Hello,
I'm trying to call a webservice with WSE 2.0 (sp3) in a code implemented in a NT service (developed in .net). Todo this,I'm addinga certificate token and creating a sign element, but when I send the message the framework rises the following error:
Cryptography_CSP_NoPrivateKey
This error doesn't happen if I call the same code (exactly) from a windows application...
Does anyone know what could be generating this behaviour???
Is this something related with permissions on my user account and the localsystem account who runs the service???
Regards,
Markus | | The Markus | Are you using the machine key store or the user key store? My guess is that if the code works when run in your user context and not as LocalSystem, you're not setting the CspParameters up to use the machine store and the LocalSystem user cannot see the key containers for your user account.
-Shawn | | Shawn Farkas - MS | Thanks for the reply, I've already solved the problem...
Thanks,
Markus - Marked As Answer byThe Markus Thursday, March 05, 2009 6:31 PM
-
| | The Markus | Hello Precis,
I think I solved it checking the right parameters. I was at that time doing interop with direct API calls, but if you check the parameters I think you'll solve it.
If the problem persist let me know...
Regards,
Markus | | The Markus |
Hola Idan,
wse 2.0 has a tool who is called: WSE X.509 Certificate Tool. Use it to open the custom certificate that you have, and check (at the bottom) the security settings of the private key with the button "View Private Key File Properties". I think you can run it from a windows application because the user (running it) has security permissions, and it's different from the microsoft's reporting services which could be using another user.
Saludos,
Mk
| | The Markus | Are you using the machine key store or the user key store? My guess is that if the code works when run in your user context and not as LocalSystem, you're not setting the CspParameters up to use the machine store and the LocalSystem user cannot see the key containers for your user account.
-Shawn | | Shawn Farkas - MS | Thanks for the reply, I've already solved the problem...
Thanks,
Markus - Marked As Answer byThe Markus Thursday, March 05, 2009 6:31 PM
-
| | The Markus | Hi Markus. I'm running into the same issue. What did you do to solve this problem? Was it the permissions?
Thanks
Jibran | | jibran | Hi Markus / Jibran
I am also facing the same problem . Could you please tell me how you solved it .
Thanks in advance . | | Precis | Hello Precis,
I think I solved it checking the right parameters. I was at that time doing interop with direct API calls, but if you check the parameters I think you'll solve it.
If the problem persist let me know...
Regards,
Markus | | The Markus | Hi , maybe you or someone else could please explain more about what causing this problem and maybe give a detailed explanation of the solution , I came across what i think is the exact same problem , I'm calling a webservice with wse 2.0 in code which being run by microsoft's reporting services - Its a custom extension to a data source if anyone knows this field.
Anyway getting same error and when running from windows application it works fine , the problem is the code related to wse 2.0 was not written by me and i don't know that much about it or about dealing with certificates ect , the person who does will be back only in few days so i would like to solve it myself , So if anyone can explain exactly what to do to solve it would highly appreciate it.
| | Idan Hollander |
Hola Idan,
wse 2.0 has a tool who is called: WSE X.509 Certificate Tool. Use it to open the custom certificate that you have, and check (at the bottom) the security settings of the private key with the button "View Private Key File Properties". I think you can run it from a windows application because the user (running it) has security permissions, and it's different from the microsoft's reporting services which could be using another user.
Saludos,
Mk
| | The Markus | | The Markus wrote: |
Hola Idan,
wse 2.0 has a tool who is called: WSE X.509 Certificate Tool. Use it to open the custom certificate that you have, and check (at the bottom) the security settings of the private key with the button "View Private Key File Properties". I think you can run it from a windows application because the user (running it) has security permissions, and it's different from the microsoft's reporting services which could be using another user.
Saludos,
Mk
|
|
Hi ,Thank you for the quick reply ... But i still haven't solved my problem.. I've tried what you said using the cert tool choosing local computer and choose the right certificate then for the sake of testing I've given permission to the keyword user "Everyone" That didn't work and after more testing I understand that the keyfile is probably individual per user ? For example I used the run as option to run the cert tool choosing a different user and it seems the key file was missing until i added him using the mmc , and after that his permissions was different . So i assume i need to find the user that runs that code by the reporting services and give him premmision and put the certificate for him using the mmc .. But i wasn't successfull in doing that , I'm not sure how to determine which user is running this datasource extension for reporting services .. , According to services.msc the reporting service is run by LocalSystem.. , When i debug the code the object System.Thread.CurrentPrincipal.User.Name ( something like that don't remember the exact name of it ) Holds the user i'm running the computer with (my personal user) I've also tried adding an impersonation code in there to another user but kinda strangely that object still stays with my user . My user defently has permission for the keyfile.. Any chance anyone here knows what happends user wise when reporting services calls a custom datasource extension ? If not any ideas that might help will be welcome .. | | Idan Hollander | hello Idan Hollander,
you found that the keyfile is probably individual per user, right ? So you should always import the Certificate via mmc\Certificates(Local computer)\personal\Certificates, right click using All Tasks\import... dialog. Do not click the cer directly to install and drag the cer to Certificates(Local computer) portion.
The private key file will locate different folder, you may find the difference.
Then grant security permissions to the service user account via WSE X.509 Certificate Tool , It's Simple.
Good luck!
| | Satie Cheung |
Hi everyone!
I have the same and differentproblem...
My flow is: ASP.NET page call---> Web Servicecall ( with WSE 2.0 in a code implemented)
--->Web Service
There are three servers - first ASP.NET web page ( server A) that call to a Web Service ( server B )that call withWSE 2.0 in a code implementedto the next Web Service ( server C ).
Todo this,I'm addinga certificate token and creating a sign element in c# code (in WS on Server B) but when I send the message from ASP.NET page(server A)to the Web Service (server B)i'm gettingthe following error: ryptography_CSP_NoPrivateKey .
The problems and error: Cryptography_CSP_NoPrivateKeyhappens
on server B....
whenhe is trying to call WS from Server C.
My Certificate have all Security settings(EVERYONE permission is chosen) that was definedvia X509 Certificate Tool.
This error doesn't happen if i'mLog In to the server B that containt Web Service and error back when i'm Log Out from this one. It's very strange but i can't find any thing to solve this problem.
Thank you in advance for the help,
Vadim
| | Vadim Tsyganov | Hi ,
i Am also facing same problem Cryptography_CSP_NoPrivateKey on windows xp.
using wse 2.0 and .net 1.1
i am stucked in this issue for quite a long time.
it would be great help if you can tell me step by step to resolve the problem
Regards,
Amar Joglekar | | Amar Joglekar |
Hello,
i am also facing same problem (Cryptography_CSP_NoPrivateKey) using wse 2.0 and .net 1.1
see , i am working on wse 2.0 (Web Service Enhancement )along with .net framework 1.1
i am basically want to encrpt the soap messages using x.509 cxertificates using wse 2.0
i have a certificate(Test) with extention .cer and associatedd private key also(in CurrentUser\Personal Store).
i can access all properties and method of that certificate by opening the certificate in code and also if i open certificate it shows that there is a associated private key with certificate.
also if checked in C:\Documents and Settings\Amar.Joglekar\Application Data\Microsoft\Crypto\RSA\MachineKeys
(Amar.joglekar is my administrator account on pc) the system file (private key file) is created automatically when i create certificate using makecert tool
is this file itself is private key file or something else?
also i have set aspnet a/c, administrator a/c and my a/c(amar.joglekar) full control rights on this system file(as name of the file is also seen on certificate when i open it with wse certification manager /private key file properties)
BUT when i try to give a call to my web sservice , it gives me error as
"Cryptography_CSP_NoPrivateKey"
where am i doing wrong?i am stucked in it for alongggggggggggg time .
If you can Please tell me steps from begening to end for signing soap messages with x.509 ,it will be great help
my email address is amar.joglekar@gmail.com if you wish u can send me sample code files also
Regards,
Amar Joglekar | | Amar Joglekar | Check out "How to call a Web service by using a client certificate for authentication in an ASP.NET Web application" http://support.microsoft.com/kb/901183 | | YYZRichard | My issue with "Cryptography_CSP_NoPrivateKey" was caused because the ASPNET account didn't have access to the certificate.
Try the following steps:
Ensure the certificate is installed on LOCALMACHINE instead of CURRENT USER.
1. Click "START", "Run", then type "mmc"
2. In "mmc", choose from the menu "File", "Add/Remove Snap-in", click "Add" button, then choose "Certificates", "Computer Account", click "Next" button, "Local Computer", then click "Finish" button, "Close" button, "OK" button.
3. Expand "Certificates (Local Computer)", "Personal", "Certificates"
4. Right-click "Certificates", "All tasks", "Import", then choose your X509 certificate.
5. Repeat step 4, but under "Trusted Root Certification Authorities".
Grant access to the ASPNET Account or the ACCOUNT running the ASP.NET process.
1. Click "START", "All Programs", "Microsoft WSE 2.0", "X509 Certificate Tool"
2. Choose:
Certificate Location: "Local Computer"
Store Name: "Personal"
3. Click "Open Certificate" button, and select the certificate installed on the steps above, then click okuntil you get back to WSE X.509 Certificate Tool.
4. Click "View Private key File Properties" button (at the bottom)
5. Click on "Security" tab, then add the accounts you want to grant access (Ex: ASPNET, Everyone, etc)
That solved my problem. - Edited byYYZRichard Friday, October 24, 2008 4:28 AM
-
| | YYZRichard |
My issue with "Cryptography_CSP_NoPrivateKey" was caused because the ASPNET account didn't have access to the certificate.
Try the following steps:
Ensure the certificate is installed on LOCALMACHINE instead of CURRENT USER.
1. Click "START", "Run", then type "mmc"
2. In "mmc", choose from the menu "File", "Add/Remove Snap-in", click "Add" button, then choose "Certificates", "Computer Account", click "Next" button, "Local Computer", then click "Finish" button, "Close" button, "OK" button.
3. Expand "Certificates (Local Computer)", "Personal", "Certificates"
4. Right-click "Certificates", "All tasks", "Import", then choose your X509 certificate.
5. Repeat step 4, but under "Trusted Root Certification Authorities".
Grant access to the ASPNET Account or the ACCOUNT running the ASP.NET process.
1. Click "START", "All Programs", "Microsoft WSE 2.0", "X509 Certificate Tool"
2. Choose:
Certificate Location: "Local Computer"
Store Name: "Personal"
3. Click "Open Certificate" button, and select the certificate installed on the steps above, then click okuntil you get back to WSE X.509 Certificate Tool.
4. Click "View Private key File Properties" button (at the bottom)
5. Click on "Security" tab, then add the accounts you want to grant access (Ex: ASPNET, Everyone, etc)
That solved my problem.
Thanks for this solution. This works. Actually I had thensame problem of certificate not working when run in ASP.NET web form. It runs in windows form Application. I think Amar tula hech answer expected asel. Good suggestion | | Ajay Kewale | Thanks for the solution Richard, It works | | Ajay Kewale |
|
index > Common Language Runtime > Cryptography_CSP_NoPrivateKey error