Databases
StackOverflow2013
Postsdbo
POWhy does X509Certificate2 sometimes fail to create from a blob?
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POWhy does X509Certificate2 sometimes fail to create from a blob?
    text
    copied!<p>I have an ASP.NET web service which is receiving a byte array representing the contents of a <code>.pfx</code> file containing an X.509 certificate. The server-side code is using the <code>System.Security.Cryptography.X509Certificate2</code> constructor to load the certificate from the bytes:</p> <pre><code>X509Certificate2 native_cert = new X509Certificate2( pkcs12_buf /*byte array*/, password, X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable ); </code></pre> <p>Depending on who my service process is running as, this call will either succeed, or fail with an "internal error" exception. The last call on the exception stack is to <code>X509Utils._LoadCertFromBlob</code>, which is unmanaged code in <code>mscore.dll</code>.</p> <p>This code succeeds when run from a console application in an interactive login using the service account's credentials. It fails when running under <code>w3wp.exe</code> in an application pool that uses the service account's credentials. Changing the app pool identity to an administrator fixes the problem, so it must be a privilege issue, but I have no idea what privilege could be necessary for this. The code does not touch either the filesystem or the Windows certificate stores.</p> <p><strong>[UPDATE: More Info]</strong><br> This error appears in the Windows Event Log:</p> <pre><code>*Cryptographic Parameters:* **Provider Name:** Microsoft Software Key Storage Provider **Algorithm Name:** Not Available. **Key Name:** {E182E13B-166D-472A-A24A-CBEF0808E9ED} **Key Type:** User key. *Cryptographic Operation:* **Operation:** Open Key. **Return Code:** 0x2 </code></pre> <p>Any ideas?</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload