我可以使用在ASP.NET中的X509Certificate2不使用证书存储? [英] Can I use an X509Certificate2 within ASP.NET without using a certificate store?
问题描述
我想在Rackspace公司云内的ASP.NET Web服务中使用的x509证书。我有一种感觉,也许导致问题的云节点上的证书存储。我也有与此相关的有,我在<接收异常的问题href=\"http://stackoverflow.com/questions/2094735/sslstream-authenticateasclient-exception-when-using-iphone-apple-push-notificatio\">SslStream.AuthenticateAsClient异常使用iPhone苹果推送通知提供程序时(APNS锋利)C#
I am trying to use an X509Certificate within an ASP.NET web service within the Rackspace Cloud. I have a feeling the certificate stores on the cloud nodes maybe causing problems. I also have a question related to this with the exception that I am receiving at SslStream.AuthenticateAsClient Exception when using iPhone Apple Push Notification Provider (apns-sharp) C#
在APNS锋利的项目,我用的是下面的code:
Within the apns-sharp project I was using the following code:
certificate = new X509Certificate2(p12File)
但是我收到一个异常,改变code以下内容的解决X509Certificate2例外。新的code是如下:
However I received an exception and changing the code to the following resolved the X509Certificate2 exception. The new code is as follows:
certificate = new X509Certificate2(p12File, String.Empty, X509KeyStorageFlags.MachineKeySet);
我想知道我是否可以使用在ASP.NET中的X509Certificate2不使用证书存储?请问证书存储是导致问题与Rackspace的云节点?
I would like to know if I can use an X509Certificate2 within ASP.NET without using a certificate store? Would the certificate stores be causing problems with the Rackspace Cloud nodes?
更新#1 Rackspace公司告诉我,访问本地计算机证书存储是不允许的。是否有任何其他方式使用证书存储绕过?也许使用第三方库?
Update #1 Rackspace tell me that access to the Local Machine Certificate store is not permitted. Is there any other way to bypass using the certificate store? Maybe using a third party library?
推荐答案
第一个构造函数不工作的原因是,ASP.NET不加载用户配置文件存储,这是默认的存储,如果你不指定使用存储位置 X509KeyStorageFlags 。然而,本机存储始终由ASP.NET,这就是为什么第二个构造函数加载工作。
The reason the first constructor doesn't work is that ASP.NET does not load the user profile store, which is the default store if you don't specify a storage location using X509KeyStorageFlags. However, the machine store is always loaded by ASP.NET, which is why the second constructor works.
我假设你打算使用私钥证书加密或创建数字签名(哈希),在这种情况下,你不能避免使用证书存储为私钥只能以编程方式进口访问证书,而不是直接从斑点或文件。
I'm assuming that you intend to use the private key on the certificate for encryption or creating digital signatures (hashing), in which case you can't avoid using a certificate store as private keys can only be accessed programmatically from imported certificates, and not directly from blobs or files.
我不认为证书存储使用,如果证书数据只包含公共密钥(因为是保护敏感的数据信息) - 我注意到,我只需要在我打算指定计算机存储与包含私钥证书工作。
I don't think the certificate store is used if the certificate data only contains the public key (as there is no sensitive data to protect) - I've noticed that I only need to specify the machine store when I intend to work with certificates that contain a private key.
我不能在Rackspace的情况,但评论 - 有可能是在部分信任的环境中code运行导入证书,作为装载私有密钥容器的要求可能不被授予特定的权限问题,你的组装。
I can't comment on the Rackspace situation though - there may be issues with importing certificates in code running in a partially-trusted environment, as loading a private key container demands specific permissions that may not be granted to your assembly.
这篇关于我可以使用在ASP.NET中的X509Certificate2不使用证书存储?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
