CngKey System.Security.Cryptography.CryptographicException The system cannot find the file specified on Azure

Question

I try to generate key from this code

CngKey key = CngKey.Import(Convert.FromBase64String(privateKey), CngKeyBlobFormat.Pkcs8PrivateBlob);

it works fine locally but when I deploy in my Azure app service. it gives me this error:

System.Security.Cryptography.CryptographicException: The system cannot find the file specified. at System.Security.Cryptography.NCryptNative.ImportKey(SafeNCryptProviderHandle provider, Byte[] keyBlob, String format) at System.Security.Cryptography.CngKey.Import(Byte[] keyBlob, String curveName, CngKeyBlobFormat format, CngProvider provider)

I add WEBSITE_LOAD_USER_PROFILE In Configuration with value '1' but it didn't make any difference.

Thanks

Did you publish the application? c# code will only work on another machine if the same version of net is installed (including updates) on both the build and deploy machine. If you don't have same version then you must publish. — jdweng, Feb 25 '21 at 13:02
Are there any dll files where the where the executable is in the bin folder. You may need to add the dll on the deploy machine where the exe file is located. — jdweng, Feb 26 '21 at 19:18
it a web application, I have a build machine deploy the package on the azure app service — adelahmed, Feb 26 '21 at 20:11

score 3 · Answer 1 · edited Apr 03 '21 at 04:02

3

If WEBSITE_LOAD_USER_PROFILE = 1 does not work for you. Here is a workaround for this same issue:

Open your Azure App Service (Azure Website) blade in portal.azure.com
Go to the Application settings page
Scroll to App settings
Add a new entry key: WEBSITE_LOAD_CERTIFICATES, and provide a dummy (fake, made-up, randomly-generated) value for it.

Check out the below links for the similar issue for reference:

edited Apr 03 '21 at 04:02

Nimantha

6,405
6
28
69

answered Mar 02 '21 at 17:56

Harshita Singh

4,590
1
10
13

the issue was that the app service pricing plan was free when I upgrade it to basic it works fine. Free plan you have a shared VM but start from basic plan you have your own VM – adelahmed Mar 03 '21 at 10:01

score 2 · Answer 2 · answered Dec 29 '21 at 07:24

2

This issue is not only on Azure, I had the same issue on my VPS as well and this answer save my life:

X509Certificate Constructor Exception

Cheers, Nick

answered Dec 29 '21 at 07:24

Nick Hoàng

417
2
6

score 1 · Accepted Answer · answered Mar 03 '21 at 10:07

1

I upgraded the plan service from free to basic with adding WEBSITE_LOAD_USER_PROFILE = 1 in Azure Configuration.

The issue was when the app service was free it use a shared VM but when upgrading my app service pricing into basic it use a private VM.

answered Mar 03 '21 at 10:07

adelahmed

47
5

score 0 · Answer 4 · answered Oct 28 '22 at 16:15

I have spent around 4 days looking for this also. I have found out another reason. When you run VS as administrator, then you automatically get the privileges to read something called "cert user store". However if you run it on another machine or some hosting, where you do not have full privileges, then you might run into this issue as well.

Hope this helps as well.

CngKey System.Security.Cryptography.CryptographicException The system cannot find the file specified on Azure

4 Answers4