ASP.net 对根证书存储的权限 [英] ASP.net permissions to root certificate store

问题描述

是否可以授予 asp.net 对证书存储的读取权限?

Is it possible to give asp.net read permission to the certificate store?

如果是，如何?

如果没有...我是否需要为每个证书文件手动设置权限?

If no... do I need to set the permission manually per certificate file?

如果是，这些文件在硬盘上的物理位置是什么?

If yes where are these files physically on the HDD?

推荐答案

通常您会授予A 证书的权限.我使用这样的方法来查找定制的证书并授予权限.如果您使用的是由 Verisign、Thawte 等公共实体颁发的证书，则这可能是不必要的.

Generally you give permissions to A certificate. I use a method like this to find the custom made cert and grant permissions. If you are using a cert issued by a public entity like Verisign, Thawte, etc, this is probably unnecessary.

FindPrivateKey.exe My LocalMachine –n "CN=<certificate issuer>" 

...将在个人存储中的本地计算机上找到特定颁发者的证书.

...will find certificates on the local machine in the personal store for a particular issuer.

注意:如果 FindPrivateKey 不在您的本地机器上，下载 WCF 示例，包括 FindPrivateKey 工具，位于http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=21459

FindPrivateKey 返回证书私钥的位置，类似

FindPrivateKey returns the location of the private key for the certificate, similar to

"C:Documents and SettingsAll UsersApplication DataMicrosoftCryptoRSAMachinekeys4d657b73466481beba7b0e1b5781db81_c225a308-d2ad-4e58-91a8-6e87f354b030".

运行以下命令行为ASP.NET/WCF服务的进程标识分配只读访问权限

Run the following command line to assign read only access permissions to the process identity of the ASP.NET/WCF Service

cacls.exe "C:Documents and SettingsAll UsersApplication DataMicrosoftCryptoRSAMachinekeys4d657b73466481beba7b0e1b5781db81_c225a308-d2ad-4e58-91a8-6e87f354b030" /E /G "NT AUTHORITYNETWORK SERVICE":R 

注意:如果您运行的是 Microsoft Windows® XP，请为 ASPNET 身份而不是 NT AuthorityNetwork Service 身份授予证书权限，因为 IIS 进程在 Windows XP 中的 ASPNET 帐户下运行.

NOTE: If you are running Microsoft Windows® XP, give the certificate permissions for the ASPNET identity instead of the NT AuthorityNetwork Service identity, because the IIS process runs under the ASPNET account in Windows XP.

可以从证书的 MMC 管理单元中查看证书.打开 MMC，选择文件 --> 添加/删除管理单元，单击添加按钮并选择证书.从这里您需要选择适当的存储(通常是计算机帐户 - ASP.NET 项目的本地计算机)进行管理，然后您可以查看/管理证书.

Certificates are viewable from the MMC snap in for Certificates. Open MMC, choose File --> Add/Remove Snap in, click the add button and choose certificates. From here you will need to choose the appropriate store (usually Computer Account - Local Computer for ASP.NET items) to manage and then you can view/admin the certs.

请仔细查看不同的命令行选项，并确保您在授予任何权限之前清楚了解什么是证书以及它们的工作原理.

Please take a good hard look at the different command line options, and make sure that you have a clear understanding of what certificates are and how they work before granting any permissions.

这篇关于ASP.net 对根证书存储的权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！