When running on IIS 10 how do I find a certificate on a USB etoken?

Question

0.00/5 (No votes)

See more:

I am developing a C# application that needs to sign documents using a certificate issued to a user and stored on a SafeNet eToken. When I run the application on IIS Express, it is able to locate the certificate and prompts for the PIN to access the eToken. However, when I publish the application to IIS 10 server and run it from there, it cannot find the certificate. Moreover it does not return any error. It simply does not find the certificate. I have changed the code to search for the certificate in all stores and store locations but failed to resolve this. What could be the issue?

Below is the code I am using:

public static X509Certificate2 GetCertificateFromStore2(string thumbprint)
        {
            
            foreach (StoreLocation storeLocation in (StoreLocation[])Enum.GetValues(typeof(StoreLocation)))
            {
               
                foreach (StoreName storeName in (StoreName[])Enum.GetValues(typeof(StoreName)))
                {
                    X509Store store = new X509Store(storeName, storeLocation);
                    
                    try
                    {
                        store.Open(OpenFlags.ReadOnly);

                        // Place all certificates in an X509Certificate2Collection object.
                        X509Certificate2Collection certCollection = (X509Certificate2Collection)store.Certificates;
                        // If using a certificate with a trusted root you do not need to FindByTimeValid, instead:
                        // currentCerts.Find(X509FindType.FindBySubjectDistinguishedName, certName, true);
                        X509Certificate2Collection currentCerts = certCollection.Find(X509FindType.FindByTimeValid, DateTime.Now, false);
                        //X509Certificate2Collection currentCerts = certCollection.Find(X509FindType.FindByThumbprint, thumbprint, true);
                        if (currentCerts.Count > 0)
                        {

                            X509Certificate2Collection signingCert = currentCerts.Find(X509FindType.FindByThumbprint, thumbprint, true);
                            if (signingCert.Count > 0)
                                // Return the first certificate in the collection, has the right name and is current.
                                return signingCert[0];
                        }

                    }
                    
                    finally
                    {
                        store.Close();
                    }

                }
            }
            return null;
        }

What I have tried:

I tried searching all stores and locations but not successful. On the IIS 10 server, I gave access to ApplicationPoolIdentity as an actual user on the server. But this has also not yielded positive results!

Posted 6-Feb-23 18:31pm

Member 15916289

Updated 6-Feb-23 22:11pm

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Richard Deeming · Answer 1 · 2023-02-06T22:11:00

Your code is running on the server. It cannot access devices connected to the client.

It may appear to work when you debug it in IIS Express. But that's only because, in that specific instance, the server and client are the same machine, and the server is running under your user profile.

You will need to contact the manufacturer of the device you're using to find out what options you have to access the device from client code.