asp.net – X509Certificate2 – 系统找不到指定的路径

发布时间：2020-12-16 04:20:15 所属栏目：asp.Net 来源：网络整理

导读：我希望通过服务帐户获取Google Analytics的数据. 当我第一次启动应用程序时,一切正常,我可以访问数据.但是,当我第二次启动应用程序时,出现以下错误：“系统找不到指定的路径”.你有个主意吗？我以为它可以锁定. 这是我的源代码： public static String GetAc

我希望通过服务帐户获取Google Analytics的数据.
当我第一次启动应用程序时,一切正常,我可以访问数据.但是,当我第二次启动应用程序时,出现以下错误：“系统找不到指定的路径”.你有个主意吗？我以为它可以锁定.

这是我的源代码：

public static String GetAccessToken(string clientIdEMail,string keyFilePath,String scope)
    {
        // certificate
        var certificate = new X509Certificate2(keyFilePath,"notasecret",X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable);

        // header
        var header = new { typ = "JWT",alg = "RS256" };

        // claimset
        var times = GetExpiryAndIssueDate();
        var claimset = new
        {
            iss = clientIdEMail,scope = scope,aud = "https://accounts.google.com/o/oauth2/token",iat = times[0],exp = times[1],};

        JavaScriptSerializer ser = new JavaScriptSerializer();

        // encoded header
        var headerSerialized = ser.Serialize(header);
        var headerBytes = Encoding.UTF8.GetBytes(headerSerialized);
        var headerEncoded = Convert.ToBase64String(headerBytes);

        // encoded claimset
        var claimsetSerialized = ser.Serialize(claimset);
        var claimsetBytes = Encoding.UTF8.GetBytes(claimsetSerialized);
        var claimsetEncoded = Convert.ToBase64String(claimsetBytes);

        // input
        var input = headerEncoded + "." + claimsetEncoded;
        var inputBytes = Encoding.UTF8.GetBytes(input);

        // signiture
        var rsa = certificate.PrivateKey as RSACryptoServiceProvider;
        var cspParam = new CspParameters
        {
            KeyContainerName = rsa.CspKeyContainerInfo.KeyContainerName,KeyNumber = rsa.CspKeyContainerInfo.KeyNumber == KeyNumber.Exchange ? 1 : 2,Flags = CspProviderFlags.UseMachineKeyStore
        };
        var aescsp = new RSACryptoServiceProvider(1024,cspParam) { PersistKeyInCsp = false };
        var signatureBytes = aescsp.SignData(inputBytes,"SHA256");
        var signatureEncoded = Convert.ToBase64String(signatureBytes);

        // jwt
        var jwt = headerEncoded + "." + claimsetEncoded + "." + signatureEncoded;

        var client = new WebClient();
        client.Encoding = Encoding.UTF8;
        var uri = "https://accounts.google.com/o/oauth2/token";
        var content = new NameValueCollection();

        content["assertion"] = jwt;
        content["grant_type"] = "urn:ietf:params:oauth:grant-type:jwt-bearer";

        string response = Encoding.UTF8.GetString(client.UploadValues(uri,"POST",content));

        JsonGoogleResponse result = (ser.Deserialize<JsonGoogleResponse>(response));



        return result.access_token;
    }

这是堆栈：

à   System.Security.Cryptography.CryptographicException.ThrowCryptogaphicException(Int32 hr)
  à System.Security.Cryptography.SafeProvHandle._FreeCSP(IntPtr pProvCtx)
  à System.Security.Cryptography.SafeProvHandle.ReleaseHandle()
  à System.Runtime.InteropServices.SafeHandle.InternalFinalize()
  à System.Runtime.InteropServices.SafeHandle.Dispose(Boolean disposing)
  à System.Runtime.InteropServices.SafeHandle.Finalize()

解决方法

如果您在IIS中运行,则需要在应用程序池的高级设置中将“加载用户配置文件”设置为True,以便能够通过文件名和文件加载证书.密码.

（编辑：李大同）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!