I am trying to create an X509Certificate2 from a base64 encoded string. This code I have added to a sample Azure function.
Locally the code works and I can create a cerificate object from bas364 encoded string, however when publishing to Azure I get an exception
Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException at Internal.Cryptography.Pal.CertificatePal.FilterPFXStore
Following https://github.com/dotnet/runtime/issues/30658
I have kept app service plan as '(P1v2: 1)' which is not shared.
Use WEBSITE_LOAD_CERTIFICATES app setting in your azure function the specified certificates accessible to your Windows hosted app in the Windows certificate store, in Current_User\Your_user.
In your code, access the certificate by the certificate thumbprint. Like certificateThumbprint = "<your certificate thumbprint>";
Note: App Service inject the certificate paths into Windows containers. like variables
WEBSITE_PRIVATE_CERTS_PATH,WEBSITE_INTERMEDIATE_CERTS_PATH,WEBSITE_PUBLIC_CERTS_PATH, andWEBSITE_ROOT_CERTS_PATH. Make sure you have to reference the certificate path with the environment variables instead of hardcoding the certificate path.
If still, you are facing the same issue you can add the WEBSITE_LOAD_USER_PROFILE=1 app settings in your app. The error says that the certificate not accessible for specific user. It will fix your problem.
Refer here for more information