Open Closed

System.Security.Cryptography.CryptographicException: The system cannot find the file specified. #8217


User avatar
0
serhatuysal created
  • ABP Framework version: v8.3.1
  • UI Type: Angular
  • Database System: EF Core (SQL Server)
  • Tiered (for MVC) or Auth Server Separated (for Angular): no

Volo.Abp.AbpInitializationException: An error occurred during ConfigureServicesAsync phase of the module Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule, Volo.Abp.OpenIddict.AspNetCore, Version=8.3.1.0, Culture=neutral, PublicKeyToken=null. See the inner exception for details. ---> System.Security.Cryptography.CryptographicException: The system cannot find the file specified. at System.Security.Cryptography.X509Certificates.CertificatePal.FilterPFXStore(ReadOnlySpan1 rawData, SafePasswordHandle password, PfxCertStoreFlags pfxCertStoreFlags) at System.Security.Cryptography.X509Certificates.CertificatePal.FromBlobOrFile(ReadOnlySpan1 rawData, String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags)

I am encountering an error in the function. My research indicates that the 'Load User Profile' setting in the IIS application pool should be set to true. However, as the project is hosted with a hosting provider, the company representatives informed me that this setting cannot be changed in shared hosting services. Could you suggest an alternative solution?


14 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You can use your openiddict.pfx file.

    dotnet dev-certs https -v -ep openiddict.pfx -p 00000000-0000-0000-0000-000000000000

    See https://abp.io/docs/latest/deployment/configuring-openiddict

  • User Avatar
    0
    serhatuysal created

    merhaba

    openiddict.pfx dosyanızı kullanabilirsiniz.

    dotnet dev-certs https -v -ep openiddict.pfx -p 00000000-0000-0000-0000-000000000000

    Bkz. https://abp.io/docs/latest/deployment/configuring-openiddict

    Yes, I already followed the steps here and made the necessary adjustments, but the result did not change.

  • User Avatar
    0
    serhatuysal created

    dotnet dev-certs https -v -ep openiddict.pfx -p bf6bc8cb-7dd5-43bc-beba-c5bbaf0f78a4

    after

    When we encountered the same issue with projects hosted on our own servers, setting the 'Load User Profile' option to 'true' in the IIS pool resolved the problem. However, we now need to deploy our application with a hosting provider, and they have informed us that they cannot change this setting

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Try to specify the X509KeyStorageFlags

    serverBuilder.AddProductionEncryptionAndSigningCertificate("openiddict.pfx", "bf6bc8cb-7dd5-43bc-beba-c5bbaf0f78a4", X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.MachineKeySet |  X509KeyStorageFlags.EphemeralKeySet);
    
  • User Avatar
    0
    serhatuysal created

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    But this extension method has three arguments. You can copy the source code of this method.

    using System.IO;
    using System.Security.Cryptography.X509Certificates;
    
    namespace Microsoft.Extensions.DependencyInjection;
    
    public static class OpenIddictServerBuilderExtensions
    {
        public static OpenIddictServerBuilder AddProductionEncryptionAndSigningCertificate(this OpenIddictServerBuilder builder, string fileName, string passPhrase, X509KeyStorageFlags? flag = null)
        {
            if (!File.Exists(fileName))
            {
                throw new FileNotFoundException($"Signing Certificate couldn't found: {fileName}");
            }
    
            var certificate = flag != null
                ? new X509Certificate2(fileName, passPhrase, flag.Value)
                : new X509Certificate2(fileName, passPhrase);
    
            builder.AddSigningCertificate(certificate);
            builder.AddEncryptionCertificate(certificate);
            return builder;
        }
    }
    
    
  • User Avatar
    0
    serhatuysal created

    okay,

    I changed the codes like this, the error message changed

    Volo.Abp.AbpInitializationException: An error occurred during ConfigureServicesAsync phase of the module Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule, Volo.Abp.OpenIddict.AspNetCore, Version=8.3.1.0, Culture=neutral, PublicKeyToken=null. See the inner exception for details. ---> System.ArgumentException: The flags 'PersistKeySet, EphemeralKeySet' may not be specified together. (Parameter 'keyStorageFlags') at System.Security.Cryptography.X509Certificates.X509Certificate.ValidateKeyStorageFlags(X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags)

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    sorry for that

    Can you try to use the

    X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet

    Or

    X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.EphemeralKeySet

  • User Avatar
    0
    serhatuysal created

    Using X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.EphemeralKeySet solved the problem but now another unrelated error occurs

    [12:04:25 INF] Executed endpoint '/Account/Login' [12:04:26 ERR] An unhandled exception has occurred while executing the request. Microsoft.Data.SqlClient.SqlException (0x80131904): Incorrect syntax near the keyword 'WITH'. Incorrect syntax near the keyword 'with'. If this statement is a common table expression, an xmlnamespaces clause or a change tracking context clause, the previous statement must be terminated with a semicolon. at Microsoft.Data.SqlClient.SqlCommand.<>c.<ExecuteDbDataReaderAsync>b__211_0(Task1 result) at System.Threading.Tasks.ContinuationResultTaskFromResultTask2.InnerInvoke() at System.Threading.Tasks.Task.<>c.<.cctor>b__281_0(Object obj)

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    It seems you are using lower SQL server version. You can try to set the CompatibilityLevel as 120 and try again: https://learn.microsoft.com/en-us/ef/core/what-is-new/ef-core-8.0/breaking-changes#mitigations

  • User Avatar
    0
    serhatuysal created

    I couldn't find where to make this setting.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    https://abp.io/support/questions/7232/Running-DBMigrator-in-a-Machine-with-sql-server-2012#answer-3a12b26b-f0e6-38b0-d291-a8801c0b149e

  • User Avatar
    0
    serhatuysal created

    thank you for your help.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    : )

Made with ❤️ on ABP v9.1.0-preview. Updated on November 01, 2024, 05:35