System.Security.Cryptography.CryptographicException：参数不正确

Question

I have the following exception when a try create a new Instance of ServiceHost (new ServiceHost(serviceType, baseAddresses))

System.Security.Cryptography.CryptographicException: The parameter is incorrect.

Stack Trace: 


[CryptographicException: The parameter is incorrect.
]
   System.Security.Cryptography.X509Certificates.X509Certificate2Collection.LoadStoreFromBlob(Byte[] rawData, String password, UInt32 dwFlags, Boolean persistKeyContainers) +1871625
   System.Security.Cryptography.X509Certificates.X509Certificate2Collection.Import(Byte[] rawData, String password, X509KeyStorageFlags keyStorageFlags) +104
   System.ServiceModel.Description.ConfigLoader.LoadIdentity(IdentityElement element) +501
   System.ServiceModel.Description.ConfigLoader.LoadServiceDescription(ServiceHostBase host, ServiceDescription description, ServiceElement serviceElement, Action`1 addBaseAddress) +12346988
   System.ServiceModel.ServiceHostBase.LoadConfigurationSectionInternal(ConfigLoader configLoader, ServiceDescription description, ServiceElement serviceSection) +67
   System.ServiceModel.ServiceHostBase.ApplyConfiguration() +108
   System.ServiceModel.ServiceHostBase.InitializeDescription(UriSchemeKeyedCollection baseAddresses) +192
   System.ServiceModel.ServiceHost.InitializeDescription(Type serviceType, UriSchemeKeyedCollection baseAddresses) +49
   System.ServiceModel.ServiceHost..ctor(Type serviceType, Uri[] baseAddresses) +151
   STARTAccessPoint.StartServiceFactory.CreateServiceHost(Type serviceType, Uri[] baseAddresses) in D:\Work\Projects\Marlo\LIME\projecto_start\start\project\START\STARTAccessPoint\accesspointService.svc.cs:273
   System.ServiceModel.Activation.ServiceHostFactory.CreateServiceHost(String constructorString, Uri[] baseAddresses) +422
   System.ServiceModel.HostingManager.CreateService(String normalizedVirtualPath) +1461
   System.ServiceModel.HostingManager.ActivateService(String normalizedVirtualPath) +44
   System.ServiceModel.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath) +651

[ServiceActivationException: The service '/accesspointService.svc' cannot be activated due to an exception during compilation.  The exception message is: The parameter is incorrect.
.]
   System.Runtime.AsyncResult.End(IAsyncResult result) +688590
   System.ServiceModel.Activation.HostedHttpRequestAsyncResult.End(IAsyncResult result) +190
   System.ServiceModel.Activation.ServiceHttpModule.EndProcessRequest(IAsyncResult ar) +310694
   System.Web.AsyncEventExecutionStep.OnAsyncEventCompletion(IAsyncResult ar) +94

Here is the code that I use:

protected override ServiceHost CreateServiceHost(Type serviceType, Uri[] baseAddresses)
    {
        if (!CertificatesConfiguration.HasServiceCredentials(serviceType.FullName))
        {
            throw new ConfigurationErrorsException(String.Format("Config section does not contain service credentials for service \"{0}\".", serviceType.FullName));
        }
        var credentials = CertificatesConfiguration.ServiceCredentials.ByServiceName(serviceType.FullName);

        //X509Certificate cert = credentials.ServiceCertificate.Certificate;

        return InitServiceHost(new ServiceHost(serviceType, baseAddresses),typeof(STARTAccessPoint.Resource),credentials.ServiceCertificate.Certificate);
    }

This is my Web.Config :

<services>
  <service name="STARTAccessPoint.accesspointService" behaviorConfiguration="SecureServiceBehavior">
    <endpoint address="" name="ResourceBindingPort" binding="customBinding" bindingNamespace="http://www.w3.org/2009/02/ws-tra" bindingConfiguration="SecureServiceBinding" contract="STARTAccessPoint.Resource">
      <identity>
        <certificate encodedValue=""/>
      </identity>
    </endpoint>
  </service>
</services>
<behaviors>
  <serviceBehaviors>
    <behavior name="SecureServiceBehavior">
      <serviceMetadata httpsGetEnabled="true" externalMetadataLocation="https://localhost:1443/accesspointService.wsdl.xml"/>
      <serviceDebug includeExceptionDetailInFaults="true"/>
    </behavior>
  </serviceBehaviors>
  <endpointBehaviors>
    <behavior name="SecureClientBehavior">
    </behavior>
  </endpointBehaviors>
</behaviors>
<bindings>
  <customBinding>
    <binding name="SecureServiceBinding" closeTimeout="00:01:30" openTimeout="00:01:30" sendTimeout="00:01:30" receiveTimeout="00:01:30">
      <reliableSession ordered="true" reliableMessagingVersion="WSReliableMessaging11" flowControlEnabled="false" maxRetryCount="4" inactivityTimeout="00:01:00"/>
      <security defaultAlgorithmSuite="Basic128" allowSerializedSigningTokenOnReply="true" authenticationMode="MutualCertificate" requireDerivedKeys="false" securityHeaderLayout="Lax" messageProtectionOrder="SignBeforeEncrypt" messageSecurityVersion="WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10" requireSignatureConfirmation="false">
        <issuedTokenParameters keyType="SymmetricKey"/>
        <secureConversationBootstrap/>
      </security>
      <httpsTransport authenticationScheme="Anonymous" hostNameComparisonMode="WeakWildcard" proxyAuthenticationScheme="Anonymous"/>
    </binding>
  </customBinding>
</bindings>

Cerificates Config File, with all information about the Certificates:

<?xml version="1.0" encoding="UTF-8"?>
<peppol.certificates>
  <validation>
    <add name="MyRootCertificates"
         rootCACertificateThumbprint=""
         intermediateAcessPointCACertificateThumbprint="‎"/>
  </validation>

  <serviceCredentials>
    <add serviceName="SecureClient_at_localhost">
      <serviceCertificate
          findValue="‎7a6fa503ab57b81d6318a51ca265e739a51ce660"
          x509FindType="FindByThumbprint"
          storeName="Root"
          storeLocation="LocalMachine" />
    </add>
    <add serviceName="*">
      <serviceCertificate
          findValue="‎7a6fa503ab57b81d6318a51ca265e739a51ce660"
          x509FindType="FindByThumbprint"
          storeName="Root"
          storeLocation="LocalMachine" />
    </add>
  </serviceCredentials>
  <clientCredentials>
    <add endpointName="SecureClient_at_localhost">
      <clientCertificate
        filename="c:\localhost.cer"
        password="" />
      <serviceCertificate
         findValue="‎7a6fa503ab57b81d6318a51ca265e739a51ce660"
         x509FindType="FindByThumbprint"
         storeName="Root"
         storeLocation="LocalMachine" />
    </add>
    <add endpointName="*">
      <clientCertificate
        filename="c:\localhost.cer"
        password="" />
      <serviceCertificate
        filename="c:\localhost.cer"
        password="" />
    </add>
  </clientCredentials>
</peppol.certificates>

Can you help?

Answer 1

Based on the error message, the certificate referenced in the config file is incorrect.

Here is a good set of instructions from Microsoft on how to configure and use certificates.

Answer 2

我确定这并不总是可行，但是我通过重新启动Visual Studio，重新打开您的应用程序，选择“构建”->“清洁解决方案”，“重新构建”，然后运行来解决了这个问题。