除非服务帐户登录,否则 WCF 服务无法访问个人证书存储
我创建了一个 WCF 服务,它有一个通过 Internet 调用 SOAP Web 服务的方法。
为了调用 SOAP Web 服务,需要使用 HttpWebRequest 发送 X.509 证书。
X.509 证书加载到运行服务的帐户的个人和受信任证书存储中。
当服务帐户登录到服务器时,一切正常。
但是,当服务帐户未实际登录到服务器时,它会在加载 X.509 证书时出现问题,并且在尝试发出 HttpWebRequest 时会失败身份验证。
我是 WCF 服务的新手,所以我什至不知道从哪里开始寻找。
有人可以帮忙吗?谢谢。
I created a WCF service that has a method which makes a call to a SOAP web service over the internet.
In order to make a call to the SOAP web service, it requires that an X.509 certificate be sent with the HttpWebRequest.
The X.509 certificates are loaded in the Personal and Trusted Certificate store of the account which the service is running under.
When the service account is logged into the server, everything works just fine.
However, when the service account is not physically logged onto the server, it has problems loading up the X.509 certificate and fails authentication when trying to make the HttpWebRequest.
I am new to WCF services so I don't even know where to start looking.
Can anyone help? Thanks.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
问题是应用程序池默认不加载服务帐户的用户配置文件。
您必须转到应用程序池的高级设置并将 LoadUserProfile 设置为 true。
The problem was that the app pool doesn't load the user profile of the service account by default.
You have to go to the advanced settings for the app pool and set LoadUserProfile to true.
您需要将客户端证书安装到本地计算机存储并从那里访问它,因为从应用程序的角度来看,您的帐户不是交互式的。此外,您还可以为用于运行 WCF 服务的用户帐户授予对客户端证书的访问权限。
类似于 http://support.microsoft.com/kb/901183
You need to install client certificate to the local machine store and access it from there, since your account is not interactive from your application standpoint. Also you have grant access to the client certificate for the user account that is used to run your WCF service.
Similar to http://support.microsoft.com/kb/901183