CryptographicException: Access denied - 如何授予对用户存储的访问权限? [英] CryptographicException: Access denied - How to give access on User store?
问题描述
我正在尝试从 WPF 应用程序中的 pfx 文件加载证书,但它给了我拒绝访问错误.
using (FileStream stream = System.IO.File.OpenRead(certificatePath)){使用 (BinaryReader reader = new BinaryReader(stream)){缓冲区 = reader.ReadBytes((int)stream.Length);}}X509Certificate2 证书 = 新 X509Certificate2(缓冲区,密码);<块引用>
System.Security.Cryptography.CryptographicException:拒绝访问.
在System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32)小时)在System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromBlob(Byte[]rawData, IntPtr 密码, UInt32 dwFlags, Boolean persistKeySet,SafeCertContextHandle&pCertCtx) 在System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromBlob(Byte[]rawData、对象密码、X509KeyStorageFlags keyStorageFlags) 在System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(Byte[]rawData,字符串密码)在HelloWorld.HelloClient.Models.Infrastructure.ReadCertificateFromPfxFile(String证书路径,字符串密码)
snippet 中的最后一行导致异常,如果我以管理员身份运行它,它工作正常.问题似乎是 X509Certificate2 的默认构造函数试图将私钥放入用户存储中.我没有使用网络应用程序.这篇 帖子没有解决我的问题.我认为当前用户可能无法访问他自己的私钥存储.但是我怎样才能授予这种访问权限?
如果有人正在寻找类似问题的解决方案,请发布修复程序.我运行了 sysinternal process monitor 并意识到构造函数调用正在创建机器密钥文件夹中的密钥,并授予用户写入机器密钥的权限.
I am trying to load a certificate from a pfx file in a WPF application and it gives me an access denied error.
using (FileStream stream = System.IO.File.OpenRead(certificatePath))
{
using (BinaryReader reader = new BinaryReader(stream))
{
buffer = reader.ReadBytes((int)stream.Length);
}
}
X509Certificate2 certificate = new X509Certificate2(buffer, password);
System.Security.Cryptography.CryptographicException: Access denied.
at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr) at System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromBlob(Byte[] rawData, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx) at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromBlob(Byte[] rawData, Object password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(Byte[] rawData, String password) at HelloWorld.HelloClient.Models.Infrastructure.ReadCertificateFromPfxFile(String certificatePath, String password)
The last line in snippet is causing an exception, and if I run it as an administrator it works fine. The issue seems to be the default constructor of X509Certificate2 tries to put private key in the user store. I am not using web application. this post doesn't resolve my issue. I think the current user might not have access to his own private key store. But how can I give that access?
Posting a fix if someone looking for a solution for similar issue. I ran sysinternal process monitor and realized the constructor call was creating a key in machine key folder and gave user access to write on machine key.
这篇关于CryptographicException: Access denied - 如何授予对用户存储的访问权限?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
