C# 再次指定了无效的提供程序类型
我已经看过这些问题及其答案: 第二个问题引用了这个博客 我怀疑证书颁发者有问题,但我可能错了 前言C# 再次指定了无效的提供程序类型,c#,visual-studio,authentication,iis,x509certificate,C#,Visual Studio,Authentication,Iis,X509certificate,我已经看过这些问题及其答案: 第二个问题引用了这个博客 我怀疑证书颁发者有问题,但我可能错了 前言 我是认证新手(你可以把它理解为白痴)。当前项目是将Visual Studio 2013.Net 4.5.1中编写的现有网站和web应用程序升级为Visual Studio 2017.Net 4.6.1版,以满足新message broker的要求 环境 Windows 10 Visual Studio 2017(15.8.1) IIS 10 微软SQL Server 2017 问题描述 用C
我是认证新手(你可以把它理解为白痴)。当前项目是将Visual Studio 2013.Net 4.5.1中编写的现有网站和web应用程序升级为Visual Studio 2017.Net 4.6.1版,以满足新message broker的要求 环境
Windows 10
Visual Studio 2017(15.8.1)
IIS 10
微软SQL Server 2017 问题描述
用C#编写的web服务器在身份验证期间抛出此错误
{"IDX10614: AsymmetricSecurityKey.GetSignatureFormater( 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256' ) threw an exception.
Key:
'System.IdentityModel.Tokens.X509AsymmetricSecurityKey'\nSignatureAlgorithm: 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256', check to make sure the SignatureAlgorithm is supported.\nException:'System.Security.Cryptography.CryptographicException: Invalid provider type specified.
at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)\r\n at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)
at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()
at System.IdentityModel.Tokens.X509AsymmetricSecurityKey.get_PrivateKey()\r\n at System.IdentityModel.Tokens.X509AsymmetricSecurityKey.GetSignatureFormatter(String algorithm)
at System.IdentityModel.Tokens.AsymmetricSignatureProvider..ctor(AsymmetricSecurityKey key, String algorithm, Boolean willCreateSignatures)'.
If you only need to verify signatures the parameter 'willBeUseForSigning' should be false if the private key is not be available."}
采取的步骤最初没有要检查的证书,这产生了另一个错误。
在以管理员身份运行的PowerShell中 新的自签名证书-主题“CN=XXXXXXXXXXXXCA”-DnsName“localhost”-FriendlyName“XXXXXXXXCA”-KeyUsage数字签名-KeyUsageProperty ALL-KeyAlgorithm RSA-KeyLength 2048-CertStoreLocation“Cert:\CurrentUser\My” 启动MMC 将创建的证书复制到本地个人计算机 将证书复制到本地计算机受信任的根证书颁发机构 将证书复制到本地计算机受信任的发布服务器 在IIS中启动网站 在Visual Studio 2017中运行Web服务器 使用高级REST客户端(ARC)从客户端向服务器发送登录请求 在Visual Studio 2017调试器中,在以下代码中浏览身份验证代码: 异常在return语句中抛出
public string GenerateToken(string email)
{
X509Store store = new X509Store(StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
var certs = store.Certificates;
X509Certificate2 signingCert =
certs.Cast<X509Certificate2>().FirstOrDefault(cert => cert.FriendlyName == "XxxxxxxXXCA");
SigningCredentials signingCredentials = new X509SigningCredentials(signingCert);
var tokenHandler = new JwtSecurityTokenHandler();
var now = DateTime.UtcNow;
var customer = _customerService.GetCustomerByEmail(email);
var emailClaim = new Claim(ClaimTypes.Email, customer.Email, ClaimValueTypes.String);
var userIdClaim = new Claim(ClaimTypes.NameIdentifier, customer.Id.ToString(), ClaimValueTypes.Integer);
var roleClaim = new Claim(ClaimTypes.Role, "customer", ClaimValueTypes.String);
var claimsList = new List<Claim> { emailClaim, userIdClaim, roleClaim };
var tokenDescriptor = new SecurityTokenDescriptor()
{
AppliesToAddress = "http://localhost/api",
SigningCredentials = signingCredentials,
TokenIssuerName = "http://localhost",
Lifetime = new Lifetime(now, now.AddDays(30)),
//Lifetime = new Lifetime(now, now.AddDays(1)),
Subject = new ClaimsIdentity(claimsList)
};
store.Close();
return tokenHandler.WriteToken(tokenHandler.CreateToken(tokenDescriptor));
}
publicstringgenerateToken(字符串电子邮件)
{
X509Store=新的X509Store(StoreLocation.LocalMachine);
打开(OpenFlags.ReadOnly);
var certs=store.Certificates;
X509Certificate2签署证书=
certs.Cast().FirstOrDefault(cert=>cert.FriendlyName==“XXXXXXXXCA”);
SigningCredentials SigningCredentials=新X509 SigningCredentials(signingCert);
var tokenHandler=new JwtSecurityTokenHandler();
var now=DateTime.UtcNow;
var customer=\u customerService.getcustomerbymail(电子邮件);
var emailClaim=新索赔(ClaimTypes.Email、customer.Email、ClaimValueTypes.String);
var userIdClaim=new Claim(ClaimTypes.NameIdentifier,customer.Id.ToString(),ClaimValueTypes.Integer);
var roleClaim=新索赔(ClaimTypes.Role,“customer”,ClaimValueTypes.String);
var claimsList=新列表{emailClaim,userIdClaim,roleClaim};
var tokenDescriptor=new SecurityTokenDescriptor()
{
AppliesToAddress=”http://localhost/api",
SigningCredentials=SigningCredentials,
TokenIssuerName=”http://localhost",
生存期=新的生存期(now,now.AddDays(30)),
//生存期=新生存期(now,now.AddDays(1)),
主题=新的索赔实体(索赔清单)
};
store.Close();
返回tokenHandler.WriteToken(tokenHandler.CreateToken(tokenDescriptor));
}
新建自签名证书
cmdlet默认使用密钥存储提供程序。大多数.NET Framework(X509Certificate2
特别是)不支持CNG密钥。因此,当您使用存储在CNG中的私钥从证书创建X509Certificate2
实例时,get
accessor onPrivateKey
属性引发异常:
at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()
我相信,您不拥有在
PrivateKey
上调用getter的代码,因此,您需要通过在New SelfSignedCertificate
cmdlet调用中的-provider
参数中显式提供旧的提供程序名称来重新创建证书。例如,您可以使用microsoft增强rsa和aes加密提供程序作为参数值。新建自签名证书
cmdlet默认使用密钥存储提供程序。大多数.NET Framework(X509Certificate2
特别是)不支持CNG密钥。因此,当您使用存储在CNG中的私钥从证书创建X509Certificate2
实例时,get
accessor onPrivateKey
属性引发异常:
at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()
我相信,您不拥有在PrivateKey
上调用getter的代码,因此,您需要通过在New SelfSignedCertificate
cmdlet调用中的-provider
参数中显式提供旧的提供程序名称来重新创建证书。例如,您可以使用microsoft增强rsa和aes加密提供程序作为参数值