On Azure: System.Security.Cryptography.CryptographicException: The system cannot find the file specified

Washington_Michael · January 24, 2025, 10:29pm

I am using ComponentSpace.Saml2 version 2.0.4

When I set LocalCertificates like this:

 LocalCertificates = new List<Certificate>
 {
     new Certificate
     {
         Use = "Any",
         String = "MIIGYPtBAzCCBgc...",
         Password = "MyPassword"
     }
 }

It works fine on my local machine, but when I deploy it to an Azure Windows App Service I get the following error:

System.Security.Cryptography.CryptographicException: The system cannot find the file specified.
at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider, CngKeyOpenOptions openOptions)
at System.Security.Cryptography.X509Certificates.CertificatePal.GetPrivateKey[T](Func2 createCsp, Func2 createCng)
at System.Security.Cryptography.X509Certificates.CertificateExtensionsCommon.GetPrivateKey[T](X509Certificate2 certificate, Predicate1 matchesConstraints) at ComponentSpace.Saml2.SamlIdentityProvider.CreateSamlResponseAsync(String userID, IList1 attributes, String authnContext, Status status, String assertionConsumerServiceUrl)
at ComponentSpace.Saml2.SamlIdentityProvider.InitiateSsoAsync(String partnerName, String userID, IList`1 attributes, String relayState, String authnContext)

I think I am running into the issue identified here:

Troubleshooting Loading X.509 Certificates - SAML for ASP.NET - ComponentSpace Support Forum

I am unsure how to resolve this?

ComponentSpace · January 28, 2025, 6:17am

It’s most likely some sort of permissions issue.

Does the error occur if you deploy locally rather than to Azure?

Just to confirm, when running as an Azure app service, it’s using Windows rather than Linux?

Version 2.0.4 is seven years old. We’ve made changes to certificate loading so it might be worth trying the latest version to see if that helps.

Washington_Michael · January 28, 2025, 1:23pm

No.

Yes

It has been many years since we purchased the component. How do we go about getting the latest version?

Thank You

ComponentSpace · January 28, 2025, 8:18pm

Thanks for this information.

I suggest downloading and testing with the free trial version to see if the latest version resolves the issue.

You can contact sales@componentspace.com regarding moving to the latest licensed version.

Washington_Michael · January 29, 2025, 6:58pm

Thank you for your response.

I tried just dropping in the new Nuget package into my existing code, and while it did compile, the Idp SAML code stopped working even on my local machine. I suspect there have been a lot of changes in the past seven years.

I will now take the time to try to reproduce the issue starting with your sample:

SAMLv20.Core-evaluation\SAML for .NET Core\Examples\NET-9.0\SSO\BlazorIdentityProvider

I will then deploy it to Azure to see if it resolves the issue.

This may take me some time.

Thank You

Washington_Michael · January 29, 2025, 8:02pm

The good news is that your sample, using my configuration and key, works in Azure

I will contact sales@componentspace.com

Thank you

ComponentSpace · January 29, 2025, 8:15pm

Thanks for the update.