网站在Azure的网站失败X509Certificate2的处理 [英] Site in Azure Websites fails processing of X509Certificate2

问题描述

我在Azure的网站网站（而不是托管服务），我需要处理的.pfx用私钥​​有证书。

I have site in Azure Websites (not Hosted Service) and I need processing .pfx certificates with private key there.

var x509Certificate2 = new X509Certificate2(certificate, password);

不过，我面临着如下异常：

But I was faced with follow exception:

System.Security.Cryptography.CryptographicException: The system cannot find the file specified.

   at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
   at System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromBlob(Byte[] rawData, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx)
   at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromBlob(Byte[] rawData, Object password, X509KeyStorageFlags keyStorageFlags)
   at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(Byte[] rawData, String password, X509KeyStorageFlags keyStorageFlags)
   at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(Byte[] rawData, String password, X509KeyStorageFlags keyStorageFlags)

在文章<一个href=\"http://blog.tylerdoerksen.com/2013/08/23/pfx-certificate-files-and-windows-azure-websites/\">http://blog.tylerdoerksen.com/2013/08/23/pfx-certificate-files-and-windows-azure-websites/我已发现，它是因为通过默认，系统使用的用户的本地目录来存储密钥。但Azure的网站没有任何本地用户配置文件目录。在同一篇文章的作者建议使用 X509KeyStorageFlags.MachineKeySet 标记。

In article http://blog.tylerdoerksen.com/2013/08/23/pfx-certificate-files-and-windows-azure-websites/ I have found that it happens because by default the system uses a local directory of user to store the key. But Azure Websites have no local user profile directory. In the same article author propose to use X509KeyStorageFlags.MachineKeySet flag.

var x509Certificate2 = new X509Certificate2(certificate, password, X509KeyStorageFlags.MachineKeySet);

但现在我有其他异常：

But now I have other exception:

System.Security.Cryptography.CryptographicException: Access denied.

   at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
   at System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromBlob(Byte[] rawData, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx)
   at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromBlob(Byte[] rawData, Object password, X509KeyStorageFlags keyStorageFlags)
   at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(Byte[] rawData, String password, X509KeyStorageFlags keyStorageFlags)
   at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(Byte[] rawData, String password, X509KeyStorageFlags keyStorageFlags)

任何人可以帮助我了解为什么会发生，以及如何解决它？

Can anybody help me to understand why it happens and how to fix it?

推荐答案

在一个共享的环境中运行Azure的网站。我假设证书的构造函数试图创建实例上的一些临时信息，它并没有权限。


您可能需要升级到一个托管服务，以便在提升的上下文中运行并执行这项工作。


此外，你验证了该密码是正确的？如果它不要求输入密码，你至少得的String.Empty传递给构造函数。一个NULL值传递也将导致此异常。

Azure Websites run in a shared environment. I am assuming that the constructor for the certificate is attempting to create some temporary information on the instance and it does not have permission to.

You may have to upgrade to a hosted service in order to run in an elevated context and perform this work.

Also, have you validated that the password is correct? If it doesn't require a password, you at least have to pass string.Empty to the constructor. Passing in a NULL value would also cause this exception.

这篇关于网站在Azure的网站失败X509Certificate2的处理的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！