Certificate is not an RSA certificate when calling FromSigningCredentials for custom Azure B2C Invitation Policy
I'm trying this custom invitation policy code for Azure B2C:
https://github.com/azure-ad-b2c/samples/tree/master/policies/invite#signup-with-email-invitation
I followed the step by step guide and created the certificate but when the code hits the method FromSigningCredentials it throws the exception Certificate is not an RSA certificate..
Here's the code:
public static JwksKeyModel FromSigningCredentials(X509SigningCredentials signingCredentials)
{
X509Certificate2 certificate = signingCredentials.Certificate;
// JWK cert data must be base64 (not base64url) encoded
string certData = Convert.ToBase64String(certificate.Export(X509ContentType.Cert));
// JWK thumbprints must be base64url encoded (no padding or special chars)
string thumbprint = Base64UrlEncoder.Encode(certificate.GetCertHash());
// JWK must have the modulus and exponent explicitly defined
RSACng rsa = certificate.PublicKey.Key as RSACng;
if (rsa == null)
{
throw new Exception("Certificate is not an RSA certificate.");
}
.
.
.
The certificate is loaded but after executing the line:
RSACng rsa = certificate.PublicKey.Key as RSACng;
rsa is null.
This happens locally and on Azure web site.
What am I missing here?
After some research I just found the following issue @ GitHub: https://github.com/dotnet/corefx/issues/26682
User bartonjs tells the following:
No one should ever call cert.PublicKey.Key; you should instead use cert.GetRSAPublicKey().
I replaced that line in my question with:
// JWK must have the modulus and exponent explicitly defined
RSACng rsa = certificate.GetRSAPublicKey() as RSACng;
Now I'm good to go...
- Flurl and untrusted certificates
- Windows: How to sign exe using certificate issued by Certum?
- Problem with Azure Email Communication Service Custom Domain
- SSL Certificate add failed, Error: 183 Cannot create a file when that file already exists - How to bound certificate to ipport?
- What's so dangerous about Pkcs12LoaderLimits.DangerousNoLimits?
- EV code signing certificate along with cloud HSM
- cURL with SSL certificates fails: error 58 unable to set private key file
- Certificate based authentication failed with ERR_BAD_SSL_CLIENT_AUTH_CERT
- ways of authentication with Nginx
- split .pfx file into .crt and .key with openssl
- Why is Firefox not trusting my self-signed certificate?
- Difference between pem, crt, key files
- "The password you entered is incorrect" when importing .pfx files to Windows certificate store
- Convert .pem to .crt and .key
- How can I decode a SSL certificate using python?
- Attackers might be trying to steal your information from (for example, passwords, messages, or credit cards). NET::ERR_CERT_COMMON_NAME_INVALID
- Parsing a DN from certificate in pem format (correct order)
- Are there any advantages in signing an application?
- OV certificate: How many downloads you need in order to get rid of the smart screen?
- Defining KeySpec to "both" in a certreq -new policy inf file
- "Warning: unable to build chain to self-signed root for signer" warning in Xcode 9.2
- Cannot create developer certificate on Mac
- App Center iOS install error: "This app cannot be installed because its integrity could not be verified"
- Sudden "unable to find valid certification path to requested target"
- How to generate CSR manually in java
- How do you parse the Subject Alternate Names from an X509Certificate2?
- SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
- How am I supposed to handle an expiring SAML certificate as an SP?
- Java SecurityException: signer information does not match
- How to allow Python.app to firewall on Mac OS X?