none
Can't use publish credentials on Azure Websites RRS feed

  • 質問

  • Whenever I get to this line of code:

    var certificate = new X509Certificate2(key, string.Empty, X509KeyStorageFlags.MachineKeySet);

    I get this error:

    [CryptographicException: Access denied.]
       System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr) +33
       System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromBlob(Byte[] rawData, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx) +0
       System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromBlob(Byte[] rawData, Object password, X509KeyStorageFlags keyStorageFlags) +184
       System.Security.Cryptography.X509Certificates.X509Certificate..ctor(Byte[] rawData, String password, X509KeyStorageFlags keyStorageFlags) +65
       System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(Byte[] rawData, String password, X509KeyStorageFlags keyStorageFlags) +61
       NovaPanel.AzureConfig.AzureConfigPreStart() +46

    This seems to be a permissions issue with Azure Websites... I've found the following threads all of which are saying it is possible but it isn't working for me:

    http://blog.tylerdoerksen.com/2013/08/23/pfx-certificate-files-and-windows-azure-websites/

    http://social.msdn.microsoft.com/Forums/windowsazure/en-US/201a4918-0fb5-48c0-914b-63f79fbce9d6/load-privately-created-p12-cert-from-azureblob-and-have-it-be-trusted?forum=windowsazurewebsitespreview

    http://social.msdn.microsoft.com/Forums/windowsazure/en-US/29b30f25-eea9-4e8e-8292-5ac8085fd42e/access-to-certificates-in-azure-web-sites?forum=windowsazurewebsitespreview

    Taking the advice in the first link to use the flag "X509KeyStorageFlags.MachineKeySet" stopped the "CryptographicException: The system cannot find the file specified" but now I get "CryptographicException: Access denied."

    I was also recommended on StackOverflow to change my Website from mode 'Free' to 'Standard' which has also had no effect.

    The error isn't from an empty password (String.Empty) as if I put any other string in there I get a more specific error saying that the password is incorrect.

    Link to my StackOverflow question: http://stackoverflow.com/questions/22030955/cant-create-new-schedules-from-azure-websites

    Does anybody have any other ideas? I don't want to shift from an Azure Website to a VM/Worker Role...

    2014年2月26日 20:46

回答

  • I ran into this recently. What I found is that it matters how you generate the cert. Initially, I was creating it based on the ManagementCertificate string in the publishsettings files, and couldn't get it working (though it was working on my local machine).

    Then I found that if I instead created a new self-signed cert (using inetmgr), and uploading it to Azure, then everything worked. The specific call I'm making is:

            _cert = new X509Certificate2(
                pfxPath,
                ConfigurationManager.AppSettings["pfxPassword"]);
    
    Note that I'm not passing any flags.

    • 回答としてマーク JaydenD 2014年2月27日 3:29
    2014年2月26日 23:22
    モデレータ

すべての返信

  • I ran into this recently. What I found is that it matters how you generate the cert. Initially, I was creating it based on the ManagementCertificate string in the publishsettings files, and couldn't get it working (though it was working on my local machine).

    Then I found that if I instead created a new self-signed cert (using inetmgr), and uploading it to Azure, then everything worked. The specific call I'm making is:

            _cert = new X509Certificate2(
                pfxPath,
                ConfigurationManager.AppSettings["pfxPassword"]);
    
    Note that I'm not passing any flags.

    • 回答としてマーク JaydenD 2014年2月27日 3:29
    2014年2月26日 23:22
    モデレータ
  • Thank you! That has fixed it... I wonder why we can't use the ManagementCertificate...
    2014年2月27日 3:32
  • I'd love to know myself :)
    2014年2月27日 4:24
    モデレータ