System.Security.Cryptography.CryptographicException: Invalid provider type specified in WCF Web Services in Azure App Service

Sicoy Quito 21 Reputation points

I have a WCF Web Services in Azure App Service , this WCF use a dll with RSA objects, WCF and dll were build in .NET Framework and C#. I tried use:

RSACryptoServiceProvider rsaCryptoServiceProviderPrivateKey = (RSACryptoServiceProvider)p_x509Certificate2.PrivateKey;  


RSA rsaPrivateKey = p_x509Certificate2.GetRSAPrivateKey();  

but I have this error:

System.Security.Cryptography.CryptographicException: Invalid provider type specified.

at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)
at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()

The Azure App Service configuration:


How I can fix this problem?

Note: I only use X509Certificate2 file content, I do not have a file .pfx or .p12 in a physically store.


Microsoft Technologies based on the .NET software framework.
3,516 questions
A set of technologies in the .NET Framework for building web applications and XML web services.
3,358 questions
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
10,461 questions
0 comments No comments
{count} votes

Accepted answer
  1. Lan Huang-MSFT 27,716 Reputation points Microsoft Vendor

    Hi @Sicoy Quito ,
    You can try the following code to instantiate X509Certificate, used with GetRSAPrivateKey().
    You can also try changing the permissions of the folder

    x509Certificate = new X509Certificate2(rawData, password, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);  

    Best regards,
    Lan Huang

    2 people found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. Dylan Nicholson 1 Reputation point

    I also had the same problem - I was able to solve only by importing the PFX into the local machine certificate store then re-exporting (with private key). But then I had to change my code to use UserKeySet instead of MachineKeySet (or it would throw an "Access denied" error just trying to create the X509Certificate, vs the previous error that occurred only when accessing the PrivateKey member).

    0 comments No comments