Azure Cloud Services
An Azure platform as a service offer that is used to deploy web and cloud applications.
695 questions
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
In Azure Cloud Service, I want to use below code to get client assertion, but the error at the line "var privateKeyXmlParams = certificate.PrivateKey.ToXmlString(true);" is "Key not valid for use in specified state.
".
X509Store store = new X509Store(StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection cers = store.Certificates.Find(X509FindType.FindBySubjectName, certificateName, false);
if (cers.Count == 0)
throw new Exception("No certificate found.");
X509Certificate2 certificate = cers[0];
//Create RSACryptoServiceProvider
var x509Key = new X509AsymmetricSecurityKey(certificate);
var privateKeyXmlParams = certificate.PrivateKey.ToXmlString(true);
var rsa = new RSACryptoServiceProvider();
rsa.FromXmlString(privateKeyXmlParams);
//alg represents the desired signing algorithm, which is SHA-256 in this case
//kid represents the certificate thumbprint
var header = new Dictionary<string, string>()
{
{ "alg", "RS256"},
{ "kid", Encode(certificate.GetCertHash()) }
};
string token = Encode(Encoding.UTF8.GetBytes(JObject.FromObject(header).ToString())) + "." + Encode(Encoding.UTF8.GetBytes(JObject.FromObject(GetClaims(tenantId, clientId)).ToString()));
string signature = Encode(rsa.SignData(Encoding.UTF8.GetBytes(token), new SHA256Cng()));
string signedClientAssertion = string.Concat(token, ".", signature);
I'm wondering if I can config the private key as exportable just as what I can do on my local machine. Can anyone help?