X.509 certificate in production

[EricBui619]

I'm using password flow in OIDC. Everything works well in local and staging environment. But when we deployed to the production in another server with the same configuration in staging server, after signning in and getting JWT successfully, I'm still not able to call other apis. It always returns 401 Unauthorized. Bellow is server's log:

"warn: 2021-06-13 17:47:13.5565||OrchardCore.OpenId.Services.OpenIdServerService|An error occurred while trying to extract a X.509 certificate.
Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Access denied."

[deanmarcussen]

I'm going to assume you're on Azure here?

You would need to add WEBSITE_LOAD_USER_PROFILE=1 to the webapp

For more information refer this issue #7137