我的开发机器中有一个 WCF 客户端,需要证书并且工作正常。
部署到生产服务器后,我收到以下错误:
[CryptographicException: The specified network password is not correct.]
开发 - Win7 32BIT IIS 7.5
生产 - Win 服务器 64 位 2008 IIS 7.5
即使网络之间没有密码,也没有证书密码。 (我知道,因为开发人员无需密码即可工作)。 我拥有的唯一密码是与 DEV 相同的 WCF 密码。
CrmServiceClient crm = new CrmServiceClient("CrmServiceEndpoint");
crm.ClientCredentials.UserName.UserName = CrmConfigRepository.CrmUserName;//fine
crm.ClientCredentials.UserName.Password = CrmConfigRepository.CrmPassword;//fine
crm.ClientCredentials.ClientCertificate.Certificate = new X509Certificate2(Path);
///THIS WONT WORK AS WELL
crm.ClientCredentials.ClientCertificate.Certificate = new X509Certificate2(Path, "", X509KeyStorageFlags.Exportable);
这是完整的堆栈
[CryptographicException: The specified network password is not correct. ]
System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr) +41
System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromFile(String fileName, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx) +0
System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromFile(String fileName, Object password, X509KeyStorageFlags keyStorageFlags) +372
System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName) +101
Externals.CrmConnection.Get() in C:\Users\avi\Documents\Visual Studio 2010\Projects\ExpressBroker\Externals\CrmConnection.cs:31
ExpressBroker.Models.ActionsMetadata.Handlers.LeadAccountHandler.Handle(BrokerAction brokerAction, ActionStep step, Dictionary`2 httpPostDataCollection) in C:\Users\avi\Documents\Visual Studio 2010\Projects\ExpressBroker\ExpressBroker\Models\ActionsMetadata\Handlers\LeadAccountHandler.cs:45
ExpressBroker.Models.ActionsMetadata.Handlers.BaseStepHandler.SecuredHandle(BrokerAction brokerAction, ActionStep step, Dictionary`2 httpPostDataCollection) in C:\Users\avi\Documents\Visual Studio 2010\Projects\ExpressBroker\ExpressBroker\Models\ActionsMetadata\Handlers\BaseStepHandler.cs:49
ExpressBroker.Models.ActionsMetadata.Handlers.HandlerInvoker.Invoke(BrokerAction brokerAction, ActionStep actionStep, Dictionary`2 stepValues) in C:\Users\avi\Documents\Visual Studio 2010\Projects\ExpressBroker\ExpressBroker\Models\ActionsMetadata\Handlers\StepServerInoker.cs:29
ExpressBroker.Controllers.LeadAccountController.Register(String step) in C:\Users\avi\Documents\Visual Studio 2010\Projects\ExpressBroker\ExpressBroker\Controllers\LeadAccountController.cs:28
lambda_method(Closure , ControllerBase , Object[] ) +127
System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters) +264
System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters) +39
System.Web.Mvc.<>c__DisplayClass15.<InvokeActionMethodWithFilters>b__12() +129
System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilter filter, ActionExecutingContext preContext, Func`1 continuation) +784922
System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodWithFilters(ControllerContext controllerContext, IList`1 filters, ActionDescriptor actionDescriptor, IDictionary`2 parameters) +314
System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName) +784976
System.Web.Mvc.Controller.ExecuteCore() +159
System.Web.Mvc.ControllerBase.Execute(RequestContext requestContext) +335
System.Web.Mvc.<>c__DisplayClassb.<BeginProcessRequest>b__5() +62
System.Web.Mvc.Async.<>c__DisplayClass1.<MakeVoidDelegate>b__0() +20
System.Web.Mvc.<>c__DisplayClasse.<EndProcessRequest>b__d() +54
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +453
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +371
谢谢
试试这个:
new X509Certificate2(Path, "", X509KeyStorageFlags.MachineKeySet);
X509Certificate2 构造函数似乎尝试访问本地用户的私钥存储(即使加载 PFX 并且私钥位于 PFX 中)。对于 asp.net,通常不会加载用户配置文件,因此用户密钥存储区不存在。指定 MachineKeySet 告诉构造函数查看始终存在的本地计算机密钥存储。
我也遇到了 pfx 文件的问题,问题是,它是使用 AES256-SHA256 加密导出的,这引发了与问题中相同的异常。根据 this,AES256-SHA256 仅在 Windows 10 1703、Windows Server 2016 及更高版本上受支持。 更改为 TripleDES-SHA1“解决”了该问题。
我也遇到了 PFX 文件的问题,问题是这样的:
使用
AES256-SHA256
加密(使用 Windows 11 PC)导出,当在我的服务器上使用 PFX 时,它引发了与问题中相同的异常。这发生在我的 C# .Net 4.7 应用程序中,该应用程序在 Windows Server 2016 上运行。将导出更改为 TripleDES-SHA1
“解决”了该问题。显然 Windows Server 2016 不支持 AES256-SHA256
,但较新的版本支持。
我在 PFX 证书文件中遇到了这个问题,该文件设置了 40 个字符的密码,Windows 允许我导出并导入它,但它无法在 C# 代码中使用,因此我更改为 30 个字符的密码并它有效。
需要做两件事来解决这个问题。
将 AppPool 标识从本地设置更改为本地系统标识。
然后您需要将证书.p12/.pfx从AES256-SHA256转换为TripleDES-SHA1,因为IIS 2016不支持AES256-SHA256。这是转换它的方法。
` 公共静态无效ExportWithTripleDESSHA1(字符串inputCertPath,字符串inputPassword,字符串outputCertPath,字符串outputPassword){
// Validate the output path to make sure you have permissions
string directory = Path.GetDirectoryName(outputCertPath);
if (!Directory.Exists(directory))
{
Directory.CreateDirectory(directory);
}
X509Certificate2 cert = new X509Certificate2(inputCertPath, inputPassword, X509KeyStorageFlags.Exportable);
if (cert.HasPrivateKey)
{
AsymmetricKeyParameter privateKey = DotNetUtilities.GetKeyPair(cert.PrivateKey).Private;
X509CertificateEntry[] chain = new X509CertificateEntry[1];
chain[0] = new X509CertificateEntry(DotNetUtilities.FromX509Certificate(cert));
Pkcs12Store store = new Pkcs12Store();
store.SetKeyEntry("scbprivateKey.pem", new AsymmetricKeyEntry(privateKey), chain);
using (MemoryStream pfxStream = new MemoryStream())
{
store.Save(pfxStream, outputPassword.ToCharArray(), new SecureRandom());
File.WriteAllBytes(outputCertPath, pfxStream.ToArray());
}
}
else
{
Console.WriteLine("The certificate does not have a private key.");
}`