"The specified network password is not correct" on a certificate without a password, on live server only

Asked 21/4, 2016 at 15:51 Answered 21/1, 2020 at 7:11

Solved c#asp.net iis x509 kentor-authservices

I'm using kentor authservices in a SAML service provider project built in asp webforms.

It works great on the development machine but when I put it on the production server (windows 2012 R2, IIS 8), the X509Certificates.X509Utils._LoadCertFromFile call throws an exception "The specified network password is not correct."

Only, the certificate (pfx) has no password and the location it sits in is not secured in any unusual way that I can see, but to be sure i've tried with 'everyone' temporarily granted full access to the folder.

The section of the web config relevant is:

<serviceCertificates>
  <add fileName="~/App_Data/M_SSO_SP.pfx"/>
</serviceCertificates>

Though I don't think it is code related, based on it working fine on the development machine - possibly some server-side problem with the certificate?

Any help would be appreciated greatly.

Rigamarole answered 21/4, 2016 at 15:51 Comment(0)

Looks like getting this error when loading a certificate from file is a known error: ASP.NET - The specified network password is not correct

Kentor.AuthServices doesn't set the MachineKeySet flag as suggested, which it probably should. I've filed an issue in the github repo that it should be fixed. Please follow up on that issue to see when a fix is avilable.

Revegetate answered 21/4, 2016 at 18:58 Comment(4)

Great, thanks Anders! I did see the comment post on #8286610 - is it possible to do this without 'filling up the disk' as the comment implies? – Rigamarole 22/4, 2016 at 7:26

I didn't know of that filling up the disk risk. The stubidp runs on Azure and loads the cert with the MachineKeySet flag and I've not seen any issues in the years it's been online. – Revegetate 22/4, 2016 at 8:42

Ah ok, it's probably fine then, none of the other posts i've seen about the machinekeyset mention it. Thanks! – Rigamarole 22/4, 2016 at 8:48

It seems this exact issue is now affecting the Core sample Startup class - options.SPOptions.ServiceCertificates.Add(new X509Certificate2("Sustainsys.Saml2.Tests.pfx")); in \Samples\SampleAspNetCore2ApplicationNETFramework\Startup.cs - I had to change it to

options.SPOptions.ServiceCertificates.Add(new X509Certificate2("Sustainsys.Saml2.Tests.pfx", "", X509KeyStorageFlags.MachineKeySet));

– Fachini 8/6, 2018 at 20:11

I had the same issue, problem solved after I installed my pfx file on server.

Engedi answered 21/1, 2020 at 7:11 Comment(2)

try this: leave the password blank and press enter while installing – Engedi 1/4, 2022 at 5:8

It appears our Windows Server version was the issue. Installing in a newer version of Windows Server (WS 2019) worked. Windows Server 2008 or 2012 does not work. – Leukocyte 25/5, 2022 at 14:53

Recommended topics

Hot tags