.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

Certificate API question - Private Key.

Posted By:      Posted Date: August 28, 2010    Points: 0   Category :.NET Framework
I am trying to follow http://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509certificate2.aspx but I am finding that the Private Key property of the certificate is always null. I created the certificate with makecert -pe -n "CN=BuySeasonsThirdParty" -r -b 08/26/2010 -e 08/26/2011 -sky exchange Amazon.cer. Then installing it on the local user store using: X509Store store = new X509Store(storeName, StoreLocation.CurrentUser); and using the same API to get the certificate from the store. The certificate that I retrieve from the store is non-null it is just the PrivateKey is null. So I can encrypt using something like: ((RSACryptoServiceProvider)cert.PublicKey.Key).Encrypt(Encoding.Unicode.GetBytes(text), true)   But since the Private Key property is NULL I cannot decrypt. Any ideas? Kevin

View Complete Post

More Related Resource Links

SSL certificate question "The certificate ... must have a private key that is capable of key exchang


OK I'm cheating a bit, but I promise not to cross-post again!  I posted this to the DiscountASP.net forum, but since it does not get much traffic, and because this question might not be DiscountASP.net related, I'm reposting here.  Forgive me, but I have a sneaky suspicion this might not be as simple as a SSL certificate lacking a private key.

Any ideas what this might be?  I'll post any answers I get from DiscountASP.net here, just to complete the record for future reference.

One more thing:  I did not use the 'makecert' command, since this is a project where the WCF web service resides not on my localhost machine, but remote, at the DiscountASP servers.  They (the DASP people) set up the SSL certificate--I assume they did so properly.  All I did was import it from there, and stored it in the '/My' folder of where I use Visual Studio 2008.  In nearly all examples on the net, the tutorials assume you 'self-sign' your certificate with both the server and client residing locally, in the Visual Studio internal built-in server.  This is not the case here.  What I'm hoping is that it's a simple problem where the SSL certificate I bought does not include a private key--though it's pretty useless for programming purposes if it does not.  Googling this issue I see there are a few threads on this topic bu

Question about RSA Decrypt using private key

Hello,      I am doing a project to communiate with a bank. I send a message which was sign by my private key to the bank and get a response from the bank. The message like below: PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iR0JLIj8+CjxtZXNzYWdlIG1ldGhvZD0iZXJyb3IiIHR5cGU9InJlc3BvbnNlIj4KICAgIDxkYXRlPjIwMTAwNTI4PC9kYXRlPgogICAgPHRpbWU+MTEwMzQ1PC90aW1lPgogICAgPHJldENvZGU+QVVUSDBFSTwvcmV0Q29kZT4KICAgIDxjb21tZW50UmVzPuacquW8gOWNoTwvY29tbWVudFJlcz4KPC9tZXNzYWdlPgo= Then I try to decrypt the message. The code like below:        public static string ParsePayment(HttpRequest request)     {         string CertificatePW = "123456";         string prikey_path = HttpContext.Current.Server.MapPath("~/App_Data") + "\\certificate\\test.pfx";         return CerRSADecrypt(Convert.FromBase64String(aa), prikey_path, CertificatePW);          }         public static string CerRSADecrypt(byte[] DataToDecrypt, string prikey_path, string CertificatePW)     {                        &nbs

x509 - Client Certificate infrastructure for Asp.Net question

I dont have a lot of background with SSL and X509 configuration and support with my Asp.Net application, so I was wondering if someone can explain or point me in the right direction to MSDN or any other article or posting explaining if it's possible to do what I am looking to support in my environment.I have IIS 6.0 with SSL (Verisign cert) as well as "Require client certificates" working against a local installation of Microsoft Certificate Services, https://<domain>/certsrv, where users can request and install client certs (both xp clients for basic mode, and Vista/7 for advance mode).Here's what I am up against:I have a segment of users coming from a virtualized server environment where this environment does not store personal settings for more than 48 hours. It's not an internet cafe, but rather an actual business where their IT staff uses server images to reimage each virtual server in the farm every 48hrs. Thus losing all users data in the "Current Users" Certificate Stores.The IT staff give users a network folder share to store any personal items (docs, spreadsheets, links, etc.). The servers consist of Windows Server 2003, and will be migrating to Windows Server 2008 in the next 6-9 months.These users have rights in Internet Explorer to navigate to my certsrv site and use activex to to request and install certificates then clode and

public web methods...how to make private? Security question


I understand how to set security for a ASP.NET web page, how to encrypt a Silverlight page, and a WCF application, but my question goes to this:  given a web method, which by definition must be public, how do you keep people from accessing it outside of your client program?

If your program (client) is the only way to access this web method, then there's no problem.  But it is impossible to make a web method private--it won't compile--so how to keep people from using it?  The only thing I can think of is that if you call your web method by an obscure sounding name, it's likely nobody will guess the URL, and if you set your server so it cannot be searched (dir *.*) by the public, it's unlikely anybody will ever guess the name of the web method.  But this is hardly 100% secure.  And what if you call your web method "DoWork", which is the default OperationContract name in Visual Studio?

What am I missing?



//what I have in mind

public interface IService1
        string DoWork();


public string DoWork()
//secret stuff in here
string SecretStuff = "S

restore certificate without private key


Hi, this is a question both to fix the immediate issue, and gain some understanding of the security model.

As part of trying out transparent data encryption, I have backed up and restored a user database certificate on a different server without specifying a private key on either the backup or restore.

When I try to attach the encrypted database on the other server where I have restored the certificate, I get the error

" a key required by this operation appears to be corrupted "

I have checked that the certificate thumbprint matches on the source and destination servers.

So my question is - do I necessarily need to backup the certificate with a private key for this process to work? And if yes, then why is this so - what is the significance of the certificate's private key


Certificates: Cannot find the certificate and private key for decryption Error when sign

Note: from stackoverflow: I think is better for system administrators.

I work in company with many servers and Pcs for developers. Servers are win2003, PC developers Windows XP.

In a server Win2003 named preiis01, in preproduction environment, other people in company install a client certificate using any other user (domainCompany\adminsystems) for logging in server preiis01.

Anyone admin uses the user "domainCompany\adminsystems" for log in server preiis01 (using Terminal Server, Remote Desktop for Windows XP).

the admin user is domainCompany\adminsystems", which installs certificate.

Admin user install it like this:

Session login like "domainCompany\adminsystems"
Certificate is PFX file. Do Install PFX and using Wizard. The key private not check for export.
Input the password and install.

There is an application Web which AppPool Identity is: NETWORK SERVICE account.

web server is IIS 6.0.

in preiis01,

That admin user executes mmc -> Snap in -> Certificates for Local Machine. In no

File Permissions for Private Key/Certificate Exported from SQL 2008


As part of our new key management system for SQL server, we are backing up the Private Key and Certificate file to a UNC file path that has very restricted access to only Key and Certificate custodians.  When we execute the backup script, it works and puts the Certificate and Key files to the UNC path, but the files do not inherit NTFS permissions from the target path and our Key and Certificate Custodians do not have access to these files.  Is there a way to "force" these files to inherit permissions from their target folder structure?

Here is the SQL script used to generate our key pair:


  TO FILE = '\\UNCCertificatePath\CertificateFile.cert’

how to add Private key to certificate c# / or make a keystore




My webservice is developed in java/weblogic. My certs are gererated by a java program to many files (ClientCert.der,ClientCert.pem,ClientKey.der,ClientKey.pem)

how to add Private key to credential certificate in c#


when i do like this :



Ship.ShipService s = new
, "ClientKey"
, "ServerKey"
// Create a new policy.

Policy webServiceClientPolicy = new
// Specify that the policy uses the MutualCertificate11 turnkey security assertion.

webServiceClientPolicy.Assertions.  Add(new
// Ap

Some basic MVC question

  1. In regular asp net I can run (debug) the application but I can either "view in browser" that gives me the option to view the application and write code on same time.

In MVC I can't find this option.

  1. What is the basic DATA MODEL for working with SQL DB.

I mean with no any framework (entity framework, Sub sonic, Link to SQL etc')

I look for basic application that works with data but with no fw.

  1. What is the popular DB framework that working with data.
  2.  I am looking on  mvc series


C# Soup To Nuts  (the best series ever)


I watch some of the MVC video, seems that the music store is good but I have to wait to the other part.

Does any one know and recommend   a Microsoft MVC tutorial?





Web Site to Web Application Question


I've been building web sites and for my next project I will be creating a web application.  I use a 'BasePage' class in all my projects but, since web applications do not contain the 'App_Code' folder, what is the best place/practice for the 'BasePage' class?



connection string question from a newbie


when publishing  in the webmatrix dialogue it asks for "destination connection string" for my "database.mdf"

I was not sure what it was so I pasted this from my web.config file :

Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\database.mdf;Integrated Security=True;User Instance=True

it all published ok, but wont run, so I guess it has somthing to do with this connection string or some kind of configuration issue.

My question is this, What should go in the field for "Destination connection string"

Security Question Answer Retrieval


I know there is a method built in for retrieving the encrypted password, but how do I retrieve the encrypted security answer?

What I want to do is have a member profile update screen that the end user can update their password and security question and answer. However, when they get to this page, I want to already be showing the security question (the easy part) and its answer (the not so easy part).

I have updated web.config with passwordFormat=Encrypted and have added a machineKey with the generator (forgot the link, but located on eggheadcafe somewhere).

I haven't done ANYTHING yet, since I already have a user store with hashed information. I wanted to get some functionality done before publishing, wiping the store and recreating users (only a couple developers).


Very Basic Question - Error message running first page


Hi Everyone,

I am running Windows 7 and I have gone into Control Panel and activated all of the IIS Functions.

The web application I am running was downloaded from the net (and has worked on other machines previously).  Once I downloaded it, I moved it into C:/inetpub/wwwroot/code/main.asp

I am a bit of a novice at this!  But I am hoping someone can point me in the right direction!


I get the following error when I try and run the web application through IE:

"An error occurred on the server when processing the URL. Please contact the system administrator. If you are the system administrator please click here to find out more about this error."

(When i click the "click here" button it just goes to the IIS site).


Appreciate any help I can get!




C#, LINQ: (List<>) Question???


Hi Everyone,

I have a strange problem:


There is an entity (Table) called "Filters" in my .edmx which has all my tables and stuff in it (to use it for LINQ queries)

I have created a class called "CustomFilters" which inherits "Filters". So now my cutom class has all the properties of the original "Filters" class (table) and 1 more additional property that i wanted which is a List of "CustomFilters":

List<CustomFilters> children = new List<CustomFilters>();

Now i get all my records into:

List<CustomFilters> theOriginalList = new List<CustomFilters>();

NOTE: first all records are tken into a List<Filters> and then these are added into List<CustomFilters> where List<CustomFilters> for children of that record is added, and then children of the child records, and so on......

so now, every record is an instance of CustomFilters which has a property named "children" which is a list again; and each child again has instanaces of "CustomFilters", and each instance again has children...and on and on and on.....

(basiacally its a data source for a treeview in my silverlight control)

every thing is good and working as expected.


linqdatasource parameters question



I'm currently getting to know the linqdatasource control. What would happen if several WHERE parameters are added to the linqdatasource control declaritively in the aspx page but no WHERE clause is defined? 

1. is there any issue with setting up multiple WHERE parameters in the aspx markup for linqdatasource but then deciding which ones actually get used at runtime by setting the actual WHERE clause at run time? Would the unused parameters simply be ignored and cause no issues?

2. when you need to modify WHERE clause or WHERE parameters at runtime do you need to do so in an event handler? such as linqdatasource.selecting?
I see from the above link it is possible, but is that the standard way to handle controlling filtering in code behind for linqdatasource?

2b. if you use an event such as linqdatasource.selecting to add where parameters and/or modify the where clause in code will that also break the builtin sorting and paging support of the linqdatasource with a gridview? 

database interface design question


For handy database interface, is it good to use SqldataSources exclusively intead of EntLib functions?

Thanks for any feedback.

A Challenging Question for Advanced user....


Using  dot net How will you release .exe applicattion for 1000 clients.this question was asked by manager but i could not answer him.tell me if you can!!!

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend