Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create certificate from file does not work #38

Open
CoenVanWoerkom opened this issue Aug 26, 2020 · 2 comments
Open

Create certificate from file does not work #38

CoenVanWoerkom opened this issue Aug 26, 2020 · 2 comments

Comments

@CoenVanWoerkom
Copy link

As Salomon Rutzky explains in numerous posts on stack exchange and elsewhere (for example https://dba.stackexchange.com/questions/223976/assembly-deployment-with-permission-unsafe-or-external-access-using-asymmetric-k), there is a method to create assemblies without setting trustworthy = ON. This involves creating a certificate or asymmetric key from the executable, creating a login for that key/certificate, and then creating the assembly.

However, I can't get it to work for the APIConsumer. As soon as I try to create the certificate or asymmetric key (tried both), I get the following error message:

The certificate, asymmetric key, or private key file is not valid or does not exist; or you do not have permissions for it.

Here is the code I used for that:

CREATE ASYMMETRIC KEY [FrameworkAPI_Consumer] FROM EXECUTABLE FILE = 'C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CLR\API_Consumer.dll'

Or:

CREATE CERTIFICATE [FrameworkAPI_Consumer] FROM EXECUTABLE FILE = 'C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CLR\API_Consumer.dll';

The method works for the other required assemblies, and creating the assembly does work when setting the trustworthy = ON, so the issue does not seem to come from permissions related issues. I have even tried moving the CLR folder that has to be created to the C:\Windows\Microsoft.NET\Framework64\v4.0.30319 folder, as creating the assembly for newtonsoft.JSON.dll did work from that path.

So that leaves me with the first part of the error message: The certificate, asymmetric key, or private key file is not valid or does not exist. I have very little experience with assemblies, so I have no clue how to verify what exactly is the issue here. I am hoping you could help me out, as I am hoping to use this assembly without having to set trustworthy ON.
@geral2
Copy link
Owner

geral2 commented Aug 28, 2020

Hi @CoenVanWoerkom,

I read the entire serie of these awesome blog. I tried making it External_Access, but since it depends on anothers dll like;
[Newtonsoft.Json]
[System.Runtime.Serialization.dll]
[SMDiagnostics]
[System.ServiceModel.Internals]

It doesn't work. So, what we could do is customize the SQL-ApiConsumer for you, removing JsonConvert objects. What kind of URL would you calling?.

@MyraR
Copy link

MyraR commented Sep 10, 2020
edited
Loading

Hello geral2,

Thank you for your quick response and willingness to help.
We are looking for a way to implement the APIConsumer without having to turn TRUSTWORTHY ON. To circumvent the trustworthy option, we applied the methods described in the articles (creating a certificate or key). After which we tried to create the assembly granting unsafe access. This results in the error message stated above.
Would it be possible to create a certificate or asymmetric key for the APIConsumer without having to customize anything and without having to turn trustworthy on?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@geral2 @MyraR @CoenVanWoerkom