We use the ComponentPro.Saml library in a .NET app running on an Azure Function.
We have run into issues several times in production when the hosts %APPDATA%\Microsoft\Crypto\RSA\ folder fills to capacity and causes crashes.
In order to mitigate this, we have been testing creating the pfx with the X509KeyStorageFlags.EphemeralKeySet flag.
However, ComponentPro does not seem to support this when using the Sign function.
byte bytes = Base64.Decode("secret");
var coll = new X509Certificate2Collection();
coll.Import(bytes, null, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.EphemeralKeySet);
X509Certificate2 pfx = coll;
Assertion _samlAssertion = CreateSAMLAssertion(etc...);
_samlAssertion.Sign(pfx); //errors here