Forums, Documentation & Knowledge Base - ComponentSpace

Keyset does not exist error on Azure


https://componentspace.com/forums/Topic10011.aspx

By gianny - 6/3/2019

Hi ComponentSpace,

The following error has recently started showing up randomly for us on our Azure environment after running the below code in our .NET Core 2.2 application

var result = await SamlServiceProvider.ReceiveSsoAsync();

Receiving an SSO response from a partner identity provider has failed.
Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Keyset does not exist
 at ComponentSpace.Saml2.SamlServiceProvider.DecryptSamlAssertionAsync(AssertionListItem assertionListItem)
 at ComponentSpace.Saml2.SamlServiceProvider.GetSamlAssertionAsync(SamlResponse samlResponse)
 at ComponentSpace.Saml2.SamlServiceProvider.ProcessSamlResponseAsync(XmlElement samlResponseElement)
 at ComponentSpace.Saml2.SamlServiceProvider.ReceiveSsoAsync()


I've been told that it happens randomly. I've looked around on the forums and I see topics mentioning that it may be related to permissions
https://componentspace.com/Forums/8629/CryptographicException-Keyset-does-not-exist
https://www.componentspace.com/Forums/29/Troubleshooting-Loading-X.509-Certificates

We store our certificates in the database and load them through a custom ICertificateLoader implementation.

return new X509Certificate2(file, password, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet);


Our ComponentSpace.Saml2.dll is version 2.0.6, and we recently updated our application to .NET Core 2.2.

On azure, we run our application in an App Service.

Do you have any suggestions? I believe it has only started happening recently.



By ComponentSpace - 1/7/2021

We haven't been able to reproduce this error so it's not something we've been able to investigate thoroughly.

Have you asked Microsoft support or on stackoverflow?

If you find a solution please add a comment here for anyone else who might run into the issue.