Monday, August 7, 2017

System.Security.Cryptography.CryptographicException: Access denied. ( IIS and X509 Client Authentication Certificate )


 I'm using following code part to access a ReST API. I'm communicating with this API using a X509 client certificate.






In development site which I have IIS 10.0 its working without any issues. But after publishing on windows server 2012 R2 and using IIS 8.5 on windows server it's giving me following error.

System.Security.Cryptography.CryptographicException: Access denied.

This happened even if I gave full rights to the machine key folder.

Ok. Lets focus on  the solution.

First I added certificate to user key set from code instead of machine key folder.


var certificate = new X509Certificate2(objApiCertficate.CertificateData, this.strApiPassword, X509KeyStorageFlags.UserKeySet);
                    certHandler.ClientCertificates.Add(certificate);






Then you have to load user profile in your application pool.






Please restart IIS before test this. 


No comments:

Post a Comment