访问模拟用户密钥库 [英] Accessing Impersonated users key store
问题描述
我正在模拟服务用户帐户,以便连接到需要证书进行连接的Web服务.我已经在运行代码的机器上的服务帐户上安装了客户端证书,但是我收到错误System.Security.Cryptography.CryptographicException:系统找不到指定的文件.
I am impersonating a service user account in order to connect to a webservice that requires a cert to connect. I have installed the client cert on the service account on the machine which is running the code however I receive the error System.Security.Cryptography.CryptographicException: The system cannot find the file specified.
using (var ctx = new ImpersonationContext("svcAcctUserName", "domain", "password"))
{
var clientCert = new X509Certificate2("filePath", "certPassword");
}
模拟代码有效,为简洁起见,我省略了它,但我通过登录Environment.UserName来确保将上下文切换到svcAcctUserName用户,这表明我正在以svcAcctUserName身份运行. filePath是正确的,但我还是忽略了它,但是在创建X509Certificate2对象之前,请先打开和关闭文件,以确保可以同时访问文件并且路径正确.
The impersonation code works, for brevity I have left it out but I check to make sure my context is switched to the svcAcctUserName user by logging the Environment.UserName, which shows that I am running as svcAcctUserName. The filePath is correct, again I left it out, but I open and close the file before I create the X509Certificate2 object to make sure I have both access to the file and that my path is correct.
由于我将路径作为参数提供,并且确定运行代码的用户可以访问,因此错误令人困惑.
The error is confusing since I provide the path as a parameter and I know for certain the user running the code has access.
也尝试这样做:如何调用Web服务通过使用客户端证书在ASP.NET Web应用程序中进行身份验证
尽管我没有使用asp.net应用程序,但还是尝试了一下.我将证书加载项添加到mmc,添加了本地计算机"证书添加项,然后将证书导入到本地计算机的个人"存储中.
Although I am not using an asp.net application, I gave it a try anyway. I added the certificates add-in to the mmc, added the "local computer" certificates add in and then imported the cert into the Personal store of the local machine.
然后我跑了
WinHttpCertCfg.exe -g -c LOCAL_MACHINE\My -s issuedToName -a domain\svcAcctUserName
尝试再次运行该操作,仍然是同样的问题.
Tried running the operation again, still same problem.
我想念什么?
推荐答案
因此,正如Alex所指出的,我不了解Windows中证书系统的基础体系结构.但是,在执行了上述步骤并修改了我的代码以使用X509Store之后,它就开始工作了.希望这会帮助某人:
So, as Alex pointed out, I do not understand the underlying architecture of certificate system in windows. However, after performing the above steps and modifying my code to use the X509Store, I have it working. Hopefully this will help someone:
using (var ctx = new ImpersonationContext("svcAcctUserName", "domain", "password"))
{
var store = new X509Store(StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
var clientCert = store.Certificates.Find(X509FindType.FindByIssuerName, "IssuerNameHere", false);
var clientCert2 = new X509Certificate2(clientCert[0]);
}
这篇关于访问模拟用户密钥库的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!