Certificate privatekey throwing WindowsCryptographicException on ASP.Net Core

Question

I recently rewrote my application from ASP.Net to ASP.Net Core and since then, reading the private key of a cert fails for me.

This is the code doing that:

public static byte[] DecryptWithCert([NotNull] X509Certificate2 cert, byte[] payload)
{
    using (var rsaPrivateKey = cert.GetRSAPrivateKey())
    {
        return rsaPrivateKey.Decrypt(payload, RSAEncryptionPadding.OaepSHA256);
    }
}

The certificate definitely has a privatekey, as even the cert object shows that. However, reading it turns out to throw this exception:

cert.PrivateKey' threw an exception of type 'Internal.Cryptography.CryptoThrowHelper.WindowsCryptographicException

The exception message say:

Keyset couldn't be found

What could be the problem here?

EDIT:

It seems like the problem might be due to ASP.Net Core not running through IIS and possibly missing permissions for accessing that certificates private key now.

I just tested it with a small console app, that one is able to get the PK so the certificate ain't broken.

However, I don't really know what User I would have to add to the permissions to make my Kestrel hosted app read that cert key.

Answer 1

Okay, I found the problem:

I just added "NETWORK SERVICE" in the certmgr -> All Tasks -> Manage Private keys to the users list.

My problem specifically was that in my initial approach before this post I tried this as well, but somehow Windows still wanted me to type that User in german, given that I recently switched from german to english OS. So it was apparently just a problem regarding the proper naming here.