Click here to Skip to main content
15,797,683 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
I am developing a C# application that needs to sign documents using a certificate issued to a user and stored on a SafeNet eToken. When I run the application on IIS Express, it is able to locate the certificate and prompts for the PIN to access the eToken. However, when I publish the application to IIS 10 server and run it from there, it cannot find the certificate. Moreover it does not return any error. It simply does not find the certificate. I have changed the code to search for the certificate in all stores and store locations but failed to resolve this. What could be the issue?

Below is the code I am using:
public static X509Certificate2 GetCertificateFromStore2(string thumbprint)
            foreach (StoreLocation storeLocation in (StoreLocation[])Enum.GetValues(typeof(StoreLocation)))
                foreach (StoreName storeName in (StoreName[])Enum.GetValues(typeof(StoreName)))
                    X509Store store = new X509Store(storeName, storeLocation);

                        // Place all certificates in an X509Certificate2Collection object.
                        X509Certificate2Collection certCollection = (X509Certificate2Collection)store.Certificates;
                        // If using a certificate with a trusted root you do not need to FindByTimeValid, instead:
                        // currentCerts.Find(X509FindType.FindBySubjectDistinguishedName, certName, true);
                        X509Certificate2Collection currentCerts = certCollection.Find(X509FindType.FindByTimeValid, DateTime.Now, false);
                        //X509Certificate2Collection currentCerts = certCollection.Find(X509FindType.FindByThumbprint, thumbprint, true);
                        if (currentCerts.Count > 0)

                            X509Certificate2Collection signingCert = currentCerts.Find(X509FindType.FindByThumbprint, thumbprint, true);
                            if (signingCert.Count > 0)
                                // Return the first certificate in the collection, has the right name and is current.
                                return signingCert[0];


            return null;

What I have tried:

I tried searching all stores and locations but not successful. On the IIS 10 server, I gave access to ApplicationPoolIdentity as an actual user on the server. But this has also not yielded positive results!
Updated 6-Feb-23 23:11pm

1 solution

Your code is running on the server. It cannot access devices connected to the client.

It may appear to work when you debug it in IIS Express. But that's only because, in that specific instance, the server and client are the same machine, and the server is running under your user profile.

You will need to contact the manufacturer of the device you're using to find out what options you have to access the device from client code.
Share this answer
Member 15916289 7-Feb-23 6:09am    
Thanks Richard. I did not know this. Let me contact the vendor to see what they advise. This is greatly appreciated

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900