ASP.NET

My ASP.NET application is hosted on a Windows Legacy Server (Windows Server 2016 and below), and a signed request is not working for me.

120 views February 27, 2023 0

For a signed request in the .NET apps hosted on the Windows Legacy Server, you would need to add the certificate private key to the Local Machine Key Store to access it within your .NET application.

The following steps need to be followed to add the private key and provide access:

A] There are two ways to add a certificate private key to Local Machine KeyStore:

    1. Using the Certificate Wizard tool:
      • Double Click on your .PFX file, it will directly open the certificate wizard tool and select the store location to “Local Machine“ as your store location, and click “Next”.
      • Check the path for your current .pfx file selected in the certificate import wizard, then click “Next“.
      • Enter your .PFX password if you have set or click “Next“.
      • Click on “Place all certificates in the following store“ and then on Browse“.
      • Select the “Trusted Root Certification Authorities“ folder.
      • After a successful import, you will see the dialog box with the message: “The Import was successful.“ then click ”OK”.
    2. Using Microsoft Management Console:
      • Run “mmc“, Click “File“ ==> “Add/Remove Snap-In“.
      • Select “Certificates“ and click on “Add”, further select “Computer Account” and then “Local Computer”.
      • Click on Certificates ==> Trusted Root Certification Authorities ==> Certificates ==> All Tasks ==> Import your certificate.

B] Give permissions to your Local Machine Keys:

  • Go to the following path:
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys“ and update the permission of the “IIS_IUSRS“ to “Read“, “Write“, “Read & Execute“.
  • If there is no user found as “IIS_IUSRS”, then add the user with the name “IIS_IUSRS” and provide the specified permissions.
  • If there isn’t a machine key looking at the last modified date copy the MachineKey:
    From: “C:\Documents and Settings\All Users\ApplicationData\Microsoft\Crypto\RSA\MachineKeys“,To: “C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys“.

C] Now, instead of loading certificates from the mo_cert folder, we will pick the certificate from the Local Machine KeyStore from within the module. So, once you have completed the above steps, please let us know and we will provide you with the updated module.

If you continue to experience problems despite all of this, please feel free to contact us at aspnetsupport@xecurify.com.

Was this helpful?


Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com