC 4.0 Web应用程序。  WIF服务加密证书在web.config中设置。 证书是一个自签名证书，位于LocalMachine / Personal。 它也在Trusted Root Cert Auth商店中。   目前
在Windows7x64上作为模拟域用户在VS2010中运行我的代码。   模拟用户是我的开发框中的本地管理员。  我运行了MMC cert  snapin并授予了模拟用户的权限。  WIF成功加载
加载证书但在解析私钥时失败。 以下是失败的WIF代码和相应的例外情况。

I have an ASP.NET MVC 4.0 web app that uses WIF.  The WIF service encryption cert is set in web.config.  The cert is a self signed cert that is located in LocalMachine/Personal.  Its also in the Trusted Root Cert Auth store.   Currently running my code in VS2010 on Windows7x64 as an impersonated domain user.   The impersonated user is a local admin on my development box.   I ran the MMC cert snapin and granted permissions to the impersonated user.  WIF does sucessfully load the certificate but it fails when resolving the private key.  Here is the failing WIF code and corresponding exception.

内部静态RSA EnsureAndGetPrivateRSAKey（X509Certificate2证书）

    {

      AsymmetricAlgorithm privateKey;

      if（！certificate.HasPrivateKey）

      {

        throw DiagnosticUtil.ExceptionUtil.ThrowHelperError（new ArgumentException（Microsoft.IdentityModel.SR.GetString（" ID1001"，new object [] {certificate.Thumbprint}）））;

       }
     试试
      {

        privateKey = certificate.PrivateKey;  // code  throws  CryptographicException此处，因为模拟的用户无法解析私钥

      }
      catch（CryptographicException例外）

      {

        throw DiagnosticUtil.ExceptionUtil.ThrowHelperError（new ArgumentException（Microsoft.IdentityModel.SR.GetString（" ID1039"，new object [] {certificate.Thumbprint}），exception））;

       }
      RSA rsa = privateKey作为RSA;

      if（rsa == null）

      {

        throw DiagnosticUtil.ExceptionUtil.ThrowHelperError（new ArgumentException（Microsoft.IdentityModel.SR.GetString（" ID1002"，new object [] {certificate.Thumbprint}）））;
$
       }
      return rsa;

    }

internal static RSA EnsureAndGetPrivateRSAKey(X509Certificate2 certificate)
    {
      AsymmetricAlgorithm privateKey;
      if (!certificate.HasPrivateKey)
      {
        throw DiagnosticUtil.ExceptionUtil.ThrowHelperError(new ArgumentException(Microsoft.IdentityModel.SR.GetString("ID1001", new object[] { certificate.Thumbprint })));
      }
      try
      {
        privateKey = certificate.PrivateKey;  //code throws CryptographicException here because the impersonated user can't resolve the private key
      }
      catch (CryptographicException exception)
      {
        throw DiagnosticUtil.ExceptionUtil.ThrowHelperError(new ArgumentException(Microsoft.IdentityModel.SR.GetString("ID1039", new object[] { certificate.Thumbprint }), exception));
      }
      RSA rsa = privateKey as RSA;
      if (rsa == null)
      {
        throw DiagnosticUtil.ExceptionUtil.ThrowHelperError(new ArgumentException(Microsoft.IdentityModel.SR.GetString("ID1002", new object[] { certificate.Thumbprint })));
      }
      return rsa;
    }

 

" System.Security.Cryptography.CryptographicException：系统找不到指定的文件。\\\\ n \\r\\\
  在System.Security.Cryptography.Utils.CreateProvHandle（CspParameters参数，布尔值randomKeyContainer）\\\\ n  在System.Security.Cryptography.Utils.GetKeyPairHelper（CspAlgorithmType
keyType，CspParameters parameters，Boolean randomKeyContainer，Int32 dwKeySize，SafeProvHandle& safeProvHandle，SafeKeyHandle& safeKeyHandle）\\\\ n  在System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair（）\\ nn  在System.Security.Cryptography.RSACryptoServiceProvider..ctor（Int32
dwKeySize，CspParameters参数，布尔值useDefaultKeySize）\\ nn  在System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey（）\ r \ n  在Microsoft.IdentityModel.X509Util.EnsureAndGetPrivateRSAKey（X509Certificate2
certificate）"

"System.Security.Cryptography.CryptographicException: The system cannot find the file specified.\r\n\r\n   at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)\r\n   at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)\r\n   at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()\r\n   at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)\r\n   at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()\r\n   at Microsoft.IdentityModel.X509Util.EnsureAndGetPrivateRSAKey(X509Certificate2 certificate)"

 

如何获取证书私钥在我的ASP.NET模拟帐户下正确解析？

How do I get the cert private key to resolve correctly under my ASP.NET impersonated account?

 

请提供建议。

  ;

谢谢

 

 

 

 

 

 

 

推荐答案

你如何将证书从商店中拉出来？我的猜测是它只从根中拔出公钥。

How are you pulling the certificate out the store? My guess is that its only pulling the public key from the root.

这篇关于WIF无法解析私钥的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！