'ASP.NET - The specified network password is not correct
I have in my dev machine a WCF Client which requires certificate and it is working fine.
After the deployment to production server I get the following Error:
[CryptographicException: The specified network password is not correct.]
DEV - Win7 32BIT IIS 7.5
PRODUCTION - Win SERVER 64BIT 2008 IIS 7.5
Even though there is no password between the networks and there is not certificate password. (I know because the dev works with no password). The only password that I have is the WCF one that is the same as the DEV.
CrmServiceClient crm = new CrmServiceClient("CrmServiceEndpoint");
crm.ClientCredentials.UserName.UserName = CrmConfigRepository.CrmUserName;//fine
crm.ClientCredentials.UserName.Password = CrmConfigRepository.CrmPassword;//fine
crm.ClientCredentials.ClientCertificate.Certificate = new X509Certificate2(Path);
///THIS WONT WORK AS WELL
crm.ClientCredentials.ClientCertificate.Certificate = new X509Certificate2(Path, "", X509KeyStorageFlags.Exportable);
this is the full stack
[CryptographicException: The specified network password is not correct. ]
System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr) +41
System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromFile(String fileName, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx) +0
System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromFile(String fileName, Object password, X509KeyStorageFlags keyStorageFlags) +372
System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName) +101
Externals.CrmConnection.Get() in C:\Users\avi\Documents\Visual Studio 2010\Projects\ExpressBroker\Externals\CrmConnection.cs:31
ExpressBroker.Models.ActionsMetadata.Handlers.LeadAccountHandler.Handle(BrokerAction brokerAction, ActionStep step, Dictionary`2 httpPostDataCollection) in C:\Users\avi\Documents\Visual Studio 2010\Projects\ExpressBroker\ExpressBroker\Models\ActionsMetadata\Handlers\LeadAccountHandler.cs:45
ExpressBroker.Models.ActionsMetadata.Handlers.BaseStepHandler.SecuredHandle(BrokerAction brokerAction, ActionStep step, Dictionary`2 httpPostDataCollection) in C:\Users\avi\Documents\Visual Studio 2010\Projects\ExpressBroker\ExpressBroker\Models\ActionsMetadata\Handlers\BaseStepHandler.cs:49
ExpressBroker.Models.ActionsMetadata.Handlers.HandlerInvoker.Invoke(BrokerAction brokerAction, ActionStep actionStep, Dictionary`2 stepValues) in C:\Users\avi\Documents\Visual Studio 2010\Projects\ExpressBroker\ExpressBroker\Models\ActionsMetadata\Handlers\StepServerInoker.cs:29
ExpressBroker.Controllers.LeadAccountController.Register(String step) in C:\Users\avi\Documents\Visual Studio 2010\Projects\ExpressBroker\ExpressBroker\Controllers\LeadAccountController.cs:28
lambda_method(Closure , ControllerBase , Object[] ) +127
System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters) +264
System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters) +39
System.Web.Mvc.<>c__DisplayClass15.<InvokeActionMethodWithFilters>b__12() +129
System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilter filter, ActionExecutingContext preContext, Func`1 continuation) +784922
System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodWithFilters(ControllerContext controllerContext, IList`1 filters, ActionDescriptor actionDescriptor, IDictionary`2 parameters) +314
System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName) +784976
System.Web.Mvc.Controller.ExecuteCore() +159
System.Web.Mvc.ControllerBase.Execute(RequestContext requestContext) +335
System.Web.Mvc.<>c__DisplayClassb.<BeginProcessRequest>b__5() +62
System.Web.Mvc.Async.<>c__DisplayClass1.<MakeVoidDelegate>b__0() +20
System.Web.Mvc.<>c__DisplayClasse.<EndProcessRequest>b__d() +54
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +453
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +371
Thanks
Solution 1:[1]
Try this:
new X509Certificate2(Path, "", X509KeyStorageFlags.MachineKeySet);
It appears that the X509Certificate2 constructor tries to access the private key store of the local user (even when loading a PFX and the private key is in the PFX). With asp.net, the user profile typically isn't loaded, so the user key store doesn't exist. Specifying MachineKeySet tells the constructor to look at the Local Computer key store which always exists.
Solution 2:[2]
I also had an issue with a pfx file, problem was, it was exported using AES256-SHA256 encryption, which threw the same exception as in the question. According to this, AES256-SHA256 is only supported on Windows 10 1703, Windows Server 2016 and above. Changing to TripleDES-SHA1 'solved' the issue.
Solution 3:[3]
I had this issue in with a PFX certificate file that had a 40 character password set, Windows allowed me to export it and also import it, but it couldn't be used in C# code, so I changed to a 30 character password and it works.
Solution 4:[4]
I also had an issue with a PFX file, problem was this :
Exported using AES256-SHA256 encryption (using a Windows 11 PC), which threw the same exception as in the question when the PFX was used on my server. This happened in my C# .Net 4.7 application, running on Windows server 2016. Changing export to TripleDES-SHA1 'solved' the issue. Apparently Windows Server 2016 does not support AES256-SHA256, but newer versions do.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Chris J |
| Solution 2 | ferikeem |
| Solution 3 | Peroxy |
| Solution 4 | Sajed |