IIS7 无法找到 X.509 证书,即使自托管 WCF 可以
我正在尝试在 IIS7 中托管 WCF 服务。一切正常,直到我在 web.config 文件中指定了以下内容:
<serviceCredentials>
<serviceCertificate findValue="MyCert"
storeLocation="CurrentUser"
storeName="My"
x509FindType="FindBySubjectName" />
</serviceCredentials>
然后我收到异常 System.InvalidOperationException: Cannot find the X.509certificate using the following search criteria: StoreName 'My', StoreLocation 'CurrentUser' 、FindType 'FindBySubjectName'、FindValue 'MyCert'。
顺便说一句 - 我在自托管 WCF 服务中使用相同的证书(存储在同一位置),没有任何问题。
I'm trying to host WCF service in IIS7. Everything worked fine until I've specified the following in web.config file:
<serviceCredentials>
<serviceCertificate findValue="MyCert"
storeLocation="CurrentUser"
storeName="My"
x509FindType="FindBySubjectName" />
</serviceCredentials>
Then I get an exception System.InvalidOperationException: Cannot find the X.509 certificate using the following search criteria: StoreName 'My', StoreLocation 'CurrentUser', FindType 'FindBySubjectName', FindValue ‘MyCert’.
BTW - I'm using this same certificate ( stored at the same location ) with self-hosting WCF service without any problems.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
您可能选择了错误的商店位置。您尝试过 storeLocation="LocalMachine" 吗?
如果这不起作用,那么您需要提供 iis 工作进程。当我在 iis6 中托管使用具有共享证书安全性的用户名的 WCF 服务时,我需要执行此操作。
You might have selected the wrong storeLocation. Have you tried storeLocation="LocalMachine"?
If this doesn't work then you need to give your iis worker process. I needed to do this when I hosted WCF service in iis6 that used Username with shared certificate security.
您的服务在 IIS7 中运行的身份可能无法访问该存储。一般来说,这个身份是ApplicationPoolIdentity。
It could be that the identity your service is running as in IIS7 doesn't have access to the store. Generally this identity is ApplicationPoolIdentity.
尝试为运行应用程序池的帐户授予对证书私钥的读取访问权限。在证书 MMC 管理单元中,找到证书,右键单击,管理私钥...
Try granting read access to the cert's private key for the account the application pool is running as. In Certificates MMC snap-in, find the cert, right click, manage private key...