1

Following is the code to sign the data. It works perfectly and signed when I run from Visual Studio but when I publish it to IIS it cannot match the certificate and no certificate gets assigned in mycert. Ultimately it throws the exception Cannot find the original signer. My development and publishing machine is the same. I have installed IIS and host the code on the same machine but no luck.

public static string Sign(string signData)
        {
 try
            {

X509Certificate2 mycert = null;

                X509Store my = new X509Store(StoreName.My, StoreLocation.CurrentUser);
                my.Open(OpenFlags.ReadOnly);

                foreach (X509Certificate2 cert in my.Certificates)
                {
                    mycert = cert;
                    if (cert.Subject.ToUpper().Contains("MYNAME"))
                    {   // it never goes into this match when host in IIS
                        WriteToLogFile("*** Debugging mode at certificate match ***");
                        mycert = cert;
                        break;
                    }
                }

                string Base64Payload = Convert.ToBase64String(Encoding.UTF8.GetBytes(signData));

                string sha256 = SHA256Checksum(signData);
                byte[] data = Encoding.UTF8.GetBytes(sha256);

                ContentInfo content = new ContentInfo(data);
                SignedCms signedCms = new SignedCms(content);
                CmsSigner signer = new CmsSigner(mycert);
                signer.DigestAlgorithm = new Oid("SHA256");

                //signer.IncludeOption = X509IncludeOption.WholeChain;
                signer.IncludeOption = X509IncludeOption.EndCertOnly;

                // create the signature
                signedCms.ComputeSignature(signer, false);    // Get Exception on this line Cannot find the original signer.



                bool isValid = Verify(signedCms.Encode(), mycert);              
                return Convert.ToBase64String(signedCms.Encode());

}
            catch (Exception ex)
            {
                WriteToLogFile("*** Exception while making signed data ***"+ex.Message);
                throw ex;
            }
        }
Ketan Kotak
  • 942
  • 10
  • 18
  • 1
    did you install the cert on the machine running IIS, to the keystore that the IIS user account can access? – user326608 Feb 07 '18 at 22:49
  • yeah I have installed cert on machine. and how to provide IIS user access to particular certificate? I have given Administrator user credentials to site and application pool to run – Ketan Kotak Feb 08 '18 at 09:56
  • in your foreach loop, try logging every cert found and then compare that to the keystore you can access as the admin user. if there's a mismatch then you might be looking at the wrong store. also in your code, you have `cert.Subject.ToUpper().Contains("MyName")` - do you have the `MyName` literal in upper case in your code? – user326608 Feb 08 '18 at 12:10
  • That's just I replace my actual key while posting. sorry for the typo mistake – Ketan Kotak Feb 09 '18 at 09:43
  • see https://stackoverflow.com/a/43334051 - you must have the cert in the wrong store – user326608 Feb 09 '18 at 13:28
  • If you are trying to access USB Token from web application, refer to [Javascript API of Signer.Digital browser extension](https://stackoverflow.com/a/63173083/9659885) – Bharat Vasant Aug 02 '22 at 12:28

0 Answers0