I am trying to get IdentityServer3 setup and am following along and using a Pluralsight video (https://app.pluralsight.com/library/courses/building-securing-restful-api-aspdotnet/table-of-contents) as reference. I'm at the point of basic IS3 setup and am stuck at the "SigningCertificate" assignment for the ".UseIdentityServer()" call.
I've seen similar code elsewhere on the Internet. My relevant code:
public X509Certificate2 LoadCertificate()
{
var baseFolder = AppDomain.CurrentDomain.BaseDirectory;
string certificatePath = $"{baseFolder}Certificates\\idsrv3test.pfx";
//var certificateBytes = File.ReadAllBytes(certificatePath);
//return new X509Certificate2(certificateBytes, "idsrv3test", X509KeyStorageFlags.Exportable | X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.UserKeySet | X509KeyStorageFlags.UserProtected);
return new X509Certificate2(certificatePath, "idsrv3test", X509KeyStorageFlags.Exportable | X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet);
}
public void Configuration(IAppBuilder app)
{
app.Map("/identity", idSrvApp =>
{
idSrvApp.UseIdentityServer(new IdentityServerOptions
SiteName = "My Identity Server",
IssuerUri = Constants.IdServerIssuerUri,
Factory = new IdentityServerServiceFactory()
.UseInMemoryUsers(Users.Get())
.UseInMemoryClients(Clients.Get())
.UseInMemoryScopes(Scopes.Get()),
SigningCertificate = LoadCertificate()
});
});
}
It is blowing up on the return new X509Certificate2()
line. As you can see, I've tried both reading the test certificate (downloaded from IS3's Github page: https://github.com/IdentityServer/IdentityServer3.Samples/tree/master/source/Certificates) in from a path as well as from a byte array. I've also tried every one of the X509KeyStorageFlags
enum values. Both give this error:
[CryptographicException: Cannot find the requested object. ]
System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr) +36
System.Security.Cryptography.X509Certificates.X509Utils._QueryCertFileType(String fileName) +0
System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromFile(String fileName, Object password, X509KeyStorageFlags keyStorageFlags) +100
System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags) +110
MySecurityService.Startup.LoadCertificate() in D:\Documents\Projects\Test\MySecurityService\MySecurityService\Startup.cs:43 UpcarsSecurityService.Startup.b__0_0(IAppBuilder idSrvApp) in D:\Documents\Projects\Test\MySecurityService\MySecurityService\Startup.cs:22 Owin.MapExtensions.Map(IAppBuilder app, PathString pathMatch, Action`1 configuration) +178 Owin.MapExtensions.Map(IAppBuilder app, String pathMatch, Action1 configuration) +108
UpcarsSecurityService.Startup.Configuration(IAppBuilder app) in D:\Documents\Projects\Test\MySecurityService\MySecurityService\Startup.cs:20
The solution has a "Certificates" directory and the .pfx file is there. In Visual Studio, I have set the "Copy to Output Directory" property on the file to "Copy always."
I've spent several hours on this and really am not sure what to do. Just to be completely clear, I am just running this on my local machine through Visual Studio Debug (IIS Express) at this point. I am planning on it being hosted within IIS (alongside a website) when it is done and deployed. I am running on Windows 10.
Thank you so much for any help; I'm pretty lost here and am totally new to IS3.