Error getting X509Certificate2.PrivateKey in Azure AppService

Question

Few hours ago, I thought it was an RSACryptoServiceProvider casting error.

But I attach the debuger to Azure AppService WebSite and I found out that the PrivateKey has an issue:

And if run the same certificate, but in localhost private key works well:

Exception Detail, when I tried to get certificate.PrivateKey property: System.Security.Cryptography.CryptographicException: Invalid provider type specified. at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer) at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle) at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair() at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize) at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()

And when I tried certificate.GetRSAPrivateKey() method:

System.Security.Cryptography.CryptographicException: Invalid provider type specified.
   at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
   at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
   at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
   at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)
   at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()
   at System.Security.Cryptography.X509Certificates.RSACertificateExtensions.GetRSAPrivateKey(X509Certificate2 certificate)

The way I initialize the Certificate is this one:

public X509Certificate2 GetCertificate(byte[] pBytes,string pPassword)
{
        X509Certificate2 vCertificate = null;
        try
        {
            vCertificate = new X509Certificate2(pBytes,pPassword);
        }
        catch(Exception ex)
        {
            throw ex
        }
        return vCertificate
}

.Net Version Framework is v4.7

So should I need to configure something in the Azure configuration? Any clue?

Dont think this is a duplicate of: "Invalid provider type specified" CryptographicException when trying to load private key of certificate

It looks like is a Azure restriction, configuration or something like that.

I think you wont have access to that WinAPi due to how Web Apps are architected. — 4c74356b41, Oct 05 '18 at 18:52
You need to use cert.GetRSAPrivateKey() (https://stackoverflow.com/questions/22581811/invalid-provider-type-specified-cryptographicexception-when-trying-to-load-pri/52654804#52654804) — bartonjs, Oct 05 '18 at 19:11
Possible duplicate of ["Invalid provider type specified" CryptographicException when trying to load private key of certificate](https://stackoverflow.com/questions/22581811/invalid-provider-type-specified-cryptographicexception-when-trying-to-load-pri) — bartonjs, Oct 05 '18 at 19:12
using cert.GetRSAPrivateKey(), I got the same error : System.Security.Cryptography.CryptographicException: Invalid provider type specified — Arquitecto, Oct 05 '18 at 19:20
@Arquitecto That's definitely not expected. If you're getting an exception from GetRSAPrivateKey please share the code you have and an exception stacktrace. — bartonjs, Oct 05 '18 at 20:38
@bartonjs I updated the post. Is a very weird behavior, Im thinking to change the server service type to see what happens. — Arquitecto, Oct 06 '18 at 19:08
I changed from Azure to smarterasp.net as a hosting provider and the error is gone. Definetly is an Azure configuration error. I hope no one need to pass thought this, an entire waste of time. — Arquitecto, Oct 09 '18 at 21:12
Fuck Azure. I have the same issue and I didn't 6 months ago. @Arquitecto — sports, Mar 25 '19 at 21:28
@bartonjs - I have the same problem on Azure, the same code perfectly works fine on my machine, but it doesn't work on Azure App service. — m_d_p29, May 01 '19 at 01:45

Error getting X509Certificate2.PrivateKey in Azure AppService

0 Answers0