New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Question] Azure.Identity support using pfx file #25423
Comments
Thank you for your feedback. Tagging and routing to the team members best able to assist. |
Hi @MarcoEnxuto - Does the following work if you try to construct the certificate directly using your file path? If not, what is the error? new X509Certificate2(clientCertificatePath); |
Hi @christothes, no. I'm not instantiating that class. Here's a code snippet... As soon i use the graph service client, it throws a "Could not load the certificate". |
Sorry, I know you aren't using that class directly, but it was intended as a test to see if Azure.Identity would be able to use your path since that is essentially what it does. Could you try this to verify that your pfx cert path is valid and that the password is unencrypted? |
Yes. I updated the question on Q&A, telling i checked that using Import-PfxCertificate Cmdlet on PowerShell. But i'll try here on C#. Good point. |
@christothes after careful debug, that code raises The system cannot find the file specified. |
In the debugger immediate window, are you able to run these statements?
|
This is very strange. Can you reproduce with X509Certificate2 directly? |
You bet it is @christothes. Is it possible this happening because i have the debugger attached? I don't think so... |
Hi @christothes, did you reach any conclusion based on my findings? Thanks. |
Hello, |
Hi @schaabs, i guess @christothes might be Out of Office. Can you help me here? |
Hi @MarcoEnxuto - Because this reproduces directly with |
Hi @christothes, sorry to bother. I tried another way by copying the pfx certificate file to the output directory where i deploy my web app, which was the initial intention of the author of that post. In the Immediate window i could execute successfully the code File.Exists (which returne true), but at runtime the code returns the exception "The system cannot find the file specified". I also changed the AZURE_CLIENT_CERTIFICATE to a relative path, and i got the same outcome. Something is not right here, and it is interesting that i am the only one reporting this... |
I'm running out of ideas on this one, Perhaps you could verify the access control rules defined on the file or the containing directory? Debug.WriteLine(System.Security.Principal.WindowsIdentity.GetCurrent().Name);
var fileInfo = new FileInfo(@"<path to cert>");
var accessControl = fileInfo.GetAccessControl();
var rules = accessControl.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount));
foreach (FileSystemAccessRule rule in rules)
{
Debug.WriteLine(rule.IdentityReference.Value);
} |
Hi again @christothes, IIS APPPOOL<websitename> BUILTIN\IIS_IUSRS |
Have you confirmed that those permissions allow IIS APPOOL to access the file? The only other thought I had is to check if the certificate file is blocked. https://superuser.com/questions/590787/what-does-it-mean-when-a-file-is-blocked-in-windows |
Hi @christothes, finally i found out what was wrong. And this took a while. Instead of using Web App service on Azure for development purposes, because well... costs... I decided to deploy on prem, using IIS. Third, enable the "Load User profile" in the Application Pool, click ok and recycle it. Thank you very much @christothes for your patience on this subject and thanks for your suggestions, i did help on my research. On a side note: i wish you Merry Christmas for you and your family. |
Query/Question
Hi,
According to this post, pfx files should be supported. Unfortunately i don't see any support, or at least i can't get it work.
I did follow the troubleshooting steps but i don't see what i'm doing wrong.
So, i posted here a question, since i'm using a local server with IIS and Environment variables.
The app throws an exception indicating Could not load the certificate....
Either way, the certificate is in a public path and accessible.
AZURE_CLIENT_CERTIFICATE_PATH C:\Users\Public\cert.pfx
AZURE_CLIENT_ID (guid)
AZURE_TENANT_ID (another guid)
Environment:
The text was updated successfully, but these errors were encountered: