c# - X509Certificate - Keyset does not exist

Question

I have a WinForms application that consumes a WCF, and pass as a parameter to a function a certificate:

mySvcClient.SendDocument(cert.Export(X509ContentType.SerializedCert, "password"));
...

In WCF service, I recreated the certificate from the array of bytes:

public void SendDocument (byte[] binaryCert)
{   
     X509Certificate2 cert = new X509Certificate2(binaryCert, "password");
...

But when using the certificate to sign a xml, I got the error "Keyset does not exist":

if (cert.HasPrivateKey) // WORKS!!!
{   
    signedXml.SigningKey = cert.PrivateKey; // THROW "keyset does not exist" EXCEPTION
...

In my computer, the application works 100%! But in the WebServer, I got this error!

The question is: even X509Certificate2 recreated from an array of bytes, I need some special permission to access private key?

Thank you!

Answer 1

If you are using windows server 2008 or windows 7, then you need the permission to read private key.

1. use FindPrivateKey tool to find path. For example:

FindPrivateKey My LocalMachine -n "CN=MyCert" –a

it returns the path: C:ProgramDataMicrosoftCryptoRSAMachineKeys[File Name]

2. Go to that path and open file properties

3. Go to security tab

4. Click on "Edit" then "Add"

5. In opened dialog write: IIS AppPool[your application pool name] and click OK

Now your application pool has permission to read this private key.