WEBAPI AND CERTIFICATE A3 - TOKEN

4

Is anyone here able to use A3 type certificate for a WEBAPI?

Because when I test it in debug (ie, local), everything works normal. But if I compile, and put in the IIS application, it keeps returning to me that there is no certificate. Has anyone gone through this?

Follow the Code, (Class Library project)

public X509Certificate2 SelecionarCertificado(string serieCertDigital)
        {
            X509Certificate2 certificate = new X509Certificate2();
            ok = true;
            try
            {
                X509Certificate2Collection certificatesSel = null;
                X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
                store.Open(OpenFlags.OpenExistingOnly);
                X509Certificate2Collection certificates = store.Certificates.Find(X509FindType.FindByTimeValid, DateTime.Now, true).Find(X509FindType.FindByKeyUsage, X509KeyUsageFlags.DigitalSignature, true);

                if ((string.IsNullOrEmpty(serieCertDigital)))
                {
                    certificatesSel = X509Certificate2UI.SelectFromCollection(certificates, "Certificados Digitais", "Selecione o Certificado Digital para uso no aplicativo", X509SelectionFlag.SingleSelection);
                    if ((certificatesSel.Count == 0))
                    {
                        certificate.Reset();
                        //Throw New Exception("Nenhum certificado digital foi selecionado ou o certificado selecionado está com problemas.")
                        mensagem += "Nenhum certificado digital foi selecionado ou o certificado selecionado está com problemas.";
                        ok = false;
                    }
                    else
                    {
                        certificate = certificatesSel[0];
                    }
                }
                else
                {
                    certificatesSel = certificates.Find(X509FindType.FindBySerialNumber, serieCertDigital, true);
                    if ((certificatesSel.Count == 0))
                    {
                        certificate.Reset();
                        mensagem += "Certificado digital não encontrado  " + certificates.Count.ToString();
                        ok = false;
                        return null;
                    }
                    else
                    {
                        certificate = certificatesSel[0];
                    }
                }
                store.Close();
            }
            catch (Exception)
            {
                mensagem += "Falha detectada ao verificar o certificado";
                ok = false;
                return null;
            }

            return certificate;
        }
    
asked by anonymous 29.12.2015 / 14:28

1 answer

1

Good afternoon, my friend.

IIS has a specific user who belongs to a group with extremely restricted access to the features of the host machine.

To resolve your situation, you basically need to configure the IIS user to have access to the certificate.

Below is a link to a solution that, if it does not solve your questioning 100%, I believe it will at least give you a way forward.

Hugs.

link

    
03.02.2016 / 17:42