WEBAPI AND A3 CERTIFICATE - TOKEN

Asked

Viewed 1,918 times

4

Can anyone here use A3 type certificate for a WEBAPI ?

Because when I test it in debug (i.e., local), everything works normal. But if I compile, and put in the IIS application, keeps returning me that there is no certificate. Someone’s been through it ?

Follow the Code, ( Class Library project )

public X509Certificate2 SelecionarCertificado(string serieCertDigital)
        {
            X509Certificate2 certificate = new X509Certificate2();
            ok = true;
            try
            {
                X509Certificate2Collection certificatesSel = null;
                X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
                store.Open(OpenFlags.OpenExistingOnly);
                X509Certificate2Collection certificates = store.Certificates.Find(X509FindType.FindByTimeValid, DateTime.Now, true).Find(X509FindType.FindByKeyUsage, X509KeyUsageFlags.DigitalSignature, true);

                if ((string.IsNullOrEmpty(serieCertDigital)))
                {
                    certificatesSel = X509Certificate2UI.SelectFromCollection(certificates, "Certificados Digitais", "Selecione o Certificado Digital para uso no aplicativo", X509SelectionFlag.SingleSelection);
                    if ((certificatesSel.Count == 0))
                    {
                        certificate.Reset();
                        //Throw New Exception("Nenhum certificado digital foi selecionado ou o certificado selecionado está com problemas.")
                        mensagem += "Nenhum certificado digital foi selecionado ou o certificado selecionado está com problemas.";
                        ok = false;
                    }
                    else
                    {
                        certificate = certificatesSel[0];
                    }
                }
                else
                {
                    certificatesSel = certificates.Find(X509FindType.FindBySerialNumber, serieCertDigital, true);
                    if ((certificatesSel.Count == 0))
                    {
                        certificate.Reset();
                        mensagem += "Certificado digital não encontrado  " + certificates.Count.ToString();
                        ok = false;
                        return null;
                    }
                    else
                    {
                        certificate = certificatesSel[0];
                    }
                }
                store.Close();
            }
            catch (Exception)
            {
                mensagem += "Falha detectada ao verificar o certificado";
                ok = false;
                return null;
            }

            return certificate;
        }
  • I already had this problem, what happens is that IIS does not have access to the local computer, only the A3 model certificates installed directly on the server. An alternative I adopted was to use A1 certificate, so just send it straight to the server.

1 answer

1

Good afternoon friend.

IIS has a specific user who belongs to a group with extremely restricted access to host machine functionalities.

To resolve your situation, you basically need to configure the user the IIS to have access to the certificate.

Below is the Link of a solution that, if you do not solve 100% your question, I believe will at least give you a way to follow.

Hugs.

https://stackoverflow.com/questions/2609859/how-to-give-asp-net-access-to-a-private-key-in-a-certificate-in-the-certificate

  • I’ll check it out and bring you back, thanks!

Browser other questions tagged

You are not signed in. Login or sign up in order to post.