System.Security.Cryptography.CryptographicException: Invalid provider type specified in WCF Web Services in Azure App Service

Sicoy Quito 21 Reputation points

I have a WCF Web Services in Azure App Service , this WCF use a dll with RSA objects, WCF and dll were build in .NET Framework and C#. I tried use:

RSACryptoServiceProvider rsaCryptoServiceProviderPrivateKey = (RSACryptoServiceProvider)p_x509Certificate2.PrivateKey;  


RSA rsaPrivateKey = p_x509Certificate2.GetRSAPrivateKey();  

but I have this error:

System.Security.Cryptography.CryptographicException: Invalid provider type specified.

at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)
at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()

The Azure App Service configuration:


How I can fix this problem?

Note: I only use X509Certificate2 file content, I do not have a file .pfx or .p12 in a physically store.


Windows Communication Foundation
Windows Communication Foundation
A Microsoft runtime and set of application programming interfaces in the .NET Framework for building service-oriented applications.
284 questions
A set of technologies in the .NET Framework for building web applications and XML web services.
1,477 questions
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
8,164 questions
0 comments No comments
{count} votes

Accepted answer
  1. Lan Huang-MSFT 14,986 Reputation points Microsoft Vendor

    Hi @Sicoy Quito ,
    You can try the following code to instantiate X509Certificate, used with GetRSAPrivateKey().
    You can also try changing the permissions of the folder

    x509Certificate = new X509Certificate2(rawData, password, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);  

    Best regards,
    Lan Huang

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. Dylan Nicholson 1 Reputation point

    I also had the same problem - I was able to solve only by importing the PFX into the local machine certificate store then re-exporting (with private key). But then I had to change my code to use UserKeySet instead of MachineKeySet (or it would throw an "Access denied" error just trying to create the X509Certificate, vs the previous error that occurred only when accessing the PrivateKey member).

    0 comments No comments