CryptographicException 'Keyset 不存在',但只能通过 WCF [英] CryptographicException 'Keyset does not exist', but only through WCF
问题描述
我有一些代码可以调用使用 X.509 认证保护的第三方网络服务.
I have some code that makes a call to a third party web service that is secured using X.509 certification.
如果我直接调用代码(使用单元测试),它就可以正常工作.
If I call the code directly (using a unit test) it works without any problems.
部署后,此代码将通过 WCF 服务调用.我添加了调用 WCF 服务的第二个单元测试,但是当我调用第三方的方法时,失败并出现 CryptographicException,消息 "Keyset does not exist"网络服务.
When deployed, this code will be called via a WCF Service. I have added a second unit test that calls the WCF Service, however this fails with a CryptographicException, message "Keyset does not exist" when I call a method on the third party web service.
我认为这是因为我的 WCF 服务将尝试使用与我不同的用户调用第三方 Web 服务.
I presume that this is because my WCF Service will be attempting to call the third party web service using a different user to myself.
任何人都可以对这个问题有任何额外的了解吗?
Can anyone shed any additional light on this issue?
推荐答案
可能是证书权限问题.
运行单元测试时,您将在您自己的用户上下文中执行这些测试,这(取决于客户端证书所在的存储)将有权访问该证书的私钥.
When running a unit test you are going to be executing those under your own user context, which (depending on what store the client certificate is in) will have access to that certificate's private key.
但是,如果您的 WCF 服务托管在 IIS 下,或作为 Windows 服务托管,则它很可能会在服务帐户(网络服务、本地服务或某些其他受限帐户)下运行.
However if your WCF service is hosted under IIS, or as a Windows Service it's likely it will be running under a service account (Network Service, Local Service or some other restricted account).
您需要为私钥设置适当的权限,以允许该服务帐户访问它.MSDN 有详细信息
You will need to set the appropriate permissions on the private key to allow that service account access to it. MSDN has the details
这篇关于CryptographicException 'Keyset 不存在',但只能通过 WCF的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
