we need to include the storageFlags for keyvault and base64 certs so …

…the user profile can be loaded when using Azure WebApps (#224)
AzureAD · Jun 19, 2020 · 0e68799 · 0e68799
1 parent e4626d7
commit 0e68799
Showing 1 changed file with 8 additions and 2 deletions.
diff --git a/src/Microsoft.Identity.Web/CertificateManagement/DefaultCertificateLoader.cs b/src/Microsoft.Identity.Web/CertificateManagement/DefaultCertificateLoader.cs
@@ -50,7 +50,10 @@ public void LoadIfNeeded(CertificateDescription certificateDescription)
         private static X509Certificate2 LoadFromBase64Encoded(string certificateBase64)
         {
             byte[] decoded = Convert.FromBase64String(certificateBase64);
-            return new X509Certificate2(decoded);
+            return new X509Certificate2(
+                decoded,
+                (string)null,
+                X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.EphemeralKeySet);
         }
 
         /// <summary>
@@ -74,7 +77,10 @@ private static X509Certificate2 LoadFromKeyVault(string keyVaultUrl, string cert
             // Return a certificate with only the public key if the private key is not exportable.
             if (certificate.Policy?.Exportable != true)
             {
-                return new X509Certificate2(certificate.Cer);
+                return new X509Certificate2(
+                    certificate.Cer,
+                    (string)null,
+                    X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.EphemeralKeySet);
             }
 
             // Parse the secret ID and version to retrieve the private key.