3

I have an ASP.NET MVC 3 application that relies on the user of certificates. When I run the application, I receive an error that says:

Configuration Error 
Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately. 

Parser Error Message: ID1024: The configuration property value is not valid.
Property name: 'serviceCertificate'
Error: 'ID1001: The certificate does not have an associated private key.
Thumbprint: '[ID]''

Source Error: 


Line 278:
Line 279:  <microsoft.identityModel>
Line 280:    <service>
Line 281:      <audienceUris>
Line 282:        <!--<environment name="DEV">-->

ID is actually a full-blown thumbprint. What am I doing wrong? How do I fix this? I suspect that my certificate is not setup properly. However, I'm not sure if this is true, or how to even check. Thank you!

Improve this question

1 Answer 1

Reset to default
3

I was able to resolve this issue by doing the following Hope this helps. 

        public static System.Security.Cryptography.X509Certificates.StoreName StoreName
        {
            get
            {
                StoreName storeName = StoreName.My;
                if (WebConfigurationManager.AppSettings[SigningStoreName] != null)
                    storeName = (StoreName)Enum.Parse(typeof(StoreName), WebConfigurationManager.AppSettings[SigningStoreName]);

                return storeName;
            }
        }

        public static System.Security.Cryptography.X509Certificates.StoreLocation StoreLocation
        {
            get
            {
                StoreLocation storeLocation = StoreLocation.CurrentUser;
                if (WebConfigurationManager.AppSettings[SigningStoreLocation] != null)
                    storeLocation = (StoreLocation)Enum.Parse(typeof(StoreLocation), WebConfigurationManager.AppSettings[SigningStoreLocation]);

                return storeLocation;
            }
        }

        public static SigningCredentials GetSigningCredentials()
        {
            X509Certificate2 cert = CertificateUtil.GetCertificate(StoreName, StoreLocation, WebConfigurationManager.AppSettings[Common.SigningSubjectNameOrThumbprint]);
            string signatureAlgorithm = "http://www.w3.org/2000/09/xmldsig#rsa-sha1"
                    , digestAlgorithm = "http://www.w3.org/2000/09/xmldsig#sha1";

            RSACryptoServiceProvider rsa = cert.PrivateKey as RSACryptoServiceProvider;
            if (rsa == null) rsa = RSA.Create() as RSACryptoServiceProvider;

            RsaSecurityKey rsaKey = new RsaSecurityKey(rsa);
            RsaKeyIdentifierClause rsaClause = new RsaKeyIdentifierClause(rsa);
            SecurityKeyIdentifier signingSki = new SecurityKeyIdentifier(new SecurityKeyIdentifierClause[] { rsaClause });
            SigningCredentials signingCredentials = new SigningCredentials(rsaKey, signatureAlgorithm, digestAlgorithm, signingSki);

            return signingCredentials;
        }

    public static X509Certificate2 GetCertificate(StoreName name, StoreLocation location, string subjectNameOrThumbprint)
    {
        X509Store store = new X509Store(name, location);
        X509Certificate2Collection certificates = null;
        store.Open(OpenFlags.ReadOnly);

        try
        {
            X509Certificate2 result = null;

            certificates = store.Certificates;

            if (certificates != null && certificates.Count > 0)
            {
                result = (from X509Certificate2 cert in certificates
                          where !string.IsNullOrWhiteSpace(cert.Thumbprint)
                          && cert.Thumbprint.ToLower().Replace(" ", "") == subjectNameOrThumbprint.ToLower().Replace(" ", "")
                          select cert
                        ).FirstOrDefault();

                if (result == null)
                    result = (from X509Certificate2 cert in certificates
                              where cert.SubjectName != null
                              && cert.SubjectName.Name.ToLower().Replace(" ", "") == subjectNameOrThumbprint.ToLower().Replace(" ", "")
                              select cert
                              ).FirstOrDefault();
            }

            string errMsg = string.Format("{0} - {1} in {2}", name.ToString(), subjectNameOrThumbprint, location.ToString());

            if (result == null)
                throw new ApplicationException(string.Format("No certificate was found for {0} ", errMsg));
            else if (result.Verify() == false)
                throw new ApplicationException(string.Format("Unable to verify certificate for {0}", errMsg));

            return result;
        }
        finally
        {
            store.Close();
        }
    }
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.