Invalid provider type specified when trying to access google analytics

Question

We keep getting the error below whenever we try to access the API to get current user numbers. I've tried a few things but cannot get to the bottom of this. Can anyone shed any light on whats wrong/missing?

I should point out that thus runs perfectly fine on my local PC but is failing on the server.

Here is the error:

ConnectToAnalytics error: System.Security.Cryptography.CryptographicException: Invalid provider type specified. at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer) at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle) at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair() at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize) at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey() at Google.Apis.Auth.OAuth2.ServiceAccountCredential.Initializer.FromCertificate(X509Certificate2 certificate) in C:\Users\mdril\Documents\GitHub\google-api-dotnet-client\Src\GoogleApis.Auth.DotNet4\OAuth2\ServiceAccountCredential.cs:line 100 at Core.ConnectToAnalytics()

This error is thrown when i run the code:

Public Shared Function GetRealtimeUsers() As String
    Try
        'realtime on site
        Dim gsService As AnalyticsService = Core.ConnectToAnalytics
        Dim RequestRealtime As DataResource.RealtimeResource.GetRequest = gsService.Data.Realtime.[Get]([String].Format("ga:{0}", "xxxxx"), "rt:activeUsers")
        Dim feed As RealtimeData = RequestRealtime.Execute()

        Return Int(feed.Rows(0)(0)).ToString()
    Catch ex As Exception
        Return "QUOTA USED"
    End Try

It error's here: RequestRealtime.Execute()

For reference - here's the connect script:

Public Shared Function ConnectToAnalytics() As AnalyticsService
    Try
        Dim scopes As String() = New String() {AnalyticsService.Scope.Analytics, AnalyticsService.Scope.AnalyticsEdit, AnalyticsService.Scope.AnalyticsManageUsers, AnalyticsService.Scope.AnalyticsReadonly}
        Dim keyFilePath = HttpContext.Current.Server.MapPath("\xxx.p12")
        Dim serviceAccountEmail = "xxx"
        Dim certificate = New X509Certificate2(keyFilePath, "xxxx", X509KeyStorageFlags.Exportable)
        Dim credential = New ServiceAccountCredential(New ServiceAccountCredential.Initializer(serviceAccountEmail) With {.Scopes = scopes}.FromCertificate(certificate))
        Return New AnalyticsService(New BaseClientService.Initializer() With {.HttpClientInitializer = credential, .ApplicationName = "Client for xxx"})
    Catch ex As Exception
        Core.SendAdminStatusReport("ConnectToAnalytics error: " & ex.ToString)
        Throw ex
    End Try
End Function

Answer 1

I found the fix for this in this post:

https://www.daimto.com/azure-with-service-accounts-in-c/

Changing this line

var certificate = new X509Certificate2(keyFilePath, "notasecret", X509KeyStorageFlags.Exportable);

to

var certificate = new X509Certificate2(keyFilePath, "notasecret", X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable);

Fixed my issue

Answer 2

Its hard to know what your issue is without seeing your code but here is my code for service account authncation

   /// <summary>
    /// Authenticating to Google using a Service account
    /// Documentation: https://developers.google.com/accounts/docs/OAuth2#serviceaccount
    /// </summary>
    /// <param name="serviceAccountEmail">From Google Developer console https://console.developers.google.com</param>
    /// <param name="serviceAccountCredentialFilePath">Location of the .p12 or Json Service account key file downloaded from Google Developer console https://console.developers.google.com</param>
    /// <returns>AnalyticsService used to make requests against the Analytics API</returns>
    public static AnalyticsreportingService AuthenticateServiceAccount(string serviceAccountEmail, string serviceAccountCredentialFilePath, string[] scopes)
    {
        try
        {
            if (string.IsNullOrEmpty(serviceAccountCredentialFilePath))
                throw new Exception("Path to the service account credentials file is required.");
            if (!File.Exists(serviceAccountCredentialFilePath))
                throw new Exception("The service account credentials file does not exist at: " + serviceAccountCredentialFilePath);
            if (string.IsNullOrEmpty(serviceAccountEmail))
                throw new Exception("ServiceAccountEmail is required.");                

            // For Json file
            if (Path.GetExtension(serviceAccountCredentialFilePath).ToLower() == ".json")
            {
                GoogleCredential credential;
                using (var stream = new FileStream(serviceAccountCredentialFilePath, FileMode.Open, FileAccess.Read))
                {
                    credential = GoogleCredential.FromStream(stream)
                         .CreateScoped(scopes);
                }

                // Create the  Analytics service.
                return new AnalyticsreportingService(new BaseClientService.Initializer()
                {
                    HttpClientInitializer = credential,
                    ApplicationName = "Analyticsreporting Service account Authentication Sample",
                });
            }
            else if (Path.GetExtension(serviceAccountCredentialFilePath).ToLower() == ".p12")
            {   // If its a P12 file

                var certificate = new X509Certificate2(serviceAccountCredentialFilePath, "notasecret", X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable);
                var credential = new ServiceAccountCredential(new ServiceAccountCredential.Initializer(serviceAccountEmail)
                {
                    Scopes = scopes
                }.FromCertificate(certificate));

                // Create the  Analyticsreporting service.
                return new AnalyticsreportingService(new BaseClientService.Initializer()
                {
                    HttpClientInitializer = credential,
                    ApplicationName = "Analyticsreporting Authentication Sample",
                });
            }
            else
            {
                throw new Exception("Unsupported Service accounts credentials.");
            }

        }
        catch (Exception ex)
        {                
            throw new Exception("CreateServiceAccountAnalyticsreportingFailed", ex);
        }
    }
}

Code ripped from ServiceAccount.cs

Answer 3

I managed to fix this - i was on the right lines with root certificates, turns out i was missing one. These can be found here:

https://pki.goog/

I cannot remember where i found this but adding the code below to the webconfig helped me figure out which certificate i was missing:

 <system.diagnostics>
<trace autoflush="true" />
<sources>
  <source name="System.Net">
    <listeners>
      <add name="System.Net"/>
    </listeners>
  </source>
  <source name="System.Net.HttpListener">
    <listeners>
      <add name="System.Net"/>
    </listeners>
  </source>
  <source name="System.Net.Sockets">
    <listeners>
      <add name="System.Net"/>
    </listeners>
  </source>
  <source name="System.Net.Cache">
    <listeners>
      <add name="System.Net"/>
    </listeners>
  </source>
</sources>
<sharedListeners>
  <add
   name="System.Net"
   type="System.Diagnostics.TextWriterTraceListener"
    initializeData="System.Net.trace.log"
   traceOutputOptions = "ProcessId, DateTime"
            />
</sharedListeners>
<switches>
  <add name="System.Net" value="Verbose" />
  <add name="System.Net.Sockets" value="Verbose" />
  <add name="System.Net.Cache" value="Verbose" />
  <add name="System.Net.HttpListener" value="Verbose" />
</switches>