Issue with Acquiring Token for SharePoint using Azure App on Specific Tenant

Francesco Borraccino 5 Reputation points
Oct 7, 2024, 1:51 PM

I'm using an Azure app and this code to obtain a token for SharePoint, but I'm encountering an error when I run the following code:

public async Task<string> GetS2SAccessToken(string authority, string resource, string clientId)

{

    string certificatePassword = configuration.GetSection("Certificate:Password").Value;



    byte[] certificateBytes = GetCertificateByteArray();

    var cert = new X509Certificate2(

        certificateBytes,

        certificatePassword,

        X509KeyStorageFlags.Exportable |

        X509KeyStorageFlags.MachineKeySet |

        X509KeyStorageFlags.PersistKeySet);



    var certificate = new ClientAssertionCertificate(clientId, cert);

    AuthenticationContext context = new AuthenticationContext(authority);

    AuthenticationResult authenticationResult = await context.AcquireTokenAsync(resource, certificate);

    return authenticationResult.AccessToken;

}

I get the following error:

vba
Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Keyset does not exist

   at Internal.NativeCrypto.CapiHelper.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)

   at System.Security.Cryptography.RSACryptoServiceProvider.get_SafeProvHandle()

   at System.Security.Cryptography.RSACryptoServiceProvider.get_SafeKeyHandle()

   at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 keySize, CspParameters parameters, Boolean useDefaultKeySize)

   at System.Security.Cryptography.RSACryptoServiceProvider..ctor(CspParameters parameters)

   at Internal.Cryptography.Pal.CertificatePal.<>c.<GetRSAPrivateKey>b__67_0(CspParameters csp)

   at Internal.Cryptography.Pal.CertificatePal.GetPrivateKey[T](Func`2 createCsp, Func`2 createCng)

   at Internal.Cryptography.Pal.CertificatePal.GetRSAPrivateKey()

   at Internal.Cryptography.Pal.CertificateExtensionsCommon.GetPrivateKey[T](X509Certificate2 certificate, Predicate`1 matchesConstraints)

   at System.Security.Cryptography.X509Certificates.RSACertificateExtensions.GetRSAPrivateKey(X509Certificate2 certificate)

   at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Platform.SigningHelper.SignWithCertificate(String message, X509Certificate2 certificate)

   at Microsoft.IdentityModel.Clients.ActiveDirectory.ClientAssertionCertificate.Sign(String message)

   at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.ClientCreds.JsonWebToken.Sign(IClientAssertionCertificate credential, Boolean sendX5c)

   at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.ClientCreds.ClientKey.AddToParameters(IDictionary`2 parameters)

   at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.DictionaryRequestParameters..ctor(String resource, ClientKey clientKey)

   at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.SendTokenRequestAsync()

   at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.CheckAndAcquireTokenUsingBrokerAsync()

   at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.RunAsync()

   at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.AcquireTokenForClientCommonAsync(String resource, ClientKey clientKey)

   at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.AcquireTokenAsync(String resource, IClientAssertionCertificate clientCertificate)

I'm only experiencing this issue on a specific tenant. Has anyone encountered this problem before or have any suggestions on how to resolve it?

Thanks in advance!

Azure App Configuration
Azure App Configuration
An Azure service that provides hosted, universal storage for Azure app configurations.
239 questions
0 comments No comments
{count} vote

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.