Google-api-dotnet-client: Invalid provider type specified.

Created on 7 Feb 2017  路  3Comments  路  Source: googleapis/google-api-dotnet-client

When moving to our Windows Server 2016 machine, we had the following error when I tried to shorten my code to match the code here: https://developers.google.com/api-client-library/dotnet/guide/aaa_oauth

This is the code we need (extra flags at the end)

var certificate = new X509Certificate2(certLocation, "notasecret", X509KeyStorageFlags.MachineKeySet |
X509KeyStorageFlags.PersistKeySet |
X509KeyStorageFlags.Exportable);

instead of:

var certificate = new X509Certificate2(@"key.p12", "notasecret", X509KeyStorageFlags.Exportable);

Is there a reason one would work and the other not? Thanks!

Most helpful comment

X509KeyStorageFlags Defines where and how to import the private key of an X.509 certificate.

  • MachineKeySet Private keys are stored in the local computer store rather than the current user store.
  • PersistKeySet The key associated with a PFX file is persisted when importing a certificate.
  • Exportable Imported keys are marked as exportable.

This problem also occurs with Azure hosting. my post Azure with service accounts in C# may help

Recomend we close this issue as its not an issue with the client library its more an issue of how the server is set to deal with the x.509 certificate. It can also be solved by using the Json service account file instead of the P12 file. Google Service Accounts with Json File

All 3 comments

X509KeyStorageFlags Defines where and how to import the private key of an X.509 certificate.

  • MachineKeySet Private keys are stored in the local computer store rather than the current user store.
  • PersistKeySet The key associated with a PFX file is persisted when importing a certificate.
  • Exportable Imported keys are marked as exportable.

This problem also occurs with Azure hosting. my post Azure with service accounts in C# may help

Recomend we close this issue as its not an issue with the client library its more an issue of how the server is set to deal with the x.509 certificate. It can also be solved by using the Json service account file instead of the P12 file. Google Service Accounts with Json File

Yes, this is an x509 certificate issue, not a client library issue; so closing.
http://paulstovell.com/blog/x509certificate2 may contain some helpful information about working with x509 certificates.

@jamierytlewski Thank you for this post. I was running into the same issue when deploying to AWS. adding the extra x509StorageFlags solved the issue.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

NKnusperer picture NKnusperer  路  6Comments

SonicGD picture SonicGD  路  6Comments

ganySA picture ganySA  路  5Comments

tuwrraphael picture tuwrraphael  路  3Comments

Misiu picture Misiu  路  7Comments