CryptographicException“键集不存在”,而只能通过WCF [英] CryptographicException 'Keyset does not exist', but only through WCF
问题描述
我有一些code,使一个呼叫到使用X.509认证,获得了第三方的Web服务。
I have some code that makes a call to a third party web service that is secured using X.509 certification.
如果我直接调用code(使用单元测试),它的工作没有任何问题。
If I call the code directly (using a unit test) it works without any problems.
在部署,这code将通过WCF服务调用。我已经添加了第二个单元测试调用WCF服务,但是失败了 CryptographicException ,信息键集不存在时,我呼吁第三方Web服务的方法。
When deployed, this code will be called via a WCF Service. I have added a second unit test that calls the WCF Service, however this fails with a CryptographicException, message "Keyset does not exist" when I call a method on the third party web service.
我presume,这是因为我的WCF服务将尝试使用不同的用户对自己调用第三方Web服务。
I presume that this is because my WCF Service will be attempting to call the third party web service using a different user to myself.
任何人都可以摆脱任何额外的光对这个问题?
Can anyone shed any additional light on this issue?
推荐答案
这将可能是对证书的权限问题。
It will probably be a permissions problem on the certificate.
在运行单元测试,你将要执行的自己的用户环境下,它(这取决于存储的客户的证书是在)将有机会获得该证书的私钥。
When running a unit test you are going to be executing those under your own user context, which (depending on what store the client certificate is in) will have access to that certificate's private key.
然而,如果你的WCF服务在IIS下承载,或者作为Windows服务很可能会在一个服务帐户下运行(网络服务,本地服务或其他一些受限制的帐户)。
However if your WCF service is hosted under IIS, or as a Windows Service it's likely it will be running under a service account (Network Service, Local Service or some other restricted account).
您需要设置的私钥相应的权限,以允许它,服务帐户访问。 MSDN有的详细信息
You will need to set the appropriate permissions on the private key to allow that service account access to it. MSDN has the details
这篇关于CryptographicException“键集不存在”,而只能通过WCF的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
