异常:System.Security.Cryptography.CryptographicException:Windows 2008 R2 服务器中托管的 IIS7 应用程序中不存在密钥集 [英] Exception: System.Security.Cryptography.CryptographicException : Keyset does not exist in IIS7 application hosted in windows 2008 R2 server

问题描述

在 Windows Server 2008 R2 中访问托管在 IIS7 中的应用程序时出错.

Getting error when access an application hosted in IIS7 in Windows server 2008 R2.

错误:异常来源:mscorlib:ListFunctions_LoadNamePrefixes()堆栈跟踪:

Error: Exception Source: mscorlib:ListFunctions_LoadNamePrefixes() Stack Trace:

Server stack trace: 
   at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
   at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
   at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
   at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)
   at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()
   at System.IdentityModel.Tokens.X509AsymmetricSecurityKey.get_PrivateKey()
   at System.IdentityModel.Tokens.X509AsymmetricSecurityKey.GetSignatureFormatter(String algorithm)
   at System.IdentityModel.SignedXml.ComputeSignature(SecurityKey signingKey)
   at System.ServiceModel.Security.WSSecurityOneDotZeroSendSecurityHeader.CompletePrimarySignatureCore(SendSecurityHeaderElement[] signatureConfirmations, SecurityToken[] signedEndorsingTokens, SecurityToken[] signedTokens, SendSecurityHeaderElement[] basicTokens)
   at System.ServiceModel.Security.WSSecurityOneDotZeroSendSecurityHeader.CreateSupportingSignature(SecurityToken token, SecurityKeyIdentifier identifier)
   at System.ServiceModel.Security.SendSecurityHeader.SignWithSupportingToken(SecurityToken token, SecurityKeyIdentifierClause identifierClause)
   at System.ServiceModel.Security.SendSecurityHeader.SignWithSupportingTokens()
   at System.ServiceModel.Security.SendSecurityHeader.CompleteSecurityApplication()
   at System.ServiceModel.Security.SecurityAppliedMessage.OnWriteMessage(XmlDictionaryWriter writer)
   at System.ServiceModel.Channels.Message.WriteMessage(XmlDictionaryWriter writer)
   at System.ServiceModel.Channels.BufferedMessageWriter.WriteMessage(Message message, BufferManager bufferManager, Int32 initialOffset, Int32 maxSizeQuota)
   at System.ServiceModel.Channels.TextMessageEncoderFactory.TextMessageEncoder.WriteMessage(Message message, Int32 maxMessageSize, BufferManager bufferManager, Int32 messageOffset)
   at System.ServiceModel.Channels.HttpOutput.SerializeBufferedMessage(Message message)
   at System.ServiceModel.Channels.HttpOutput.Send(TimeSpan timeout)
   at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.SendRequest(Message message, TimeSpan timeout)
   at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

证书存储在受信任的根中.该证书由代码中的 X509Store 访问.应用程序是asp.net应用程序.

The certificate is stored in Trusted root. The certificate is accessed by X509Store in the code. The application is asp.net application.

推荐答案

Certificate 应该放在 LocalMachine\My store(在 mmc 中查看时在本地计算机中的个人存储).证书链应该能够构建并且应该是有效的.

Certificate should be placed in LocalMachine\My store (Personal store in Local computer when viewed in mmc). Certificate chain should be able to build and should be valid.

设置与证书对应的私钥的权限.

Set rights on private key corresponding to the certificate.

您需要为其添加权限的帐户名称是IIS APPPOOL\name_of_the_apppool_your_app_runs_under

The name of the account that you need to add permission for is IIS APPPOOL\name_of_the_apppool_your_app_runs_under

这篇关于异常:System.Security.Cryptography.CryptographicException:Windows 2008 R2 服务器中托管的 IIS7 应用程序中不存在密钥集的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！