6

I am moving an existing (and working) ASP.NET web site to Azure web site. One of the bits of functionality on the site is signing an XML document. The code to get the key is:

// retrieve a key from the key safe - this will create it if it does not exist yet
System.Security.Cryptography.CspParameters csp = new CspParameters();
csp.KeyContainerName = "MyKeyName";
System.Security.Cryptography.RSACryptoServiceProvider key = new RSACryptoServiceProvider(csp);

The last line is throwing a CryptographicException, with the message "The system cannot find the file specified".

I have not put a key or container into Azure - my understanding is that the ServiceProvider would create one. I have reviewed this article, but did not get any clues.

Clearly I am missing something fundamental.

Artjom B.
  • 61,146
  • 24
  • 125
  • 222
OzDave
  • 164
  • 6
  • 1
    Recommend you review the answer to this post which should give you what you need: http://stackoverflow.com/questions/23827884/accessing-uploaded-certificates-in-azure-web-sites – Simon W Nov 20 '14 at 22:40

1 Answers1

8

Thanks Simon - that pointed me in the right direction.

Turns out you need to specify that the key be created in a machine store. Code that worked is:

System.Security.Cryptography.CspParameters csp = new CspParameters();
csp.KeyContainerName = "MyKeyName";
csp.Flags = CspProviderFlags.UseMachineKeyStore;

Note the addition of the line specifying "UseMachineKeyStore"

Artjom B.
  • 61,146
  • 24
  • 125
  • 222
OzDave
  • 164
  • 6
  • 1
    We had a similar problem with this, and ended up specifying an ephemeral key - for whatever reason the UseMachineKeyStore consistently threw an exception of File Path Not Found. Without understanding exactly what Azure Websites was doing, evidently the Machine Key Store path doesn't work in this scenario, and the ephemeral key is not persisted, and works just fine. It would depend on the application though. – Bruce Chapman Jan 31 '17 at 05:15
  • I could not get UseMachineKeyStore working either with Azure App Service, but the ephemeral key mentioned by @BruceChapman luckily worked. – naavis Aug 11 '22 at 06:35