将IdentityServer 4部署到Azure VM时找不到证书
在将IdentityServer 4(ASP.NET Core 1.1)部署到Azure VM(Windows Server 2012 R2)时遇到此证书问题。
I'm getting this cert issue while deploying IdentityServer 4 (ASP.NET Core 1.1) to Azure VM (Windows Server 2012 R2).
crit: IdentityServer4.Hosting.IdentityServerMiddleware[0]
Unhandled exception: Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: The system cannot find the file specified
at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider, CngKeyOpenOptions openOptions)
at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider)
at Internal.Cryptography.Pal.CertificatePal.GetPrivateKey[T](Func`2 createCsp, Func`2 createCng)
at Internal.Cryptography.Pal.CertificatePal.GetRSAPrivateKey()
这将在本地开发计算机上工作,我不知道为什么。我将证书安装在VM上的我的(本地计算机)存储上。
This will work on local dev computer and I cannot figure it out why. I install the cert on My (Local Machine) store on the VM.
任何人都可以提供帮助。谢谢。
Can anyone help on this. Thanks.
我在这里找到了解决方案:
I found the solution here:
显然,我需要在应用程序池上启用加载用户配置文件。但是,错误现在变为:
Apparently, I need to enable the Load User Profile on the Application Pool. However, the error now changes to this:
crit: IdentityServer4.Hosting.IdentityServerMiddleware[0]
Unhandled exception: Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Keyset does not exist
at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider, CngKeyOpenOptions openOptions)
at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider)
at Internal.Cryptography.Pal.CertificatePal.GetPrivateKey[T](Func`2 createCsp, Func`2 createCng)
at Internal.Cryptography.Pal.CertificatePal.GetRSAPrivateKey()
现在看问题。
好的,所以问题是读取证书的权限。我们要做的只是去获得证书并授予IIS_IUSRS的 Read (仅 )。
Okay, so the issue is permission to read the cert. All we have to do just go to the certificate and grant Read (only) for IIS_IUSRS.
现在有效。