对象仅包含密钥对的公共部分

发布于 2024-08-15 02:05:53 字数 255 浏览 12 评论 0 原文

安装客户端证书后,我收到异常“对象仅包含密钥对的公共部分。还必须提供私钥”。我的应用程序是在 ASP.NET 平台上运行的 VC#.NET 应用程序。该应用程序还使用 WSE 2.0 导入证书以发出 SOAP 请求。

经过研究,我发现此异常属于 System.Security.Cryptography.CryptographyException 类型。

我非常肯定我的所有 WSE 设置都配置正确,因为我能够通过主题可分辨名称找到类似的证书。任何想法将不胜感激。

Upon installation of a client side certificate, I am getting the exception "Object contains only the public half of a key pair. A private key must also be provided". My application is a VC#.NET application running over an ASP.NET platform. The application also uses WSE 2.0 to import certificates into making SOAP requests.

Upon research, I've found that this exception is of type System.Security.Cryptography.CryptographicException.

I am pretty positive all my WSE settings are configured correctly, since I was able to find a similar certificate by subject-distinguished-name. Any ideas will be greatly appreciated.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

复古式 2024-08-22 02:05:53

我最近遇到了同样的问题。我发现这里有一个对我有用的解释。具体来说,是私钥的权限。完整信息复制如下。

有几件事我想要
首先看:

  1. 您有此证书的私钥吗?
  2. 您是否已授予您的应用程序访问私人空间的权限?
    钥匙?

您可以确定您是否有
通过查看证书私钥
通过 Windows 证书存储。
为此,请按照下列步骤操作:

  1. 从 Windows“开始”菜单中选择“运行”。
  2. 在打开:字段中输入 mmc。单击“确定”
  3. 从“文件”菜单中选择“添加/删除管理单元”。
  4. 点击“添加”按钮。
  5. 从可用独立管理单元列表中选择“证书”。
    单击“添加”按钮。
  6. 选择“计算机帐户”。单击“下一步”。
  7. 选择“本地计算机”。单击“完成”。
  8. 点击“关闭”。
  9. 单击“确定”。
  10. 展开控制台根目录下的证书节点并打开
    个人商店。
  11. 双击您正在使用的证书。如果您有私人
    键,对话框将显示一条消息
    底部写着“你有一个
    与此对应的私钥
    证书”。

如果您有私钥,请确保
您的应用程序已获得许可
访问密钥:

  1. 打开 Windows 资源管理器。
  2. 导航至 C:\Documents and Settings\All Users\Application
    数据\微软\加密\RSA\MachineKeys
    文件夹。
  3. 选择包含 WSE 需要的密钥的文件
    检索。
  4. 从“文件”菜单中选择“属性”。
  5. 在“安全”选项卡上,添加 ASPNET 帐户并选择“完整”
    控制选项。
  6. 注释:
    1. 确定MachineKeys文件夹中的哪个密钥文件
    与证书相关联可以是
    难的。一种简单的方法是记下
    创建日期和时间
    创建新证书。当你
    查看MachineKeys中的文件
    目录,检查修改日期
    相应日期的字段和
    时间。
    2. 如果您已将系统配置为在不同的操作系统下运行
    帐户不是 ASPNET,请使用该帐户
    授予访问权限时
    证书。

I was recently having the same problem. I found one explanation here that worked for me. Specifically, the permissions for the private key. The full info is copied below.

There are a couple things that I would
look at first:

  1. Do you have a private key for this certificate?
  2. Have you given permission for youf application to access the private
    key?

You can establish whether you have a
private key by viewing the certificate
through the Windows Certificate Store.
To get to this, follow these steps:

  1. From the Windows Start menu, select Run.
  2. Type mmc in the Open: field. Click OK
  3. Select "Add/Remove Snap-in" from the File menu.
  4. Click the Add button.
  5. Select "Certificates" from the list of Available Standalone Snap-ins.
    Click the Add button.
  6. Select "Computer account." Click Next.
  7. Select "Local Computer". Click Finish.
  8. Click Close.
  9. Click OK.
    1. Expand the Certificates node under the Console Root and open the
      Personal store.
    2. Double-click the Certificate you're using. If you have a private
      key, the dialog will display a message
      at the bottom that says "You have a
      private key that corresponds to this
      certificate".

If you have a private key, then ensure
that your application has permission
to access the key:

  1. Open Windows Explorer.
  2. Navigate to the C:\Documents and Settings\All Users\Application
    Data\Microsoft\Crypto\RSA\MachineKeys
    folder.
  3. Select the files containing the keys that the WSE will need to
    retrieve.
  4. From the File menu, select Properties.
  5. On the Security tab, add the ASPNET account and select th e Full
    Control option.
  6. Notes:
    1. Determining which key file in the MachineKeys folder is
    associated with a certificate can be
    difficult. One easy method is to note
    the creation date and time when
    creating a new certificate. When you
    view the files in the MachineKeys
    directory, check the Date Modified
    field for the corresponding date and
    time.
    2. If you have configured your system to run under a different
    account than ASPNET, use that account
    when granting permissions to access
    the certificate.
街道布景 2024-08-22 02:05:53

根据我的经验,失败可能有两个原因。

  1. 检查您的证书是否有可用的私钥。
  2. 如果这是 .net 应用程序,请检查您是否已授予证书权限,以确保您的应用程序有权访问该证书。就我而言,添加“iis_iusrs”并授予读取权限对我来说确实有效。
    谢谢。

As per my experience it could be failing because of two reasons.

  1. Check if your cert has private key available.
  2. If that is .net application then check if you have given permission to cert to make sure your application has permission to access the cert. In my case adding the "iis_iusrs" and given read permission does work for me.
    Thanks.
千秋岁 2024-08-22 02:05:53

在遇到相同的异常:System.Security.Cryptography.CryptographicException,对象仅包含密钥对的公共一半后,我证明了替代方案,但不太理想的解决方案。

情况:证书/密钥查找在 Visual Studio IIS Express 中运行良好,但是当 Web 应用程序在正确的 IIS 服务下运行时,我总是收到“仅包含密钥对的公共部分”异常。

我使用 WSE3 CertificateTool 来定位文件系统上的私钥部分,并尝试根据上述答案调整用户权限设置以授予 ASP 用户权限。

我最终的修复(不太完美)是创建一个特定于我的 Web 服务代码的新 IIS 应用程序池,并将池运行的用户身份设置为证书 + 私钥的本地计算机所有者。

我安装证书的最终位置是“本地计算机/受信任的人”。

使用 WSE3 CustomPolicyAssertion、C# .NET:

clientToken = X509TokenProvider.CreateToken(StoreLocation.LocalMachine, 
   StoreName.TrustedPeople, "soap.partnersite.com", X509FindType.FindBySubjectName);

更新应用程序池标识后,更改应用程序池所有者时无需覆盖私钥文件。

After encountering the same exception: System.Security.Cryptography.CryptographicException, Object contains only the public half of a key pair, I proofed an alternative, but less optimal solution.

Situation: Certificate / key look up worked great inside of Visual Studio IIS Express, but while the Web Application was running under the proper IIS service, I always received the 'Contains only public half of key pair' exception.

I used the WSE3 CertificateTool to locate the private key section on the filesystem and attempted at length to adjust the user permission settings to give the ASP user permissions as per the above answer.

My eventual fix, which was not pretty, was to create a new IIS Application Pool specific to my Web service code and set the user Identity the pool runs as the Local machine owner of the certificate + private key.

The final location I installed the certificate in was "Local Computer / Trusted People".

Using WSE3 CustomPolicyAssertion, C# .NET:

clientToken = X509TokenProvider.CreateToken(StoreLocation.LocalMachine, 
   StoreName.TrustedPeople, "soap.partnersite.com", X509FindType.FindBySubjectName);

After updating the App Pool Identity, no private key file overrides were necessary when changing the application pool owner.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文