如何让 ASP.NET 访问证书存储中证书中的私钥? [英] How to give ASP.NET access to a private key in a certificate in the certificate store?
问题描述
我有一个 ASP.NET 应用程序,它访问证书存储中证书中的私钥.在 Windows Server 2003 上,我能够使用 winhttpcertcfg.exe 授予对 NETWORK SERVICE 帐户的私钥访问权限.如何授予访问 IIS 7.5 网站中 Windows Server 2008 R2 证书存储区(本地计算机个人)中证书私钥的权限?
I have an ASP.NET application that accesses private key in a certificate in the certificates store. On Windows Server 2003 I was able to use winhttpcertcfg.exe to give private key access to the NETWORK SERVICE account. How do I give permissions to access a Private Key in a certificate in the certificate store (Local ComputerPersonal) on a Windows Server 2008 R2 in an IIS 7.5 website?
我已尝试为所有人"、IIS AppPoolDefaultAppPool"、IIS_IUSRS"以及我可以使用证书 MMC(Server 2008 R2)找到的所有其他安全帐户授予完全信任访问权限.但是,下面的代码表明该代码无权访问使用私钥导入的证书的私钥.每次访问私钥属性时,代码都会抛出错误.
I've tried giving Full Trust access to "Everyone", "IIS AppPoolDefaultAppPool", "IIS_IUSRS", and everyother security account I could find using the Certificates MMC (Server 2008 R2). However the below code demonstrates that the code does not have access to the Private Key of a certificate that was imported with the private key. The code instead throws and error everytime the private key property is accessed.
Default.aspx
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" Inherits="_Default" %>
<%@ Import Namespace="System.Security.Cryptography.X509Certificates" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title></title>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:Repeater ID="repeater1" runat="server">
<HeaderTemplate>
<table>
<tr>
<td>
Cert
</td>
<td>
Public Key
</td>
<td>
Private Key
</td>
</tr>
</HeaderTemplate>
<ItemTemplate>
<tr>
<td>
<%#((X509Certificate2)Container.DataItem).GetNameInfo(X509NameType.SimpleName, false) %>
</td>
<td>
<%#((X509Certificate2)Container.DataItem).HasPublicKeyAccess() %>
</td>
<td>
<%#((X509Certificate2)Container.DataItem).HasPrivateKeyAccess() %>
</td>
</tr>
</ItemTemplate>
<FooterTemplate>
</table></FooterTemplate>
</asp:Repeater>
</div>
</form>
</body>
</html>
</表单>