Edmund
01-03-2009, 02:17 AM
Hello,
I have seen similar posts here using the Cryptography Library in .Net. So I guess mine is similar i.e. something to do with access permissions. However the solutions do not apply as I am using a different Cryptography Class.
Basically I am trying to storetwo Certificates, one for the Server and one for the Client to provide the default username/password encryption in WCF wsHttp binding. The usual way is to use a Certificate Store, which is relatively easy to do in WCF. However I couldnot see how I can access the Certificate Stores to add in my certificates, so I decided that I could save the Public (.cer) and Private(.pfx) certs in the file system on the App_data folder. I found an exampleat http://www.codeproject.com/KB/WCF/wcfcertificates.aspxto load these files and use them. Thisworks fine on my Local IIS 7server but does not work when I publish it. I have a few Websites on DiscountASP, so I have tried it on IIS 6 and IIS 7 Servers and I get different errors. On IIS 6, the error is "CryptographicException: The system cannot find the file specified", whereas on IIS7 it is "CryptographicException: The specified network password is not correct.", itbreaks in the exact same place - see the trace output below. I have checked to make sure the pfx file exists, by inserting a try/catch block and know the error is on the line "return new X509Certificate2(fullPath, password)" - fullpath is verified, so it must be a permissionexception with the X509Certification2 initialisation.
Please can you tell me the best way to handle deployed Certs in WCF and .Net 3.5?
Output trace from error;
IIS 7 Server **********************************************
[CryptographicException: The specified network password is not correct.
]
System.Security.Cryptography.CryptographicExceptio n.ThrowCryptogaphicException(Int32 hr) +33
System.Security.Cryptography.X509Certificates.X509 Utils._LoadCertFromFile(String fileName, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx) +0
System.Security.Cryptography.X509Certificates.X509 Certificate.LoadCertificateFromFile(String fileName, Object password, X509KeyStorageFlags keyStorageFlags) +237
System.Security.Cryptography.X509Certificates.X509 Certificate2..ctor(String fileName, String password) +131
DevAge.ServiceModel.CertificateHelper.LoadFromFile (String file) in E:\testprojects\samples\WCFCertificates\DevAge.Ser viceModel\CertificateHelper.cs:39
DevAge.ServiceModel.Configuration.ServiceElement.G etServerCertificate() in E:\testprojects\samples\WCFCertificates\DevAge.Ser viceModel\Configuration\ServiceCollection.cs:47
DevAge.ServiceModel.CertificateServiceHost.ApplyCo nfiguration() in E:\testprojects\samples\WCFCertificates\DevAge.Ser viceModel\CertificateServiceHost.cs:37
System.ServiceModel.ServiceHostBase.InitializeDesc ription(UriSchemeKeyedCollection baseAddresses) +190
System.ServiceModel.ServiceHost.InitializeDescript ion(Type serviceType, UriSchemeKeyedCollection baseAddresses) +32
System.ServiceModel.ServiceHost..ctor(Type serviceType, Uri[] baseAddresses) +139
DevAge.ServiceModel.CertificateServiceHost..ctor(T ype serviceType, Uri[] baseAddresses) in E:\testprojects\samples\WCFCertificates\DevAge.Ser viceModel\CertificateServiceHost.cs:18
DevAge.ServiceModel.CertificateServiceHostFactory. CreateServiceHost(Type serviceType, Uri[] baseAddresses) in E:\testprojects\samples\WCFCertificates\DevAge.Ser viceModel\CertificateServiceHostFactory.cs:26
System.ServiceModel.Activation.ServiceHostFactory. CreateServiceHost(String constructorString, Uri[] baseAddresses) +331
System.ServiceModel.HostingManager.CreateService(S tring normalizedVirtualPath) +11656060
System.ServiceModel.HostingManager.ActivateService (String normalizedVirtualPath) +42
System.ServiceModel.HostingManager.EnsureServiceAv ailable(String normalizedVirtualPath) +479
[ServiceActivationException: The service '/Test/MathService.svc' cannot be activated due to an exception during compilation. The exception message is: The specified network password is not correct.
.]
System.ServiceModel.AsyncResult.End(IAsyncResult result) +11527194
System.ServiceModel.Activation.HostedHttpRequestAs yncResult.End(IAsyncResult result) +194
System.ServiceModel.Activation.HostedHttpRequestAs yncResult.ExecuteSynchronous(HttpApplication context, Boolean flowContext) +176
System.ServiceModel.Activation.HttpModule.ProcessR equest(Object sender, EventArgs e) +278
System.Web.SyncEventExecutionStep.System.Web.HttpA pplication.IExecutionStep.Execute() +68
System.Web.HttpApplication.ExecuteStep(IExecutionS tep step, Boolean& completedSynchronously) +75
IIS6 Server **********************************************
[CryptographicException: The system cannot find the file specified.
]
System.Security.Cryptography.CryptographicExceptio n.ThrowCryptogaphicException(Int32 hr) +33
System.Security.Cryptography.X509Certificates.X509 Utils._LoadCertFromFile(String fileName, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx) +0
System.Security.Cryptography.X509Certificates.X509 Certificate.LoadCertificateFromFile(String fileName, Object password, X509KeyStorageFlags keyStorageFlags) +237
System.Security.Cryptography.X509Certificates.X509 Certificate2..ctor(String fileName, String password) +131
DevAge.ServiceModel.CertificateHelper.LoadFromFile (String file) in E:\testprojects\samples\WCFCertificates\DevAge.Ser viceModel\CertificateHelper.cs:39
DevAge.ServiceModel.Configuration.ServiceElement.G etServerCertificate() in E:\testprojects\samples\WCFCertificates\DevAge.Ser viceModel\Configuration\ServiceCollection.cs:47
DevAge.ServiceModel.CertificateServiceHost.ApplyCo nfiguration() in E:\testprojects\samples\WCFCertificates\DevAge.Ser viceModel\CertificateServiceHost.cs:37
System.ServiceModel.ServiceHostBase.InitializeDesc ription(UriSchemeKeyedCollection baseAddresses) +190
System.ServiceModel.ServiceHost.InitializeDescript ion(Type serviceType, UriSchemeKeyedCollection baseAddresses) +32
System.ServiceModel.ServiceHost..ctor(Type serviceType, Uri[] baseAddresses) +139
DevAge.ServiceModel.CertificateServiceHost..ctor(T ype serviceType, Uri[] baseAddresses) in E:\testprojects\samples\WCFCertificates\DevAge.Ser viceModel\CertificateServiceHost.cs:18
DevAge.ServiceModel.CertificateServiceHostFactory. CreateServiceHost(Type serviceType, Uri[] baseAddresses) in E:\testprojects\samples\WCFCertificates\DevAge.Ser viceModel\CertificateServiceHostFactory.cs:26
System.ServiceModel.Activation.ServiceHostFactory. CreateServiceHost(String constructorString, Uri[] baseAddresses) +331
System.ServiceModel.HostingManager.CreateService(S tring normalizedVirtualPath) +11656092
System.ServiceModel.HostingManager.ActivateService (String normalizedVirtualPath) +42
System.ServiceModel.HostingManager.EnsureServiceAv ailable(String normalizedVirtualPath) +479
[ServiceActivationException: The service '/MathService.svc' cannot be activated due to an exception during compilation. The exception message is: The system cannot find the file specified.
.]
System.ServiceModel.AsyncResult.End(IAsyncResult result) +11527290
System.ServiceModel.Activation.HostedHttpRequestAs yncResult.End(IAsyncResult result) +194
System.ServiceModel.Activation.HostedHttpRequestAs yncResult.ExecuteSynchronous(HttpApplication context, Boolean flowContext) +176
System.ServiceModel.Activation.HttpModule.ProcessR equest(Object sender, EventArgs e) +278
System.Web.SyncEventExecutionStep.System.Web.HttpA pplication.IExecutionStep.Execute() +68
System.Web.HttpApplication.ExecuteStep(IExecutionS tep step, Boolean& completedSynchronously) +75
I have seen similar posts here using the Cryptography Library in .Net. So I guess mine is similar i.e. something to do with access permissions. However the solutions do not apply as I am using a different Cryptography Class.
Basically I am trying to storetwo Certificates, one for the Server and one for the Client to provide the default username/password encryption in WCF wsHttp binding. The usual way is to use a Certificate Store, which is relatively easy to do in WCF. However I couldnot see how I can access the Certificate Stores to add in my certificates, so I decided that I could save the Public (.cer) and Private(.pfx) certs in the file system on the App_data folder. I found an exampleat http://www.codeproject.com/KB/WCF/wcfcertificates.aspxto load these files and use them. Thisworks fine on my Local IIS 7server but does not work when I publish it. I have a few Websites on DiscountASP, so I have tried it on IIS 6 and IIS 7 Servers and I get different errors. On IIS 6, the error is "CryptographicException: The system cannot find the file specified", whereas on IIS7 it is "CryptographicException: The specified network password is not correct.", itbreaks in the exact same place - see the trace output below. I have checked to make sure the pfx file exists, by inserting a try/catch block and know the error is on the line "return new X509Certificate2(fullPath, password)" - fullpath is verified, so it must be a permissionexception with the X509Certification2 initialisation.
Please can you tell me the best way to handle deployed Certs in WCF and .Net 3.5?
Output trace from error;
IIS 7 Server **********************************************
[CryptographicException: The specified network password is not correct.
]
System.Security.Cryptography.CryptographicExceptio n.ThrowCryptogaphicException(Int32 hr) +33
System.Security.Cryptography.X509Certificates.X509 Utils._LoadCertFromFile(String fileName, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx) +0
System.Security.Cryptography.X509Certificates.X509 Certificate.LoadCertificateFromFile(String fileName, Object password, X509KeyStorageFlags keyStorageFlags) +237
System.Security.Cryptography.X509Certificates.X509 Certificate2..ctor(String fileName, String password) +131
DevAge.ServiceModel.CertificateHelper.LoadFromFile (String file) in E:\testprojects\samples\WCFCertificates\DevAge.Ser viceModel\CertificateHelper.cs:39
DevAge.ServiceModel.Configuration.ServiceElement.G etServerCertificate() in E:\testprojects\samples\WCFCertificates\DevAge.Ser viceModel\Configuration\ServiceCollection.cs:47
DevAge.ServiceModel.CertificateServiceHost.ApplyCo nfiguration() in E:\testprojects\samples\WCFCertificates\DevAge.Ser viceModel\CertificateServiceHost.cs:37
System.ServiceModel.ServiceHostBase.InitializeDesc ription(UriSchemeKeyedCollection baseAddresses) +190
System.ServiceModel.ServiceHost.InitializeDescript ion(Type serviceType, UriSchemeKeyedCollection baseAddresses) +32
System.ServiceModel.ServiceHost..ctor(Type serviceType, Uri[] baseAddresses) +139
DevAge.ServiceModel.CertificateServiceHost..ctor(T ype serviceType, Uri[] baseAddresses) in E:\testprojects\samples\WCFCertificates\DevAge.Ser viceModel\CertificateServiceHost.cs:18
DevAge.ServiceModel.CertificateServiceHostFactory. CreateServiceHost(Type serviceType, Uri[] baseAddresses) in E:\testprojects\samples\WCFCertificates\DevAge.Ser viceModel\CertificateServiceHostFactory.cs:26
System.ServiceModel.Activation.ServiceHostFactory. CreateServiceHost(String constructorString, Uri[] baseAddresses) +331
System.ServiceModel.HostingManager.CreateService(S tring normalizedVirtualPath) +11656060
System.ServiceModel.HostingManager.ActivateService (String normalizedVirtualPath) +42
System.ServiceModel.HostingManager.EnsureServiceAv ailable(String normalizedVirtualPath) +479
[ServiceActivationException: The service '/Test/MathService.svc' cannot be activated due to an exception during compilation. The exception message is: The specified network password is not correct.
.]
System.ServiceModel.AsyncResult.End(IAsyncResult result) +11527194
System.ServiceModel.Activation.HostedHttpRequestAs yncResult.End(IAsyncResult result) +194
System.ServiceModel.Activation.HostedHttpRequestAs yncResult.ExecuteSynchronous(HttpApplication context, Boolean flowContext) +176
System.ServiceModel.Activation.HttpModule.ProcessR equest(Object sender, EventArgs e) +278
System.Web.SyncEventExecutionStep.System.Web.HttpA pplication.IExecutionStep.Execute() +68
System.Web.HttpApplication.ExecuteStep(IExecutionS tep step, Boolean& completedSynchronously) +75
IIS6 Server **********************************************
[CryptographicException: The system cannot find the file specified.
]
System.Security.Cryptography.CryptographicExceptio n.ThrowCryptogaphicException(Int32 hr) +33
System.Security.Cryptography.X509Certificates.X509 Utils._LoadCertFromFile(String fileName, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx) +0
System.Security.Cryptography.X509Certificates.X509 Certificate.LoadCertificateFromFile(String fileName, Object password, X509KeyStorageFlags keyStorageFlags) +237
System.Security.Cryptography.X509Certificates.X509 Certificate2..ctor(String fileName, String password) +131
DevAge.ServiceModel.CertificateHelper.LoadFromFile (String file) in E:\testprojects\samples\WCFCertificates\DevAge.Ser viceModel\CertificateHelper.cs:39
DevAge.ServiceModel.Configuration.ServiceElement.G etServerCertificate() in E:\testprojects\samples\WCFCertificates\DevAge.Ser viceModel\Configuration\ServiceCollection.cs:47
DevAge.ServiceModel.CertificateServiceHost.ApplyCo nfiguration() in E:\testprojects\samples\WCFCertificates\DevAge.Ser viceModel\CertificateServiceHost.cs:37
System.ServiceModel.ServiceHostBase.InitializeDesc ription(UriSchemeKeyedCollection baseAddresses) +190
System.ServiceModel.ServiceHost.InitializeDescript ion(Type serviceType, UriSchemeKeyedCollection baseAddresses) +32
System.ServiceModel.ServiceHost..ctor(Type serviceType, Uri[] baseAddresses) +139
DevAge.ServiceModel.CertificateServiceHost..ctor(T ype serviceType, Uri[] baseAddresses) in E:\testprojects\samples\WCFCertificates\DevAge.Ser viceModel\CertificateServiceHost.cs:18
DevAge.ServiceModel.CertificateServiceHostFactory. CreateServiceHost(Type serviceType, Uri[] baseAddresses) in E:\testprojects\samples\WCFCertificates\DevAge.Ser viceModel\CertificateServiceHostFactory.cs:26
System.ServiceModel.Activation.ServiceHostFactory. CreateServiceHost(String constructorString, Uri[] baseAddresses) +331
System.ServiceModel.HostingManager.CreateService(S tring normalizedVirtualPath) +11656092
System.ServiceModel.HostingManager.ActivateService (String normalizedVirtualPath) +42
System.ServiceModel.HostingManager.EnsureServiceAv ailable(String normalizedVirtualPath) +479
[ServiceActivationException: The service '/MathService.svc' cannot be activated due to an exception during compilation. The exception message is: The system cannot find the file specified.
.]
System.ServiceModel.AsyncResult.End(IAsyncResult result) +11527290
System.ServiceModel.Activation.HostedHttpRequestAs yncResult.End(IAsyncResult result) +194
System.ServiceModel.Activation.HostedHttpRequestAs yncResult.ExecuteSynchronous(HttpApplication context, Boolean flowContext) +176
System.ServiceModel.Activation.HttpModule.ProcessR equest(Object sender, EventArgs e) +278
System.Web.SyncEventExecutionStep.System.Web.HttpA pplication.IExecutionStep.Execute() +68
System.Web.HttpApplication.ExecuteStep(IExecutionS tep step, Boolean& completedSynchronously) +75