C# CryptographicException 未处理:系统找不到指定的文件
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/17840825/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
CryptographicException was unhandled: System cannot find the specified file
提问by Storm
I am trying to embrace the mysteries of SSL communication and have found a great tutorial on this site. I was trying to test my own certificate. Using Visual Studio 2012, I simply added an existing file (my certificate in .pfx format) and then changed the "certificate" and "password" settings in app.config. However, when trying to run it, I got an error:
我正在尝试接受 SSL 通信的奥秘,并在此站点上找到了一个很棒的教程。我试图测试我自己的证书。使用 Visual Studio 2012,我只需添加一个现有文件(我的证书为 .pfx 格式),然后更改 app.config 中的“证书”和“密码”设置。但是,在尝试运行它时,出现错误:
CryptographicException was unhandled: System cannot find the specified file
CryptographicException 未处理:系统找不到指定的文件
Then, I tried the same in my Web Service. There I got some more details about the error:
然后,我在我的 Web 服务中尝试了同样的方法。在那里我得到了一些关于错误的更多细节:
System.Security.Cryptography.CryptographicException: System cannot find specified file.
at System.Security.Cryptography.CryptographicException.ThrowCryptogaphicException(Int32 hr)
at System.Security.Cryptography.X509Certificates.X509Utils._QueryCertFileType(String fileName)
at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromFile(String fileName, Object password, X509KeyStorageFlags keyStorageFlags)
v System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password)
v TestServer.DataService.LoadSoap() v c:\Users\Administrator\Documents\Visual Studio 2012\Projects\TestServer\TestServer\DataService.asmx.cs:line 48
I have written this question to the author of the article, but since his last reply was in March 2012, I am not sure, whether he will reply. If somebody could help me with this problem, I would be very grateful.
我已经把这个问题写给了文章的作者,但由于他最后一次回复是在 2012 年 3 月,我不确定他是否会回复。如果有人能帮助我解决这个问题,我将不胜感激。
P.S.: When exporting the certificate from .cer to .pfx, I have changed the title of the file exported. Although I doubt its effect on the problem, I'd rather mention it.
PS:在将证书从.cer导出到.pfx时,我已经更改了导出文件的标题。虽然我怀疑它对问题的影响,但我宁愿提及它。
采纳答案by nologo
Did you set the following on the application pool in IIS?
您是否在 IIS 中的应用程序池中设置了以下内容?
- Go to IIS Manager
- Go to the application pool instance
- Click advanced settings
- Under Process model, set Load User Profile to true
- 进入 IIS 管理器
- 转到应用程序池实例
- 点击高级设置
- 在流程模型下,将加载用户配置文件设置为 true
See this stack question for further reading: What exactly happens when I set LoadUserProfile of IIS pool?
请参阅此堆栈问题以进一步阅读:当我设置 IIS 池的 LoadUserProfile 时究竟会发生什么?
回答by m12lrpv
Because this question has a high search ranking I would like to present a way to present X509Certificate2 with an absolute path (which it only accepts) to a relatively located pxf key file in an ASP.net application.
因为这个问题的搜索排名很高,所以我想提出一种方法来呈现 X509Certificate2 与绝对路径(它只接受)到 ASP.net 应用程序中相对定位的 pxf 密钥文件。
string path = HttpContext.Current.Server.MapPath("~") + "..\keys\relative_key.pfx";
X509Certificate2 cert = new X509Certificate2(path, "", X509KeyStorageFlags.DefaultKeySet);
回答by Alejandro PC
By passing CspParameters with flag csdMachineKeyKeyStore IIS can bypass the restriction that throws the Exception.
通过传递带有 csdMachineKeyKeyStore 标志的 CspParameters,IIS 可以绕过引发异常的限制。
CspParameters cspParams = new CspParameters();
cspParams.KeyContainerName = Guid.NewGuid().ToString().ToUpperInvariant();
cspParams.Flags = CspProviderFlags.UseMachineKeyStore;
RSACryptoServiceProvider RSA = new RSACryptoServiceProvider(cspParams);
I founded solution here:
我在这里建立了解决方案:
回答by Salomon Arias
For those of you who received the Cryptographic Exception when attempting to import a X509Certificate2 using the Import method, I found that using the Enum option for MachineKeySet bypassed the need for creating a userContext in IIS, and thus easier to implement.
对于那些在尝试使用 Import 方法导入 X509Certificate2 时收到加密异常的人,我发现使用 MachineKeySet 的 Enum 选项绕过了在 IIS 中创建 userContext 的需要,因此更容易实现。
X509Certificate2 cert = new X509Certificate2();
cert.Import(certificateFilePath, certPasshrase,
X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.MachineKeySet);
回答by Salomon Arias
You need to specify absolute path instead of relative path.
您需要指定绝对路径而不是相对路径。
AppDomain.CurrentDomain.BaseDirectory +"/Certificate/cer.PFX"
