网站在Azure的网站失败X509Certificate2的处理 [英] Site in Azure Websites fails processing of X509Certificate2
问题描述
我在Azure的网站网站(而不是托管服务),我需要处理的.pfx用私钥有证书。
I have site in Azure Websites (not Hosted Service) and I need processing .pfx certificates with private key there.
var x509Certificate2 = new X509Certificate2(certificate, password);
不过,我面临着如下异常:
But I was faced with follow exception:
System.Security.Cryptography.CryptographicException: The system cannot find the file specified.
at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
at System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromBlob(Byte[] rawData, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx)
at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromBlob(Byte[] rawData, Object password, X509KeyStorageFlags keyStorageFlags)
at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(Byte[] rawData, String password, X509KeyStorageFlags keyStorageFlags)
at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(Byte[] rawData, String password, X509KeyStorageFlags keyStorageFlags)
在文章<一个href=\"http://blog.tylerdoerksen.com/2013/08/23/pfx-certificate-files-and-windows-azure-websites/\">http://blog.tylerdoerksen.com/2013/08/23/pfx-certificate-files-and-windows-azure-websites/我已发现,它是因为通过默认,系统使用的用户的本地目录来存储密钥。但Azure的网站没有任何本地用户配置文件目录。在同一篇文章的作者建议使用 X509KeyStorageFlags.MachineKeySet
标记。
In article http://blog.tylerdoerksen.com/2013/08/23/pfx-certificate-files-and-windows-azure-websites/ I have found that it happens because by default the system uses a local directory of user to store the key. But Azure Websites have no local user profile directory. In the same article author propose to use X509KeyStorageFlags.MachineKeySet
flag.
var x509Certificate2 = new X509Certificate2(certificate, password, X509KeyStorageFlags.MachineKeySet);
但现在我有其他异常:
But now I have other exception:
System.Security.Cryptography.CryptographicException: Access denied.
at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
at System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromBlob(Byte[] rawData, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx)
at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromBlob(Byte[] rawData, Object password, X509KeyStorageFlags keyStorageFlags)
at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(Byte[] rawData, String password, X509KeyStorageFlags keyStorageFlags)
at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(Byte[] rawData, String password, X509KeyStorageFlags keyStorageFlags)
任何人可以帮助我了解为什么会发生,以及如何解决它?
Can anybody help me to understand why it happens and how to fix it?
推荐答案
在一个共享的环境中运行Azure的网站。我假设证书的构造函数试图创建实例上的一些临时信息,它并没有权限。
您可能需要升级到一个托管服务,以便在提升的上下文中运行并执行这项工作。
此外,你验证了该密码是正确的?如果它不要求输入密码,你至少得的String.Empty传递给构造函数。一个NULL值传递也将导致此异常。
Azure Websites run in a shared environment. I am assuming that the constructor for the certificate is attempting to create some temporary information on the instance and it does not have permission to.
You may have to upgrade to a hosted service in order to run in an elevated context and perform this work.
Also, have you validated that the password is correct? If it doesn't require a password, you at least have to pass string.Empty to the constructor. Passing in a NULL value would also cause this exception.
这篇关于网站在Azure的网站失败X509Certificate2的处理的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!