IIS 6 私钥证书访问
我们有一个在框架 2.0 中运行并托管在 IIS 6 服务器中的 Web asp.net 应用程序,操作系统是 Windows Server 2003。该 Web 应用程序正在请求客户端证书以由 Web 服务进行身份验证。我们通过去用户“网络服务”对应用程序池进行了非个性化处理。
问题是当我们必须访问存储在机器密钥/我的存储中的证书的私钥时。用户网络服务无法访问密钥。
我们已使用 winhttpcertcfg.exe 工具向网络服务用户授予权限,但结果是相同的。
当我们与本地管理员对应用程序池进行非个性化时,结果是成功的。因此我们认为问题出在用户的权限上。
如果有人能给我们一些信息,我们将不胜感激。
提前致谢
We have a Web asp.net application running in the framework 2.0 and hosted in an IIS 6 server, and the OS is windows server 2003. The web application is suing a client certificate to be authenticated by a web service. We have impersonalized the application pool with de user “Network Service”.
The problem is when we have to access to the private key of the certificate that is stored in the machine key/my storage. The user Network Service cannot access the key.
We have given privileges to the Network Service user using the winhttpcertcfg.exe tool, however the result is the same.
When we impersonalize the application pool with the local administrator the result is successfully. Therefore we think that the problem is the privileges of the user.
If someone could give us some information about, we would be gratefully.
Thanks in advance
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
经过多次不成功的结果后,我们终于解决了问题,但最终每个问题都有自己的解决方案。
我们的解决方案包括为本地计算机创建管理员帐户。之后,我们使用此帐户登录并运行 MMC /s 命令。我们将证书导入LOCAL_MACHINE/我的商店。
第二部分是从管理员组中删除用户,并我们使用创建的用户为 ASP.NET 2.0 应用程序创建一个服务帐户,这在以下 URL http://msdn.microsoft.com/en-us/library/ ms998297.aspx。
祝你好运。
Finally we got to solve the problem after many unsuccessfully results but at finish each problem has its own solution.
Our solution consists of creating an administrator account for the local machine. After that we log on with this account and run the MMC /s Command. We import the certificate in LOCAL_MACHINE/My store.
The second part is to remove the user from the administrator group and we create a Service Account for an ASP.NET 2.0 Application with the created user, which is better explained in the following URL http://msdn.microsoft.com/en-us/library/ms998297.aspx.
Good luck.
对于我来说,只有这个解决方案有效(IIS 6,Win 2003 Srv),但有一个问题......
仅当我使用其权限(“运行方式...”)启动之前的任何应用程序时,我的特殊帐户才能从 ASP.NET 应用程序读取证书。如果没有此操作,当我尝试发送带有我需要的证书的 http 请求 (WinHttpRequest) 时,会出现安全错误。
As for me, only this solution works (IIS 6, Win 2003 Srv), but with one issue...
My special account can read certificate from ASP.NET application only if I start any application before it with it's rights ("Run as..."). Without this action a have security error when I try to send http-request (WinHttpRequest) with certificate I need.