C＃不能使用证书签名JWT

我正在使用VS 2017和.NET 4.6.2开发C＃Web Api MVC项目，我想用我的证书签署JSON Web令牌。C＃不能使用证书签名JWT

这是我的代码：

using SolutionDOC_Common; 
using SolutionDOC_Interface.Repository.Authentication; 
using SolutionDOC_SDK.Model; 
using System; 
using System.Collections.Generic; 
using System.Configuration; 
using System.IdentityModel.Tokens.Jwt; 
using System.Security.Authentication; 
using System.Security.Claims; 
using System.Security.Cryptography; 
using System.Security.Cryptography.X509Certificates; 
using mit = Microsoft.IdentityModel.Tokens; 

public string Build(Credentials credentials) 
{ 
    string thumbprint = ConfigurationManager.AppSettings["CertificateThumbprint"]; 
    string tokenIssuer = ConfigurationManager.AppSettings["TokenIssuer"]; 
    string tokenAudience = ConfigurationManager.AppSettings["TokenAudience"]; 

    List<Claim> claims = new List<Claim> 
    { 
     new Claim(ClaimTypes.Name, credentials.Username), 
     new Claim(ClaimTypes.Surname, credentials.Alias) 
    }; 

    X509Certificate2 cert = CertificateUtility.GetCertificateByThumbprint(thumbprint); 
    RSACryptoServiceProvider publicAndPrivate = (RSACryptoServiceProvider)cert.PublicKey.Key; 

    JwtSecurityToken jwtToken = new JwtSecurityToken 
    (
     issuer: tokenIssuer, 
     audience: tokenAudience, 
     claims: claims, 
     signingCredentials: new mit.SigningCredentials(new mit.RsaSecurityKey(publicAndPrivate), mit.SecurityAlgorithms.RsaSha256Signature), 
     expires: DateTime.Now.AddDays(30) 
    ); 

    JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler(); 

    // This throws the InvalidOperationException! 
    string tokenString = tokenHandler.WriteToken(jwtToken); 

    return tokenString; 

    throw new AuthenticationException(); 
} 

的tokenHandler.WriteToken(jwtToken)线，抛出一个InvalidOperationException说

“IDX10638：无法创建SignatureProvider， 'key.HasPrivateKey' 是假的，不能创建签名。键：Microsoft.IdentityModel.Tokens.RsaSecurityKey。'

相应证书的权限设置为IIS_IUSRS用户，因此它也可以读取私钥。该证书实际上是一个使用IIS生成的自签名证书，该证书具有私钥。 拇指指纹设置正确，所以我得到正确的证书。 所以我正确地得到了X509Certificate2对象。 X509Certificate2对象的PrivateKey属性已填充。

它为什么不起作用？