Skip to content
This repository has been archived by the owner on Sep 18, 2021. It is now read-only.

Cert.Load() Error on shared hosting #846

Closed
akshaymarkande opened this issue Jan 30, 2015 · 9 comments
Closed

Cert.Load() Error on shared hosting #846

akshaymarkande opened this issue Jan 30, 2015 · 9 comments
Labels

Comments

@akshaymarkande
Copy link

Not able to load Cert.Load() on a shared hosting environment.
Is there any way to bypass that?

@leastprivilege
Copy link
Member

Since you haven't provided any details on the error - it is hard to tell you how to fix it.

@akshaymarkande
Copy link
Author

in this method where the certificate is read from the stream in shared hosting environment it gives error.
public static X509Certificate2 Load()
{
var assembly = typeof(Cert).Assembly;
using (var stream = assembly.GetManifestResourceStream("Thinktecture.IdentityServer.Host.Config.idsrv3test.pfx"))
{
return new X509Certificate2(ReadStream(stream), "idsrv3test");
}
}

Get following error...
So i have 2 questions, is there a way to not use the certificate and yet being able to work or is there a way to bypass this error in shared hosting.

Server Error in '/' Application.

Access denied.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Security.Cryptography.CryptographicException: Access denied.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[CryptographicException: Access denied.
]
System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr) +33
System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromBlob(Byte[] rawData, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx) +0
System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromBlob(Byte[] rawData, Object password, X509KeyStorageFlags keyStorageFlags) +184
System.Security.Cryptography.X509Certificates.X509Certificate..ctor(Byte[] rawData, String password, X509KeyStorageFlags keyStorageFlags) +65
System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(Byte[] rawData, String password, X509KeyStorageFlags keyStorageFlags) +61
Thinktecture.IdentityServer.Host.Config.Cert.LoadCertificate() +79
Thinktecture.IdentityServer.Host.Startup_LocalTest.b__3(IAppBuilder coreApp) +164
Owin.MapExtensions.Map(IAppBuilder app, PathString pathMatch, Action1 configuration) +178 Owin.MapExtensions.Map(IAppBuilder app, String pathMatch, Action1 configuration) +108
Thinktecture.IdentityServer.Host.Startup_LocalTest.Configuration(IAppBuilder app) +114

[TargetInvocationException: Exception has been thrown by the target of an invocation.]
System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor) +0
System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments) +92
System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) +155
Owin.Loader.<>c__DisplayClass12.b__b(IAppBuilder builder) +66
Owin.Loader.<>c__DisplayClass1.b__0(IAppBuilder builder) +123
Microsoft.Owin.Host.SystemWeb.<>c__DisplayClass2.b__0(IAppBuilder builder) +71
Microsoft.Owin.Host.SystemWeb.OwinAppContext.Initialize(Action1 startup) +470 Microsoft.Owin.Host.SystemWeb.OwinBuilder.Build(Action1 startup) +40
Microsoft.Owin.Host.SystemWeb.OwinHttpModule.InitializeBlueprint() +70
System.Threading.LazyInitializer.EnsureInitializedCore(T& target, Boolean& initialized, Object& syncLock, Func`1 valueFactory) +86
Microsoft.Owin.Host.SystemWeb.OwinHttpModule.Init(HttpApplication context) +106
System.Web.HttpApplication.RegisterEventSubscriptionsWithIIS(IntPtr appContext, HttpContext context, MethodInfo[] handlers) +418
System.Web.HttpApplication.InitSpecial(HttpApplicationState state, MethodInfo[] handlers, IntPtr appContext, HttpContext context) +172
System.Web.HttpApplicationFactory.GetSpecialApplicationInstance(IntPtr appContext, HttpContext context) +336
System.Web.Hosting.PipelineRuntime.InitializeApplication(IntPtr appContext) +296

[HttpException (0x80004005): Exception has been thrown by the target of an invocation.]
System.Web.HttpRuntime.FirstRequestInit(HttpContext context) +9930568
System.Web.HttpRuntime.EnsureFirstRequestInit(HttpContext context) +101
System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context) +254

@brockallen
Copy link
Member

Sounds like this: #849 (comment)

@akshaymarkande
Copy link
Author

Partially yes its same but is there a way to still use IdentityServer without using Certificate or is that madatory?

@leastprivilege
Copy link
Member

A certificate is mandatory for identity tokens - optional for access tokens.

@akshaymarkande
Copy link
Author

We have resolved the certificate issue however we have another issue.. we get following error.

Error
There was an unexpected error
Request Id: 5caad8d5-02d0-4bb9-8b0d-63c447a1ca03

starting url is this..
https://sso.mondaz.com/core/connect/authorize?client_id=CWW&response_type=id_token&scope=openid%20email&redirect_uri=http%3A%2F%2Fcingularity.in%2Faccount%2FsignInCallback&response_mode=form_post&state=568c7698103943108142d1234cd5b5db&nonce=8a63c8f6b28941b3bbbf7f3b749aa7f1

we get allow access screen where we say yes
then we get following url and above error

https://sso.mondaz.com/core/connect/consent?client_id=CWW&response_type=id_token&scope=openid%20email&redirect_uri=http%3A%2F%2Fcingularity.in%2Faccount%2FsignInCallback&response_mode=form_post&state=568c7698103943108142d1234cd5b5db&nonce=8a63c8f6b28941b3bbbf7f3b749aa7f1

Error
There was an unexpected error
Request Id: 5caad8d5-02d0-4bb9-8b0d-63c447a1ca03

@leastprivilege
Copy link
Member

you need to turn on logging. Otherwise we can't help you.

@akshaymarkande
Copy link
Author

loggin is turned on.. shall i give the log file?

@leastprivilege
Copy link
Member

No you should have a look yourself - it is the last error in the log.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
None yet
Development

No branches or pull requests

3 participants