Open shaneocms opened 1 week ago
Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones See info in area-owners.md if you want to be subscribed.
What version of .NET 9 are you using? There was a problem where the loader meant to load the private keys into the newest Windows cryptographic engine, but accidentally caused them to load into the oldest. That got fixed for RC2.
A workaround in the meantime would be to specify a loader limits like
Pkcs12LoaderLimits limits = new Pkcs12LoaderLimits
{
PreserveStorageProvider = true,
};
...
certificate = X509CertificateLoader.LoadPkcs12FromFile(
path,
password,
X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable,
limits);
If that fixes your problem then you shouldn't see it anymore in RC2 or the full release version. You (probably) won't want to do it long-term, though, since the main reason the storage provider isn't preserved is so that legacy CAPI keys will instead get upgraded to CNG keys.
Sorry, I should've been clearer and specified that I am actually using RC2.
Since my previous post, I discovered that it seems even the old code stopped working in .NET 9 RC2. I had refreshed 6-8 or so times when I tested before making the post and thought it was working (usually, every even request would work and odd request would not), but I guess I got lucky and all my tests went to the same server. I ended up having to put the project back on .NET 8 to get it working correctly.
I will try your suggestion and let you know how it goes. If it isn't working, I'll put together a little project to help reproduce the issue.
LoadBalancerDemo - .NET 9.zip LoadBalancerDemo - .NET 8.zip
Here's a bit more info. I have created a sample project (attached). The difference between the .NET 9 and .NET 8 attachments are:
net8.0
and one using net9.0
StartupExtensions.cs
, .NET 9 uses X509CertificateLoader.LoadPkcs12FromFile
, while the .NET 8 project uses new X509Certificate2()
.Version of .NET 9 I have installed based on MSBuild file path seems to be: 9.0.100-rc.2.24474.11
The project uses minimal APIs and contains two endpoints:
/antiforgery
- you would call this endpoint first which returns an XSRF-TOKEN cookie/weatherForecast
- the default new project endpoint but I added an if statement first so it requires antiforgery token passed in X-XSRF-TOKEN
header (use the value from the cookie returned from the above endpoint)The project is using Serilog.AspNetCore
nuget package to help with logging.
The two endpoints:
app.MapGet("/weatherforecast", async (HttpContext httpContext, [FromServices] IAntiforgery antiforgery) =>
{
// Validate anti-forgery token
try
{
await antiforgery.ValidateRequestAsync(httpContext);
}
catch (AntiforgeryValidationException)
{
return Results.Forbid();
}
WeatherForecast[] forecast = Enumerable.Range(1, 5).Select(index =>
new WeatherForecast
(
DateOnly.FromDateTime(DateTime.Now.AddDays(index)),
Random.Shared.Next(-20, 55),
summaries[Random.Shared.Next(summaries.Length)]
))
.ToArray();
return TypedResults.Ok(forecast);
});
app.MapGet("/antiforgery", (HttpContext httpContext, [FromServices] IAntiforgery antiforgery) =>
{
AntiforgeryTokenSet tokens = antiforgery.GetAndStoreTokens(httpContext);
httpContext.Response.Cookies.Append("XSRF-TOKEN", tokens.RequestToken!,
new CookieOptions { HttpOnly = false });
return Results.NoContent();
});
First request, sending request to the /weatherForecast
endpoint without the antiforgery token. So the expectation here is to get a 403 Forbidden
response.
A file key-65e39225-1ee7-4397-b210-caa1fd4537f5.xml
gets created in the KeyRing folder as per below logs.
[16:54:16 INF ] Creating key {65e39225-1ee7-4397-b210-caa1fd4537f5} with creation date 2024-10-19 05:54:16Z, activation date 2024-10-19 05:54:16Z, and expiration date 2025-01-17 05:54:16Z.
[16:54:16 INF ] Writing data to file '\\mydomain-dc01\IISSites\LoadBalancerDemo\KeyRing\key-65e39225-1ee7-4397-b210-caa1fd4537f5.xml'.
[16:54:16 INF ] Application started. Press Ctrl+C to shut down.
[16:54:16 INF ] Hosting environment: Production
[16:54:16 INF ] Content root path: \\mydomain-dc01\IISSites\LoadBalancerDemo
[16:54:17 INF 800026a9-0001-a700-b63f-84710c7967bb] Request starting HTTP/1.1 GET http://loadbalancerdemo.mydomain.com/weatherForecast - null null
[16:54:17 INF 800026a9-0001-a700-b63f-84710c7967bb] Executing endpoint 'HTTP: GET /weatherforecast'
[16:54:17 INF 800026a9-0001-a700-b63f-84710c7967bb] Executing ChallengeResult with authentication schemes ([]).
[16:54:17 INF 800026a9-0001-a700-b63f-84710c7967bb] AuthenticationScheme: Cookies was forbidden.
[16:54:17 INF 800026a9-0001-a700-b63f-84710c7967bb] Executed endpoint 'HTTP: GET /weatherforecast'
[16:54:17 INF 800026a9-0001-a700-b63f-84710c7967bb] Request finished HTTP/1.1 GET http://loadbalancerdemo.mydomain.com/weatherForecast - 403 null null 830.2373ms
Second request, sending request to the /antiforgery
token endpoint. Get below error (looks like same error repeated multiple times)
[16:56:11 ERR ] An exception occurred while processing the key element '<key id="65e39225-1ee7-4397-b210-caa1fd4537f5" version="1" />'.
System.Security.Cryptography.CryptographicException: The system cannot find the file specified.
at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider, CngKeyOpenOptions openOptions)
at System.Security.Cryptography.X509Certificates.CertificatePal.GetPrivateKey[T](Func`2 createCsp, Func`2 createCng)
at System.Security.Cryptography.X509Certificates.CertificateExtensionsCommon.GetPrivateKey[T](X509Certificate2 certificate, Predicate`1 matchesConstraints)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.EncryptedXmlWithCertificateKeys.GetKeyFromCert(EncryptedKey encryptedKey, KeyInfoX509Data keyInfo)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.EncryptedXmlWithCertificateKeys.DecryptEncryptedKey(EncryptedKey encryptedKey)
at System.Security.Cryptography.Xml.EncryptedXml.GetDecryptionKey(EncryptedData encryptedData, String symmetricAlgorithmUri)
at System.Security.Cryptography.Xml.EncryptedXml.DecryptDocument()
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.Decrypt(XElement encryptedElement)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.XmlEncryptionExtensions.DecryptElement(XElement element, IActivator activator)
at Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager.Microsoft.AspNetCore.DataProtection.KeyManagement.Internal.IInternalXmlKeyManager.DeserializeDescriptorFromKeyElement(XElement keyElement)
[16:56:11 ERR ] An exception occurred while processing the key element '<key id="65e39225-1ee7-4397-b210-caa1fd4537f5" version="1" />'.
System.Security.Cryptography.CryptographicException: The system cannot find the file specified.
at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider, CngKeyOpenOptions openOptions)
at System.Security.Cryptography.X509Certificates.CertificatePal.GetPrivateKey[T](Func`2 createCsp, Func`2 createCng)
at System.Security.Cryptography.X509Certificates.CertificateExtensionsCommon.GetPrivateKey[T](X509Certificate2 certificate, Predicate`1 matchesConstraints)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.EncryptedXmlWithCertificateKeys.GetKeyFromCert(EncryptedKey encryptedKey, KeyInfoX509Data keyInfo)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.EncryptedXmlWithCertificateKeys.DecryptEncryptedKey(EncryptedKey encryptedKey)
at System.Security.Cryptography.Xml.EncryptedXml.GetDecryptionKey(EncryptedData encryptedData, String symmetricAlgorithmUri)
at System.Security.Cryptography.Xml.EncryptedXml.DecryptDocument()
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.Decrypt(XElement encryptedElement)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.XmlEncryptionExtensions.DecryptElement(XElement element, IActivator activator)
at Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager.Microsoft.AspNetCore.DataProtection.KeyManagement.Internal.IInternalXmlKeyManager.DeserializeDescriptorFromKeyElement(XElement keyElement)
[16:56:12 ERR ] An exception occurred while processing the key element '<key id="65e39225-1ee7-4397-b210-caa1fd4537f5" version="1" />'.
System.Security.Cryptography.CryptographicException: The system cannot find the file specified.
at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider, CngKeyOpenOptions openOptions)
at System.Security.Cryptography.X509Certificates.CertificatePal.GetPrivateKey[T](Func`2 createCsp, Func`2 createCng)
at System.Security.Cryptography.X509Certificates.CertificateExtensionsCommon.GetPrivateKey[T](X509Certificate2 certificate, Predicate`1 matchesConstraints)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.EncryptedXmlWithCertificateKeys.GetKeyFromCert(EncryptedKey encryptedKey, KeyInfoX509Data keyInfo)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.EncryptedXmlWithCertificateKeys.DecryptEncryptedKey(EncryptedKey encryptedKey)
at System.Security.Cryptography.Xml.EncryptedXml.GetDecryptionKey(EncryptedData encryptedData, String symmetricAlgorithmUri)
at System.Security.Cryptography.Xml.EncryptedXml.DecryptDocument()
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.Decrypt(XElement encryptedElement)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.XmlEncryptionExtensions.DecryptElement(XElement element, IActivator activator)
at Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager.Microsoft.AspNetCore.DataProtection.KeyManagement.Internal.IInternalXmlKeyManager.DeserializeDescriptorFromKeyElement(XElement keyElement)
[16:56:12 ERR ] An exception occurred while processing the key element '<key id="65e39225-1ee7-4397-b210-caa1fd4537f5" version="1" />'.
System.Security.Cryptography.CryptographicException: The system cannot find the file specified.
at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider, CngKeyOpenOptions openOptions)
at System.Security.Cryptography.X509Certificates.CertificatePal.GetPrivateKey[T](Func`2 createCsp, Func`2 createCng)
at System.Security.Cryptography.X509Certificates.CertificateExtensionsCommon.GetPrivateKey[T](X509Certificate2 certificate, Predicate`1 matchesConstraints)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.EncryptedXmlWithCertificateKeys.GetKeyFromCert(EncryptedKey encryptedKey, KeyInfoX509Data keyInfo)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.EncryptedXmlWithCertificateKeys.DecryptEncryptedKey(EncryptedKey encryptedKey)
at System.Security.Cryptography.Xml.EncryptedXml.GetDecryptionKey(EncryptedData encryptedData, String symmetricAlgorithmUri)
at System.Security.Cryptography.Xml.EncryptedXml.DecryptDocument()
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.Decrypt(XElement encryptedElement)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.XmlEncryptionExtensions.DecryptElement(XElement element, IActivator activator)
at Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager.Microsoft.AspNetCore.DataProtection.KeyManagement.Internal.IInternalXmlKeyManager.DeserializeDescriptorFromKeyElement(XElement keyElement)
[16:56:12 ERR ] An exception occurred while processing the key element '<key id="65e39225-1ee7-4397-b210-caa1fd4537f5" version="1" />'.
System.Security.Cryptography.CryptographicException: The system cannot find the file specified.
at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider, CngKeyOpenOptions openOptions)
at System.Security.Cryptography.X509Certificates.CertificatePal.GetPrivateKey[T](Func`2 createCsp, Func`2 createCng)
at System.Security.Cryptography.X509Certificates.CertificateExtensionsCommon.GetPrivateKey[T](X509Certificate2 certificate, Predicate`1 matchesConstraints)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.EncryptedXmlWithCertificateKeys.GetKeyFromCert(EncryptedKey encryptedKey, KeyInfoX509Data keyInfo)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.EncryptedXmlWithCertificateKeys.DecryptEncryptedKey(EncryptedKey encryptedKey)
at System.Security.Cryptography.Xml.EncryptedXml.GetDecryptionKey(EncryptedData encryptedData, String symmetricAlgorithmUri)
at System.Security.Cryptography.Xml.EncryptedXml.DecryptDocument()
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.Decrypt(XElement encryptedElement)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.XmlEncryptionExtensions.DecryptElement(XElement element, IActivator activator)
at Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager.Microsoft.AspNetCore.DataProtection.KeyManagement.Internal.IInternalXmlKeyManager.DeserializeDescriptorFromKeyElement(XElement keyElement)
[16:56:12 ERR ] An exception occurred while processing the key element '<key id="65e39225-1ee7-4397-b210-caa1fd4537f5" version="1" />'.
System.Security.Cryptography.CryptographicException: The system cannot find the file specified.
at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider, CngKeyOpenOptions openOptions)
at System.Security.Cryptography.X509Certificates.CertificatePal.GetPrivateKey[T](Func`2 createCsp, Func`2 createCng)
at System.Security.Cryptography.X509Certificates.CertificateExtensionsCommon.GetPrivateKey[T](X509Certificate2 certificate, Predicate`1 matchesConstraints)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.EncryptedXmlWithCertificateKeys.GetKeyFromCert(EncryptedKey encryptedKey, KeyInfoX509Data keyInfo)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.EncryptedXmlWithCertificateKeys.DecryptEncryptedKey(EncryptedKey encryptedKey)
at System.Security.Cryptography.Xml.EncryptedXml.GetDecryptionKey(EncryptedData encryptedData, String symmetricAlgorithmUri)
at System.Security.Cryptography.Xml.EncryptedXml.DecryptDocument()
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.Decrypt(XElement encryptedElement)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.XmlEncryptionExtensions.DecryptElement(XElement element, IActivator activator)
at Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager.Microsoft.AspNetCore.DataProtection.KeyManagement.Internal.IInternalXmlKeyManager.DeserializeDescriptorFromKeyElement(XElement keyElement)
[16:56:12 ERR ] An exception occurred while processing the key element '<key id="65e39225-1ee7-4397-b210-caa1fd4537f5" version="1" />'.
System.Security.Cryptography.CryptographicException: The system cannot find the file specified.
at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider, CngKeyOpenOptions openOptions)
at System.Security.Cryptography.X509Certificates.CertificatePal.GetPrivateKey[T](Func`2 createCsp, Func`2 createCng)
at System.Security.Cryptography.X509Certificates.CertificateExtensionsCommon.GetPrivateKey[T](X509Certificate2 certificate, Predicate`1 matchesConstraints)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.EncryptedXmlWithCertificateKeys.GetKeyFromCert(EncryptedKey encryptedKey, KeyInfoX509Data keyInfo)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.EncryptedXmlWithCertificateKeys.DecryptEncryptedKey(EncryptedKey encryptedKey)
at System.Security.Cryptography.Xml.EncryptedXml.GetDecryptionKey(EncryptedData encryptedData, String symmetricAlgorithmUri)
at System.Security.Cryptography.Xml.EncryptedXml.DecryptDocument()
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.Decrypt(XElement encryptedElement)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.XmlEncryptionExtensions.DecryptElement(XElement element, IActivator activator)
at Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager.Microsoft.AspNetCore.DataProtection.KeyManagement.Internal.IInternalXmlKeyManager.DeserializeDescriptorFromKeyElement(XElement keyElement)
[16:56:13 ERR ] An exception occurred while processing the key element '<key id="65e39225-1ee7-4397-b210-caa1fd4537f5" version="1" />'.
System.Security.Cryptography.CryptographicException: The system cannot find the file specified.
at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider, CngKeyOpenOptions openOptions)
at System.Security.Cryptography.X509Certificates.CertificatePal.GetPrivateKey[T](Func`2 createCsp, Func`2 createCng)
at System.Security.Cryptography.X509Certificates.CertificateExtensionsCommon.GetPrivateKey[T](X509Certificate2 certificate, Predicate`1 matchesConstraints)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.EncryptedXmlWithCertificateKeys.GetKeyFromCert(EncryptedKey encryptedKey, KeyInfoX509Data keyInfo)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.EncryptedXmlWithCertificateKeys.DecryptEncryptedKey(EncryptedKey encryptedKey)
at System.Security.Cryptography.Xml.EncryptedXml.GetDecryptionKey(EncryptedData encryptedData, String symmetricAlgorithmUri)
at System.Security.Cryptography.Xml.EncryptedXml.DecryptDocument()
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.Decrypt(XElement encryptedElement)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.XmlEncryptionExtensions.DecryptElement(XElement element, IActivator activator)
at Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager.Microsoft.AspNetCore.DataProtection.KeyManagement.Internal.IInternalXmlKeyManager.DeserializeDescriptorFromKeyElement(XElement keyElement)
[16:56:13 ERR ] An exception occurred while processing the key element '<key id="65e39225-1ee7-4397-b210-caa1fd4537f5" version="1" />'.
System.Security.Cryptography.CryptographicException: The system cannot find the file specified.
at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider, CngKeyOpenOptions openOptions)
at System.Security.Cryptography.X509Certificates.CertificatePal.GetPrivateKey[T](Func`2 createCsp, Func`2 createCng)
at System.Security.Cryptography.X509Certificates.CertificateExtensionsCommon.GetPrivateKey[T](X509Certificate2 certificate, Predicate`1 matchesConstraints)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.EncryptedXmlWithCertificateKeys.GetKeyFromCert(EncryptedKey encryptedKey, KeyInfoX509Data keyInfo)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.EncryptedXmlWithCertificateKeys.DecryptEncryptedKey(EncryptedKey encryptedKey)
at System.Security.Cryptography.Xml.EncryptedXml.GetDecryptionKey(EncryptedData encryptedData, String symmetricAlgorithmUri)
at System.Security.Cryptography.Xml.EncryptedXml.DecryptDocument()
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.Decrypt(XElement encryptedElement)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.XmlEncryptionExtensions.DecryptElement(XElement element, IActivator activator)
at Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager.Microsoft.AspNetCore.DataProtection.KeyManagement.Internal.IInternalXmlKeyManager.DeserializeDescriptorFromKeyElement(XElement keyElement)
[16:56:13 ERR ] An exception occurred while processing the key element '<key id="65e39225-1ee7-4397-b210-caa1fd4537f5" version="1" />'.
System.Security.Cryptography.CryptographicException: The system cannot find the file specified.
at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider, CngKeyOpenOptions openOptions)
at System.Security.Cryptography.X509Certificates.CertificatePal.GetPrivateKey[T](Func`2 createCsp, Func`2 createCng)
at System.Security.Cryptography.X509Certificates.CertificateExtensionsCommon.GetPrivateKey[T](X509Certificate2 certificate, Predicate`1 matchesConstraints)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.EncryptedXmlWithCertificateKeys.GetKeyFromCert(EncryptedKey encryptedKey, KeyInfoX509Data keyInfo)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.EncryptedXmlWithCertificateKeys.DecryptEncryptedKey(EncryptedKey encryptedKey)
at System.Security.Cryptography.Xml.EncryptedXml.GetDecryptionKey(EncryptedData encryptedData, String symmetricAlgorithmUri)
at System.Security.Cryptography.Xml.EncryptedXml.DecryptDocument()
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.Decrypt(XElement encryptedElement)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.XmlEncryptionExtensions.DecryptElement(XElement element, IActivator activator)
at Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager.Microsoft.AspNetCore.DataProtection.KeyManagement.Internal.IInternalXmlKeyManager.DeserializeDescriptorFromKeyElement(XElement keyElement)
[16:56:13 ERR ] An exception occurred while processing the key element '<key id="65e39225-1ee7-4397-b210-caa1fd4537f5" version="1" />'.
System.Security.Cryptography.CryptographicException: The system cannot find the file specified.
at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider, CngKeyOpenOptions openOptions)
at System.Security.Cryptography.X509Certificates.CertificatePal.GetPrivateKey[T](Func`2 createCsp, Func`2 createCng)
at System.Security.Cryptography.X509Certificates.CertificateExtensionsCommon.GetPrivateKey[T](X509Certificate2 certificate, Predicate`1 matchesConstraints)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.EncryptedXmlWithCertificateKeys.GetKeyFromCert(EncryptedKey encryptedKey, KeyInfoX509Data keyInfo)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.EncryptedXmlWithCertificateKeys.DecryptEncryptedKey(EncryptedKey encryptedKey)
at System.Security.Cryptography.Xml.EncryptedXml.GetDecryptionKey(EncryptedData encryptedData, String symmetricAlgorithmUri)
at System.Security.Cryptography.Xml.EncryptedXml.DecryptDocument()
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.Decrypt(XElement encryptedElement)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.XmlEncryptionExtensions.DecryptElement(XElement element, IActivator activator)
at Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager.Microsoft.AspNetCore.DataProtection.KeyManagement.Internal.IInternalXmlKeyManager.DeserializeDescriptorFromKeyElement(XElement keyElement)
[16:56:13 WRN ] Key {65e39225-1ee7-4397-b210-caa1fd4537f5} is ineligible to be the default key because its CreateEncryptor method failed after the maximum number of retries.
System.AggregateException: One or more errors occurred. (The system cannot find the file specified.) (The system cannot find the file specified.) (The system cannot find the file specified.) (The system cannot find the file specified.) (The system cannot find the file specified.) (The system cannot find the file specified.) (The system cannot find the file specified.) (The system cannot find the file specified.) (The system cannot find the file specified.) (The system cannot find the file specified.) (The system cannot find the file specified.)
---> System.Security.Cryptography.CryptographicException: The system cannot find the file specified.
at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider, CngKeyOpenOptions openOptions)
at System.Security.Cryptography.X509Certificates.CertificatePal.GetPrivateKey[T](Func`2 createCsp, Func`2 createCng)
at System.Security.Cryptography.X509Certificates.CertificateExtensionsCommon.GetPrivateKey[T](X509Certificate2 certificate, Predicate`1 matchesConstraints)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.EncryptedXmlWithCertificateKeys.GetKeyFromCert(EncryptedKey encryptedKey, KeyInfoX509Data keyInfo)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.EncryptedXmlWithCertificateKeys.DecryptEncryptedKey(EncryptedKey encryptedKey)
at System.Security.Cryptography.Xml.EncryptedXml.GetDecryptionKey(EncryptedData encryptedData, String symmetricAlgorithmUri)
at System.Security.Cryptography.Xml.EncryptedXml.DecryptDocument()
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.Decrypt(XElement encryptedElement)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.XmlEncryptionExtensions.DecryptElement(XElement element, IActivator activator)
at Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager.Microsoft.AspNetCore.DataProtection.KeyManagement.Internal.IInternalXmlKeyManager.DeserializeDescriptorFromKeyElement(XElement keyElement)
at Microsoft.AspNetCore.DataProtection.KeyManagement.Key.get_Descriptor()
at Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.CngGcmAuthenticatedEncryptorFactory.CreateEncryptorInstance(IKey key)
at Microsoft.AspNetCore.DataProtection.KeyManagement.Key.CreateEncryptor()
at Microsoft.AspNetCore.DataProtection.KeyManagement.DefaultKeyResolver.CanCreateAuthenticatedEncryptor(IKey key, Int32& retriesRemaining)
--- End of inner exception stack trace ---
---> (Inner Exception #1) System.Security.Cryptography.CryptographicException: The system cannot find the file specified.
at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider, CngKeyOpenOptions openOptions)
at System.Security.Cryptography.X509Certificates.CertificatePal.GetPrivateKey[T](Func`2 createCsp, Func`2 createCng)
at System.Security.Cryptography.X509Certificates.CertificateExtensionsCommon.GetPrivateKey[T](X509Certificate2 certificate, Predicate`1 matchesConstraints)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.EncryptedXmlWithCertificateKeys.GetKeyFromCert(EncryptedKey encryptedKey, KeyInfoX509Data keyInfo)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.EncryptedXmlWithCertificateKeys.DecryptEncryptedKey(EncryptedKey encryptedKey)
at System.Security.Cryptography.Xml.EncryptedXml.GetDecryptionKey(EncryptedData encryptedData, String symmetricAlgorithmUri)
at System.Security.Cryptography.Xml.EncryptedXml.DecryptDocument()
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.Decrypt(XElement encryptedElement)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.XmlEncryptionExtensions.DecryptElement(XElement element, IActivator activator)
at Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager.Microsoft.AspNetCore.DataProtection.KeyManagement.Internal.IInternalXmlKeyManager.DeserializeDescriptorFromKeyElement(XElement keyElement)
at Microsoft.AspNetCore.DataProtection.KeyManagement.Key.get_Descriptor()
at Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.CngGcmAuthenticatedEncryptorFactory.CreateEncryptorInstance(IKey key)
at Microsoft.AspNetCore.DataProtection.KeyManagement.Key.CreateEncryptor()
at Microsoft.AspNetCore.DataProtection.KeyManagement.DefaultKeyResolver.CanCreateAuthenticatedEncryptor(IKey key, Int32& retriesRemaining)<---
---> (Inner Exception #2) System.Security.Cryptography.CryptographicException: The system cannot find the file specified.
at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider, CngKeyOpenOptions openOptions)
at System.Security.Cryptography.X509Certificates.CertificatePal.GetPrivateKey[T](Func`2 createCsp, Func`2 createCng)
at System.Security.Cryptography.X509Certificates.CertificateExtensionsCommon.GetPrivateKey[T](X509Certificate2 certificate, Predicate`1 matchesConstraints)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.EncryptedXmlWithCertificateKeys.GetKeyFromCert(EncryptedKey encryptedKey, KeyInfoX509Data keyInfo)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.EncryptedXmlWithCertificateKeys.DecryptEncryptedKey(EncryptedKey encryptedKey)
at System.Security.Cryptography.Xml.EncryptedXml.GetDecryptionKey(EncryptedData encryptedData, String symmetricAlgorithmUri)
at System.Security.Cryptography.Xml.EncryptedXml.DecryptDocument()
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.Decrypt(XElement encryptedElement)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.XmlEncryptionExtensions.DecryptElement(XElement element, IActivator activator)
at Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager.Microsoft.AspNetCore.DataProtection.KeyManagement.Internal.IInternalXmlKeyManager.DeserializeDescriptorFromKeyElement(XElement keyElement)
at Microsoft.AspNetCore.DataProtection.KeyManagement.Key.get_Descriptor()
at Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.CngGcmAuthenticatedEncryptorFactory.CreateEncryptorInstance(IKey key)
at Microsoft.AspNetCore.DataProtection.KeyManagement.Key.CreateEncryptor()
at Microsoft.AspNetCore.DataProtection.KeyManagement.DefaultKeyResolver.CanCreateAuthenticatedEncryptor(IKey key, Int32& retriesRemaining)<---
---> (Inner Exception #3) System.Security.Cryptography.CryptographicException: The system cannot find the file specified.
at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider, CngKeyOpenOptions openOptions)
at System.Security.Cryptography.X509Certificates.CertificatePal.GetPrivateKey[T](Func`2 createCsp, Func`2 createCng)
at System.Security.Cryptography.X509Certificates.CertificateExtensionsCommon.GetPrivateKey[T](X509Certificate2 certificate, Predicate`1 matchesConstraints)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.EncryptedXmlWithCertificateKeys.GetKeyFromCert(EncryptedKey encryptedKey, KeyInfoX509Data keyInfo)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.EncryptedXmlWithCertificateKeys.DecryptEncryptedKey(EncryptedKey encryptedKey)
at System.Security.Cryptography.Xml.EncryptedXml.GetDecryptionKey(EncryptedData encryptedData, String symmetricAlgorithmUri)
at System.Security.Cryptography.Xml.EncryptedXml.DecryptDocument()
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.Decrypt(XElement encryptedElement)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.XmlEncryptionExtensions.DecryptElement(XElement element, IActivator activator)
at Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager.Microsoft.AspNetCore.DataProtection.KeyManagement.Internal.IInternalXmlKeyManager.DeserializeDescriptorFromKeyElement(XElement keyElement)
at Microsoft.AspNetCore.DataProtection.KeyManagement.Key.get_Descriptor()
at Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.CngGcmAuthenticatedEncryptorFactory.CreateEncryptorInstance(IKey key)
at Microsoft.AspNetCore.DataProtection.KeyManagement.Key.CreateEncryptor()
at Microsoft.AspNetCore.DataProtection.KeyManagement.DefaultKeyResolver.CanCreateAuthenticatedEncryptor(IKey key, Int32& retriesRemaining)<---
---> (Inner Exception #4) System.Security.Cryptography.CryptographicException: The system cannot find the file specified.
at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider, CngKeyOpenOptions openOptions)
at System.Security.Cryptography.X509Certificates.CertificatePal.GetPrivateKey[T](Func`2 createCsp, Func`2 createCng)
at System.Security.Cryptography.X509Certificates.CertificateExtensionsCommon.GetPrivateKey[T](X509Certificate2 certificate, Predicate`1 matchesConstraints)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.EncryptedXmlWithCertificateKeys.GetKeyFromCert(EncryptedKey encryptedKey, KeyInfoX509Data keyInfo)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.EncryptedXmlWithCertificateKeys.DecryptEncryptedKey(EncryptedKey encryptedKey)
at System.Security.Cryptography.Xml.EncryptedXml.GetDecryptionKey(EncryptedData encryptedData, String symmetricAlgorithmUri)
at System.Security.Cryptography.Xml.EncryptedXml.DecryptDocument()
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.Decrypt(XElement encryptedElement)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.XmlEncryptionExtensions.DecryptElement(XElement element, IActivator activator)
at Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager.Microsoft.AspNetCore.DataProtection.KeyManagement.Internal.IInternalXmlKeyManager.DeserializeDescriptorFromKeyElement(XElement keyElement)
at Microsoft.AspNetCore.DataProtection.KeyManagement.Key.get_Descriptor()
at Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.CngGcmAuthenticatedEncryptorFactory.CreateEncryptorInstance(IKey key)
at Microsoft.AspNetCore.DataProtection.KeyManagement.Key.CreateEncryptor()
at Microsoft.AspNetCore.DataProtection.KeyManagement.DefaultKeyResolver.CanCreateAuthenticatedEncryptor(IKey key, Int32& retriesRemaining)<---
---> (Inner Exception #5) System.Security.Cryptography.CryptographicException: The system cannot find the file specified.
at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider, CngKeyOpenOptions openOptions)
at System.Security.Cryptography.X509Certificates.CertificatePal.GetPrivateKey[T](Func`2 createCsp, Func`2 createCng)
at System.Security.Cryptography.X509Certificates.CertificateExtensionsCommon.GetPrivateKey[T](X509Certificate2 certificate, Predicate`1 matchesConstraints)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.EncryptedXmlWithCertificateKeys.GetKeyFromCert(EncryptedKey encryptedKey, KeyInfoX509Data keyInfo)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.EncryptedXmlWithCertificateKeys.DecryptEncryptedKey(EncryptedKey encryptedKey)
at System.Security.Cryptography.Xml.EncryptedXml.GetDecryptionKey(EncryptedData encryptedData, String symmetricAlgorithmUri)
at System.Security.Cryptography.Xml.EncryptedXml.DecryptDocument()
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.Decrypt(XElement encryptedElement)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.XmlEncryptionExtensions.DecryptElement(XElement element, IActivator activator)
at Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager.Microsoft.AspNetCore.DataProtection.KeyManagement.Internal.IInternalXmlKeyManager.DeserializeDescriptorFromKeyElement(XElement keyElement)
at Microsoft.AspNetCore.DataProtection.KeyManagement.Key.get_Descriptor()
at Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.CngGcmAuthenticatedEncryptorFactory.CreateEncryptorInstance(IKey key)
at Microsoft.AspNetCore.DataProtection.KeyManagement.Key.CreateEncryptor()
at Microsoft.AspNetCore.DataProtection.KeyManagement.DefaultKeyResolver.CanCreateAuthenticatedEncryptor(IKey key, Int32& retriesRemaining)<---
---> (Inner Exception #6) System.Security.Cryptography.CryptographicException: The system cannot find the file specified.
at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider, CngKeyOpenOptions openOptions)
at System.Security.Cryptography.X509Certificates.CertificatePal.GetPrivateKey[T](Func`2 createCsp, Func`2 createCng)
at System.Security.Cryptography.X509Certificates.CertificateExtensionsCommon.GetPrivateKey[T](X509Certificate2 certificate, Predicate`1 matchesConstraints)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.EncryptedXmlWithCertificateKeys.GetKeyFromCert(EncryptedKey encryptedKey, KeyInfoX509Data keyInfo)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.EncryptedXmlWithCertificateKeys.DecryptEncryptedKey(EncryptedKey encryptedKey)
at System.Security.Cryptography.Xml.EncryptedXml.GetDecryptionKey(EncryptedData encryptedData, String symmetricAlgorithmUri)
at System.Security.Cryptography.Xml.EncryptedXml.DecryptDocument()
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.Decrypt(XElement encryptedElement)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.XmlEncryptionExtensions.DecryptElement(XElement element, IActivator activator)
at Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager.Microsoft.AspNetCore.DataProtection.KeyManagement.Internal.IInternalXmlKeyManager.DeserializeDescriptorFromKeyElement(XElement keyElement)
at Microsoft.AspNetCore.DataProtection.KeyManagement.Key.get_Descriptor()
at Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.CngGcmAuthenticatedEncryptorFactory.CreateEncryptorInstance(IKey key)
at Microsoft.AspNetCore.DataProtection.KeyManagement.Key.CreateEncryptor()
at Microsoft.AspNetCore.DataProtection.KeyManagement.DefaultKeyResolver.CanCreateAuthenticatedEncryptor(IKey key, Int32& retriesRemaining)<---
---> (Inner Exception #7) System.Security.Cryptography.CryptographicException: The system cannot find the file specified.
at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider, CngKeyOpenOptions openOptions)
at System.Security.Cryptography.X509Certificates.CertificatePal.GetPrivateKey[T](Func`2 createCsp, Func`2 createCng)
at System.Security.Cryptography.X509Certificates.CertificateExtensionsCommon.GetPrivateKey[T](X509Certificate2 certificate, Predicate`1 matchesConstraints)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.EncryptedXmlWithCertificateKeys.GetKeyFromCert(EncryptedKey encryptedKey, KeyInfoX509Data keyInfo)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.EncryptedXmlWithCertificateKeys.DecryptEncryptedKey(EncryptedKey encryptedKey)
at System.Security.Cryptography.Xml.EncryptedXml.GetDecryptionKey(EncryptedData encryptedData, String symmetricAlgorithmUri)
at System.Security.Cryptography.Xml.EncryptedXml.DecryptDocument()
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.Decrypt(XElement encryptedElement)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.XmlEncryptionExtensions.DecryptElement(XElement element, IActivator activator)
at Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager.Microsoft.AspNetCore.DataProtection.KeyManagement.Internal.IInternalXmlKeyManager.DeserializeDescriptorFromKeyElement(XElement keyElement)
at Microsoft.AspNetCore.DataProtection.KeyManagement.Key.get_Descriptor()
at Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.CngGcmAuthenticatedEncryptorFactory.CreateEncryptorInstance(IKey key)
at Microsoft.AspNetCore.DataProtection.KeyManagement.Key.CreateEncryptor()
at Microsoft.AspNetCore.DataProtection.KeyManagement.DefaultKeyResolver.CanCreateAuthenticatedEncryptor(IKey key, Int32& retriesRemaining)<---
---> (Inner Exception #8) System.Security.Cryptography.CryptographicException: The system cannot find the file specified.
at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider, CngKeyOpenOptions openOptions)
at System.Security.Cryptography.X509Certificates.CertificatePal.GetPrivateKey[T](Func`2 createCsp, Func`2 createCng)
at System.Security.Cryptography.X509Certificates.CertificateExtensionsCommon.GetPrivateKey[T](X509Certificate2 certificate, Predicate`1 matchesConstraints)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.EncryptedXmlWithCertificateKeys.GetKeyFromCert(EncryptedKey encryptedKey, KeyInfoX509Data keyInfo)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.EncryptedXmlWithCertificateKeys.DecryptEncryptedKey(EncryptedKey encryptedKey)
at System.Security.Cryptography.Xml.EncryptedXml.GetDecryptionKey(EncryptedData encryptedData, String symmetricAlgorithmUri)
at System.Security.Cryptography.Xml.EncryptedXml.DecryptDocument()
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.Decrypt(XElement encryptedElement)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.XmlEncryptionExtensions.DecryptElement(XElement element, IActivator activator)
at Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager.Microsoft.AspNetCore.DataProtection.KeyManagement.Internal.IInternalXmlKeyManager.DeserializeDescriptorFromKeyElement(XElement keyElement)
at Microsoft.AspNetCore.DataProtection.KeyManagement.Key.get_Descriptor()
at Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.CngGcmAuthenticatedEncryptorFactory.CreateEncryptorInstance(IKey key)
at Microsoft.AspNetCore.DataProtection.KeyManagement.Key.CreateEncryptor()
at Microsoft.AspNetCore.DataProtection.KeyManagement.DefaultKeyResolver.CanCreateAuthenticatedEncryptor(IKey key, Int32& retriesRemaining)<---
---> (Inner Exception #9) System.Security.Cryptography.CryptographicException: The system cannot find the file specified.
at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider, CngKeyOpenOptions openOptions)
at System.Security.Cryptography.X509Certificates.CertificatePal.GetPrivateKey[T](Func`2 createCsp, Func`2 createCng)
at System.Security.Cryptography.X509Certificates.CertificateExtensionsCommon.GetPrivateKey[T](X509Certificate2 certificate, Predicate`1 matchesConstraints)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.EncryptedXmlWithCertificateKeys.GetKeyFromCert(EncryptedKey encryptedKey, KeyInfoX509Data keyInfo)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.EncryptedXmlWithCertificateKeys.DecryptEncryptedKey(EncryptedKey encryptedKey)
at System.Security.Cryptography.Xml.EncryptedXml.GetDecryptionKey(EncryptedData encryptedData, String symmetricAlgorithmUri)
at System.Security.Cryptography.Xml.EncryptedXml.DecryptDocument()
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.Decrypt(XElement encryptedElement)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.XmlEncryptionExtensions.DecryptElement(XElement element, IActivator activator)
at Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager.Microsoft.AspNetCore.DataProtection.KeyManagement.Internal.IInternalXmlKeyManager.DeserializeDescriptorFromKeyElement(XElement keyElement)
at Microsoft.AspNetCore.DataProtection.KeyManagement.Key.get_Descriptor()
at Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.CngGcmAuthenticatedEncryptorFactory.CreateEncryptorInstance(IKey key)
at Microsoft.AspNetCore.DataProtection.KeyManagement.Key.CreateEncryptor()
at Microsoft.AspNetCore.DataProtection.KeyManagement.DefaultKeyResolver.CanCreateAuthenticatedEncryptor(IKey key, Int32& retriesRemaining)<---
---> (Inner Exception #10) System.Security.Cryptography.CryptographicException: The system cannot find the file specified.
at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider, CngKeyOpenOptions openOptions)
at System.Security.Cryptography.X509Certificates.CertificatePal.GetPrivateKey[T](Func`2 createCsp, Func`2 createCng)
at System.Security.Cryptography.X509Certificates.CertificateExtensionsCommon.GetPrivateKey[T](X509Certificate2 certificate, Predicate`1 matchesConstraints)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.EncryptedXmlWithCertificateKeys.GetKeyFromCert(EncryptedKey encryptedKey, KeyInfoX509Data keyInfo)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.EncryptedXmlWithCertificateKeys.DecryptEncryptedKey(EncryptedKey encryptedKey)
at System.Security.Cryptography.Xml.EncryptedXml.GetDecryptionKey(EncryptedData encryptedData, String symmetricAlgorithmUri)
at System.Security.Cryptography.Xml.EncryptedXml.DecryptDocument()
at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.Decrypt(XElement encryptedElement)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.XmlEncryptionExtensions.DecryptElement(XElement element, IActivator activator)
at Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager.Microsoft.AspNetCore.DataProtection.KeyManagement.Internal.IInternalXmlKeyManager.DeserializeDescriptorFromKeyElement(XElement keyElement)
at Microsoft.AspNetCore.DataProtection.KeyManagement.Key.get_Descriptor()
at Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.CngGcmAuthenticatedEncryptorFactory.CreateEncryptorInstance(IKey key)
at Microsoft.AspNetCore.DataProtection.KeyManagement.Key.CreateEncryptor()
at Microsoft.AspNetCore.DataProtection.KeyManagement.DefaultKeyResolver.CanCreateAuthenticatedEncryptor(IKey key, Int32& retriesRemaining)<---
[16:56:13 WRN ] Key {65e39225-1ee7-4397-b210-caa1fd4537f5} is ineligible to be the default key because its CreateEncryptor method failed after the maximum number of retries.
System.Security.Cryptography.CryptographicException: The system cannot find the file specified.
at Microsoft.AspNetCore.DataProtection.KeyManagement.Key.get_Descriptor()
at Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.CngGcmAuthenticatedEncryptorFactory.CreateEncryptorInstance(IKey key)
at Microsoft.AspNetCore.DataProtection.KeyManagement.Key.CreateEncryptor()
at Microsoft.AspNetCore.DataProtection.KeyManagement.DefaultKeyResolver.CanCreateAuthenticatedEncryptor(IKey key, Int32& retriesRemaining)
[16:56:13 INF ] Creating key {08fc478b-9939-443a-8658-fe782a263e52} with creation date 2024-10-19 05:56:10Z, activation date 2024-10-19 05:56:10Z, and expiration date 2025-01-17 05:56:10Z.
[16:56:13 INF ] Writing data to file '\\mydomain-dc01\IISSites\LoadBalancerDemo\KeyRing\key-08fc478b-9939-443a-8658-fe782a263e52.xml'.
[16:56:13 INF ] Application started. Press Ctrl+C to shut down.
[16:56:13 INF ] Hosting environment: Production
[16:56:13 INF ] Content root path: \\mydomain-dc01\IISSites\LoadBalancerDemo
[16:56:14 INF 80000f80-0002-1e00-b63f-84710c7967bb] Request starting HTTP/1.1 GET http://loadbalancerdemo.mydomain.com/antiforgery - null null
[16:56:14 INF 80000f80-0002-1e00-b63f-84710c7967bb] Executing endpoint 'HTTP: GET /antiforgery'
[16:56:14 INF 80000f80-0002-1e00-b63f-84710c7967bb] Setting HTTP status code 204.
[16:56:14 INF 80000f80-0002-1e00-b63f-84710c7967bb] Executed endpoint 'HTTP: GET /antiforgery'
[16:56:14 INF 80000f80-0002-1e00-b63f-84710c7967bb] Request finished HTTP/1.1 GET http://loadbalancerdemo.mydomain.com/antiforgery - 204 null null 359.2549ms
As per above logs, a key-08fc478b-9939-443a-8658-fe782a263e52.xml
file gets created in the KeyRing folder now. So there are now 2 files in the KeyRing folder.
(Of interest: you'll see later that the .NET 8 project does not create an additional file here like it did in .NET 9, and also did not get the cannot find file error)
Despite this error, the server response was 204 No Content
which is correct and contains below cookie in response headers
.AspNetCore.Antiforgery.ltTTNb29wlo=CfDJ8ItH_Ag5mTpEhlj-eComPlI90FgXYecRlRBJIE3sE3CNQf96Vvi8afHlEBr-d-Ee7eSQrH5MZhnr7B0eM0d5HPUXotyvIgCJM6va6zNNNQWAijuFlVwgSnOClsizoC40p0cLDefbTgCs04uLJWakP0M; path=/; samesite=strict; httponly
XSRF-TOKEN=CfDJ8ItH_Ag5mTpEhlj-eComPlL5wSwwwJvulBdCNMmp5wM4-gfOD_dDCBhd2oDc5YkjIENAp1w-aK1rp6HGWDwYi2xkCr7xhefFMt20GpCJZKZePWApU8k59RqUJlgSi9ceswbFqakBho6vFq0wRLJEyfs; path=/
Now send request to /weatherForecast
endpoint this time with X-XSRF-TOKEN
header with the value taken from above CfDJ8ItH_Ag5mTpEhlj-eComPlL5wSwwwJvulBdCNMmp5wM4-gfOD_dDCBhd2oDc5YkjIENAp1w-aK1rp6HGWDwYi2xkCr7xhefFMt20GpCJZKZePWApU8k59RqUJlgSi9ceswbFqakBho6vFq0wRLJEyfs
Server returns the expected response of 200 OK
and contains the array of random weather stuff.
[
{
"date": "2024-10-20",
"temperatureC": 48,
"summary": "Warm",
"temperatureF": 118
},
{
"date": "2024-10-21",
"temperatureC": 19,
"summary": "Sweltering",
"temperatureF": 66
},
{
"date": "2024-10-22",
"temperatureC": 38,
"summary": "Freezing",
"temperatureF": 100
},
{
"date": "2024-10-23",
"temperatureC": 15,
"summary": "Warm",
"temperatureF": 58
},
{
"date": "2024-10-24",
"temperatureC": 52,
"summary": "Sweltering",
"temperatureF": 125
}
]
Server logs:
[17:00:44 INF 8000fd48-0003-d700-b63f-84710c7967bb] Request starting HTTP/1.1 GET http://loadbalancerdemo.mydomain.com/weatherForecast - null null
[17:00:44 INF 8000fd48-0003-d700-b63f-84710c7967bb] Executing endpoint 'HTTP: GET /weatherforecast'
[17:00:44 INF 8000fd48-0003-d700-b63f-84710c7967bb] Setting HTTP status code 200.
[17:00:44 INF 8000fd48-0003-d700-b63f-84710c7967bb] Writing value of type 'WeatherForecast[]' as Json.
[17:00:44 INF 8000fd48-0003-d700-b63f-84710c7967bb] Executed endpoint 'HTTP: GET /weatherforecast'
[17:00:44 INF 8000fd48-0003-d700-b63f-84710c7967bb] Request finished HTTP/1.1 GET http://loadbalancerdemo.mydomain.com/weatherForecast - 200 null application/json; charset=utf-8 230.6227ms
Send same request again, this time get 403 Forbidden
response. Below are server logs.
[17:02:44 INF 80194991-0000-e100-b63f-84710c7967bb] Request starting HTTP/1.1 GET http://loadbalancerdemo.mydomain.com/weatherForecast - null null
[17:02:44 INF 80194991-0000-e100-b63f-84710c7967bb] Executing endpoint 'HTTP: GET /weatherforecast'
[17:02:44 INF 80194991-0000-e100-b63f-84710c7967bb] Executing ChallengeResult with authentication schemes ([]).
[17:02:44 INF 80194991-0000-e100-b63f-84710c7967bb] AuthenticationScheme: Cookies was forbidden.
[17:02:44 INF 80194991-0000-e100-b63f-84710c7967bb] Executed endpoint 'HTTP: GET /weatherforecast'
[17:02:44 INF 80194991-0000-e100-b63f-84710c7967bb] Request finished HTTP/1.1 GET http://loadbalancerdemo.mydomain.com/weatherForecast - 403 null null 20.5395ms
Send same request a 3rd time, this time get 200 OK
with some weather data again.
[17:03:47 INF 80002089-0800-fc00-b63f-84710c7967bb] Request starting HTTP/1.1 GET http://loadbalancerdemo.mydomain.com/weatherForecast - null null
[17:03:47 INF 80002089-0800-fc00-b63f-84710c7967bb] Executing endpoint 'HTTP: GET /weatherforecast'
[17:03:47 INF 80002089-0800-fc00-b63f-84710c7967bb] Setting HTTP status code 200.
[17:03:47 INF 80002089-0800-fc00-b63f-84710c7967bb] Writing value of type 'WeatherForecast[]' as Json.
[17:03:47 INF 80002089-0800-fc00-b63f-84710c7967bb] Executed endpoint 'HTTP: GET /weatherforecast'
[17:03:47 INF 80002089-0800-fc00-b63f-84710c7967bb] Request finished HTTP/1.1 GET http://loadbalancerdemo.mydomain.com/weatherForecast - 200 null application/json; charset=utf-8 14.3733ms
So the exception occurs on the /antiforgery
endpoint. The errror says The system cannot find the file specified.
for key 65e39225-1ee7-4397-b210-caa1fd4537f5
but there is definitely an xml file in the KeyRing folder with this name, so I assume it's trying to look for this somewhere else? Also again note that it created 2 separate files.
I tried the same again with .NET 9 and the suggested Pkcs12LoaderLimits
workaround, but the behaviour is still exactly as above.
Now, here's the logs for the same but with the application running as .NET 8.
Just to make sure there was nothing crossing over between requests (like cookies being persisted), the requests I sent for .NET 9 above were using Postman, while the requests below for .NET 8 are sent using Bruno (an alternative application similar to Postman).
First request, /weatherForecast
without xsrf token. Response is 403 Forbidden
as expected.
File key-412a1d58-dd08-4d9c-a09d-7ab39dcdbc86.xml
gets created in KeyRing folder.
[17:17:01 INF ] Creating key {412a1d58-dd08-4d9c-a09d-7ab39dcdbc86} with creation date 2024-10-19 06:17:01Z, activation date 2024-10-19 06:17:01Z, and expiration date 2025-01-17 06:17:01Z.
[17:17:01 INF ] Writing data to file '\\mydomain-dc01\IISSites\LoadBalancerDemo\KeyRing\key-412a1d58-dd08-4d9c-a09d-7ab39dcdbc86.xml'.
[17:17:02 INF ] Application started. Press Ctrl+C to shut down.
[17:17:02 INF ] Hosting environment: Production
[17:17:02 INF ] Content root path: \\mydomain-dc01\IISSites\LoadBalancerDemo
[17:17:02 INF 8000e385-0003-fb00-b63f-84710c7967bb] Request starting HTTP/1.1 GET http://loadbalancerdemo.mydomain.com/weatherForecast - null null
[17:17:03 INF 8000e385-0003-fb00-b63f-84710c7967bb] Executing endpoint 'HTTP: GET /weatherforecast'
[17:17:03 INF 8000e385-0003-fb00-b63f-84710c7967bb] Executing ChallengeResult with authentication schemes ([]).
[17:17:03 INF 8000e385-0003-fb00-b63f-84710c7967bb] AuthenticationScheme: Cookies was forbidden.
[17:17:03 INF 8000e385-0003-fb00-b63f-84710c7967bb] Executed endpoint 'HTTP: GET /weatherforecast'
[17:17:03 INF 8000e385-0003-fb00-b63f-84710c7967bb] Request finished HTTP/1.1 GET http://loadbalancerdemo.mydomain.com/weatherForecast - 403 null null 1010.0297ms
Next request to /antiforgery
, got 204 No Content
with cookies in response as expected.
.AspNetCore.Antiforgery.ltTTNb29wlo=CfDJ8FgdKkEI3ZxNoJ16s53NvIY04ImWYP7uLfTViikz8q52hTrq2IaVUwLSii9tT_nZ2aMmHKFZcRVuSQttggPBBHnCl04yUt8pfBLaeAglIaNaD3A26HS3sTMI_9UT5sxbvE6SkSKf0nzJRSGKEML7DxQ; path=/; samesite=strict; httponly
XSRF-TOKEN=CfDJ8FgdKkEI3ZxNoJ16s53NvIaaQKCExBY2ei-8NqdebEYy_nGKlVJTtirKRIXNhTRc6wh-rmBLn_8eH7LS6ES6CpNszQppD4jRLxDrUYak1pGlF0aHnFHJ3M9fJBp0fVazHvvFjVKVeLiXSylRS52B2jQ; path=/
Logs - note no "cannot find the file specified" error appears. Also of note, no extra .xml key file was created.
[17:18:16 INF 800199b1-0003-f300-b63f-84710c7967bb] Request starting HTTP/1.1 GET http://loadbalancerdemo.mydomain.com/antiforgery - null null
[17:18:16 INF 800199b1-0003-f300-b63f-84710c7967bb] Executing endpoint 'HTTP: GET /antiforgery'
[17:18:16 ERR 800199b1-0003-f300-b63f-84710c7967bb] An exception was thrown while deserializing the token.
Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The antiforgery token could not be decrypted.
---> System.Security.Cryptography.CryptographicException: The key {08fc478b-9939-443a-8658-fe782a263e52} was not found in the key ring. For more information go to https://aka.ms/aspnet/dataprotectionwarning
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status)
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData)
at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken)
--- End of inner exception stack trace ---
at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken)
at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.GetCookieTokenDoesNotThrow(HttpContext httpContext)
[17:18:16 INF 800199b1-0003-f300-b63f-84710c7967bb] Setting HTTP status code 204.
[17:18:16 INF 800199b1-0003-f300-b63f-84710c7967bb] Executed endpoint 'HTTP: GET /antiforgery'
[17:18:16 INF 800199b1-0003-f300-b63f-84710c7967bb] Request finished HTTP/1.1 GET http://loadbalancerdemo.mydomain.com/antiforgery - 204 null null 178.3109ms
Now send request to /weatherForecast
with X-XSRF-TOKEN
header with value CfDJ8FgdKkEI3ZxNoJ16s53NvIaaQKCExBY2ei-8NqdebEYy_nGKlVJTtirKRIXNhTRc6wh-rmBLn_8eH7LS6ES6CpNszQppD4jRLxDrUYak1pGlF0aHnFHJ3M9fJBp0fVazHvvFjVKVeLiXSylRS52B2jQ
which was taken from above.
Works fine and got the weather data response. Server logs below:
[17:20:35 INF 80001ec0-0001-ad00-b63f-84710c7967bb] Request starting HTTP/1.1 GET http://loadbalancerdemo.mydomain.com/weatherForecast - null null
[17:20:35 INF 80001ec0-0001-ad00-b63f-84710c7967bb] Executing endpoint 'HTTP: GET /weatherforecast'
[17:20:35 INF 80001ec0-0001-ad00-b63f-84710c7967bb] Setting HTTP status code 200.
[17:20:35 INF 80001ec0-0001-ad00-b63f-84710c7967bb] Writing value of type 'WeatherForecast[]' as Json.
[17:20:36 INF 80001ec0-0001-ad00-b63f-84710c7967bb] Executed endpoint 'HTTP: GET /weatherforecast'
[17:20:36 INF 80001ec0-0001-ad00-b63f-84710c7967bb] Request finished HTTP/1.1 GET http://loadbalancerdemo.mydomain.com/weatherForecast - 200 null application/json; charset=utf-8 720.7928ms
Sent the request an additional 4 more times, works fine - all of them returned 200 OK
with the expected weather random data.
[17:23:07 INF 80000ca6-0002-4b00-b63f-84710c7967bb] Request starting HTTP/1.1 GET http://loadbalancerdemo.mydomain.com/weatherForecast - null null
[17:23:07 INF 80000ca6-0002-4b00-b63f-84710c7967bb] Executing endpoint 'HTTP: GET /weatherforecast'
[17:23:07 INF 80000ca6-0002-4b00-b63f-84710c7967bb] Setting HTTP status code 200.
[17:23:07 INF 80000ca6-0002-4b00-b63f-84710c7967bb] Writing value of type 'WeatherForecast[]' as Json.
[17:23:07 INF 80000ca6-0002-4b00-b63f-84710c7967bb] Executed endpoint 'HTTP: GET /weatherforecast'
[17:23:07 INF 80000ca6-0002-4b00-b63f-84710c7967bb] Request finished HTTP/1.1 GET http://loadbalancerdemo.mydomain.com/weatherForecast - 200 null application/json; charset=utf-8 200.6874ms
[17:23:37 INF 80000ca7-0002-4b00-b63f-84710c7967bb] Request starting HTTP/1.1 GET http://loadbalancerdemo.mydomain.com/weatherForecast - null null
[17:23:37 INF 80000ca7-0002-4b00-b63f-84710c7967bb] Executing endpoint 'HTTP: GET /weatherforecast'
[17:23:37 INF 80000ca7-0002-4b00-b63f-84710c7967bb] Setting HTTP status code 200.
[17:23:37 INF 80000ca7-0002-4b00-b63f-84710c7967bb] Writing value of type 'WeatherForecast[]' as Json.
[17:23:37 INF 80000ca7-0002-4b00-b63f-84710c7967bb] Executed endpoint 'HTTP: GET /weatherforecast'
[17:23:37 INF 80000ca7-0002-4b00-b63f-84710c7967bb] Request finished HTTP/1.1 GET http://loadbalancerdemo.mydomain.com/weatherForecast - 200 null application/json; charset=utf-8 40.7767ms
[17:23:45 INF 80001f6f-0000-f700-b63f-84710c7967bb] Request starting HTTP/1.1 GET http://loadbalancerdemo.mydomain.com/weatherForecast - null null
[17:23:45 INF 80001f6f-0000-f700-b63f-84710c7967bb] Executing endpoint 'HTTP: GET /weatherforecast'
[17:23:45 INF 80001f6f-0000-f700-b63f-84710c7967bb] Setting HTTP status code 200.
[17:23:45 INF 80001f6f-0000-f700-b63f-84710c7967bb] Writing value of type 'WeatherForecast[]' as Json.
[17:23:45 INF 80001f6f-0000-f700-b63f-84710c7967bb] Executed endpoint 'HTTP: GET /weatherforecast'
[17:23:45 INF 80001f6f-0000-f700-b63f-84710c7967bb] Request finished HTTP/1.1 GET http://loadbalancerdemo.mydomain.com/weatherForecast - 200 null application/json; charset=utf-8 66.2825ms
[17:23:50 INF 80002662-0002-6d00-b63f-84710c7967bb] Request starting HTTP/1.1 GET http://loadbalancerdemo.mydomain.com/weatherForecast - null null
[17:23:50 INF 80002662-0002-6d00-b63f-84710c7967bb] Executing endpoint 'HTTP: GET /weatherforecast'
[17:23:50 INF 80002662-0002-6d00-b63f-84710c7967bb] Setting HTTP status code 200.
[17:23:50 INF 80002662-0002-6d00-b63f-84710c7967bb] Writing value of type 'WeatherForecast[]' as Json.
[17:23:50 INF 80002662-0002-6d00-b63f-84710c7967bb] Executed endpoint 'HTTP: GET /weatherforecast'
[17:23:50 INF 80002662-0002-6d00-b63f-84710c7967bb] Request finished HTTP/1.1 GET http://loadbalancerdemo.mydomain.com/weatherForecast - 200 null application/json; charset=utf-8 10.2181ms
Hope this helps.
Let me know if there's anything else I should try.
I can't reproduce your problem either with the IsProduction load style or EphemeralKeySet, with either RC1 or RC2.
By the by, I can't help but encourage you to make the following changes:
public static WebApplicationBuilder ConfigureDataProtection(
- this WebApplicationBuilder builder)
+ this WebApplicationBuilder builder,
+ out X509Certificate2 certificate)
...
-X509Certificate2 certificate;
...
certificate = X509CertificateLoader.LoadPkcs12FromFile(path, password,
- X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet |X509KeyStorageFlags.Exportable);
+ X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable);
-builder.ConfigureDataProtection();
+builder.ConfigureDataProtection(out cert);
...
-app.Run();
+using (certificate)
+{
+ app.Run();
+}
Otherwise every time you run under IsProduction
you gain an extra persisted copy of your key. PersistKeySet should (ideally) only ever be used for a one-time-ever read of a given PFX, when saving the certificate(s) into a persisted X509Store. If you're running in a throwaway container/VM, then I guess it's indistinguishably fine.
Appreciate the feedback on the code improvement. Your suggestion prompted me to do a bit of research on how the certificate flags work as admittedly I'm not a security or cryptography expert. I decided to change it to use X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.EphemeralKeySet
at all times instead, rather than being dependent on development/production.
It's now working fine in production with the load balancer on .NET 9 RC2. I did try with only X509KeyStorageFlags.EphemeralKeySet
first in production, however I was getting an exception "Bad data" until I added back X509KeyStorageFlags.MachineKeySet
as well.
I'm not sure why the behaviour is different in .NET 8 vs 9, but if this way is better and it works, then I'm happy with it.
Just a question if I may, should we still dispose of the certificate as per your example if using EphemeralKeySet
? My understanding is disposing it removes that file which gets created on disk that you mentioned, but if EphemeralKeySet
only stores it in memory, is there anything else that dispose is doing in this case? In the .NET source code, I could see it calls Reset()
which sets a bunch of stuff to null and then calls ICertificatePalCore.Dispose()
but I couldn't figure out what this is one doing. Just want to get a better understanding.
If the process is about to terminate, it's not really important to dispose a cert that has no private key, or has a private key loaded with EphemeralKeySet.
In general, it's still good to dispose of it when you can, since it holds open OS resources. It'll get cleaned up via the garbage collector (then enqueued for finalization, and then eventually cleaned up in the finalizer)... but it's always goodness to close them out when you know you can.
Description
Hi there,
Our production environment runs two IIS servers behind a load balancer. To allow cookies to be decrypted by both servers, we do the following in our Program.cs in current .NET 8 projects to load a .pfx certificate file from disk.
This has worked fine until now, but when trying out the .NET 9 preview, we got the warning about the X509Certificate2 constructor being obsolete during compilation.
So I've adjusted as follows, replacing the
new X509Certificate2()
withX509CertificateLoader.LoadPkcs12FromFile
and keeping the same storage flags.The application runs fine locally on my machine, but in production behind the load balancer, it's not working correctly. When you log into the application, if your request goes to server 1, then any further requests that go to server 1 work fine, but any requests sent to server 2 fail. This issue is the behaviour I would expect by default if doing nothing of the above.
Changing back to the obsolete constructor (even while the project is still using .NET 9) resolves the issue.
Is there something I'm doing wrong with the new one or is it a bug in the new one, such as with how it's handling the flags?
Reproduction Steps
Code sample provided above.
Expected behavior
Requests to both servers behind the load balancer should continue to work as it did before.
Actual behavior
Cookies cannot be decrypted if created by the other server.
Regression?
Still works fine with the obsolete constructor even with the project using .NET 9.
Known Workarounds
No response
Configuration
No response
Other information
No response