{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 趁早两清 的问题《OpenIddict error with AddSigningCertificate》','https://www.manongdao.com/q-972472.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am trying to signin certificate (OpenIddict), but I get error when trying with thumbprint:
options.AddSigningCertificate(Configuration["Certificate"]/* db b9 12 .... 22 */);
and the error:
Application startup exception: System.Security.Cryptography.CryptographicException: OpenCSP failed with error code 2148073494.
in this line:
app.UseOpenIddict();
If I tried with X509Certificate2 I also get error:
var cert = new X509Certificate2(Configuration["Certificate"]/*path to file.cer*/);
options.AddSigningCertificate(cert);
and the error:
System.InvalidOperationException: The certificate doesn't contain the required private key.
in same line app.UseOpenIddict();.
I am using the same certificate that I am using for https protocol. Is this OK?
My active tokens are randomly gone (and I get invalid_token when trying to refresh the token). I find somewhere that this happens if AddEphemeralSigningKey is used, because when connection is dropped (because of IIS idle timeout), all tokens are lost. Because of that I am trying to use AddSigningCertificate.
Is there another way? Can someone tell me, what is wrong with certificate? Thank you.
I am using ASP.NET Core 1.1.1.
I add read rights to IIS user for .cer file.
For use a cert in the machine personal store.
You must give permisions to the app pool of the site.
Go to machine certficate manager.
In the personal folder right click the certificate and select
All Task>Manage private keys(not sure the options in english, my os is spanish)In the security window add the app pool user, you can see it in the basic configuration of your site or aplication
then can use it in the Startup with
I solved my problem with new certificate created with SelfCert (https://s3.amazonaws.com/pluralsight-free/keith-brown/samples/SelfCert.zip).
I then added certificate to project source and call AddSigningCertificate:
I also had to add full rights to file for IIS user. Read and execute right was not enough.
And that's it. It works.