ASP.net权限的根证书存储 [英] ASP.net permissions to root certificate store

问题描述

是否有可能给asp.net读取权限的证书存储？

Is it possible to give asp.net read permission to the certificate store?

如果是，如何？

如果不......，我需要每个证书文件手动设置的权限？

If no... do I need to set the permission manually per certificate file?

如果是身体的地方是在硬盘上这些文件？

If yes where are these files physically on the HDD?

推荐答案

一般来说，你给权限的 A 证书。我用这样的方法找到了定制证书和授予的权限。如果您使用的是如Verisign，Thawte的等公共实体颁发的证书，这可能是不必要的。

Generally you give permissions to A certificate. I use a method like this to find the custom made cert and grant permissions. If you are using a cert issued by a public entity like Verisign, Thawte, etc, this is probably unnecessary.

FindPrivateKey.exe My LocalMachine –n "CN=<certificate issuer>" 

...会发现在个人存储在本地计算机上的证书为特定的发行人。

...will find certificates on the local machine in the personal store for a particular issuer.

的注：如果FindPrivateKey是不是你的本地计算机上，
下载WCF样品，包括FindPrivateKey工具，在
<一href=\"http://www.microsoft.com/downloads/details.aspx?FamilyId=2611A6FF-FD2D-4F5B-A672-C002F1C09CCD&displaylang=en\">http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=21459

FindPrivateKey返回私钥的证书的位置，类似于

FindPrivateKey returns the location of the private key for the certificate, similar to

"C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\Machinekeys\4d657b73466481beba7b0e1b5781db81_c225a308-d2ad-4e58-91a8-6e87f354b030".

运行以下命令行来分配只读访问权限ASP.NET/WCF服务

Run the following command line to assign read only access permissions to the process identity of the ASP.NET/WCF Service

cacls.exe "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\Machinekeys\4d657b73466481beba7b0e1b5781db81_c225a308-d2ad-4e58-91a8-6e87f354b030" /E /G "NT AUTHORITY\NETWORK SERVICE":R 

请注意：如果您运行的是MicrosoftWindows®XP操作系统，给了ASPNET身份，而不是NT AUTHORITY \\网络服务身份认证的权限，因为IIS进程在Windows XP中的ASPNET帐户下运行。

NOTE: If you are running Microsoft Windows® XP, give the certificate permissions for the ASPNET identity instead of the NT Authority\Network Service identity, because the IIS process runs under the ASPNET account in Windows XP.

证书是由MMC管理单元可以查看在证书。打开MMC，选择文件 - >添加/删除管理单元，单击添加按钮，然后选择证书。在这里，您需要选择合适的存储区（通常计算机帐户 - 对于ASP.NET项目本地计算机）来管理，然后你可以查看/ ADMIN的证书。

Certificates are viewable from the MMC snap in for Certificates. Open MMC, choose File --> Add/Remove Snap in, click the add button and choose certificates. From here you will need to choose the appropriate store (usually Computer Account - Local Computer for ASP.NET items) to manage and then you can view/admin the certs.

请在采取不同的命令行选项的好辛苦的样子，并确保你有什么证书是一个清醒的认识，他们授予任何权限之前是如何工作的。

Please take a good hard look at the different command line options, and make sure that you have a clear understanding of what certificates are and how they work before granting any permissions.

这篇关于ASP.net权限的根证书存储的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！