ASP.net对根证书存储的权限 [英] ASP.net permissions to root certificate store

问题描述

是否可以向证书库提供asp.net读取权限？

Is it possible to give asp.net read permission to the certificate store?

如果是，如何？

如果没有...我需要手动为每个证书文件设置权限吗？

If no... do I need to set the permission manually per certificate file?

如果是，这些文件在硬盘上的物理位置？

If yes where are these files physically on the HDD?

推荐答案

通常您授予 A 证书的权限。我使用这样的方法来查找自定义的证书和授予权限。如果您使用的是由Verisign，Thawte等公共实体颁发的证书，则这可能是不必要的。

Generally you give permissions to A certificate. I use a method like this to find the custom made cert and grant permissions. If you are using a cert issued by a public entity like Verisign, Thawte, etc, this is probably unnecessary.

FindPrivateKey.exe My LocalMachine –n "CN=<certificate issuer>" 

...将在特定发行者的个人存储中的本地计算机上找到证书。

...will find certificates on the local machine in the personal store for a particular issuer.

注意：如果FindPrivateKey不在您的本地计算机上，
下载WCF样本，包括FindPrivateKey工具，
http://www.microsoft。 com / download / en / details.aspx？displaylang = en& id = 21459

FindPrivateKey返回证书，类似

FindPrivateKey returns the location of the private key for the certificate, similar to

"C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\Machinekeys\4d657b73466481beba7b0e1b5781db81_c225a308-d2ad-4e58-91a8-6e87f354b030".

运行以下命令行为ASP.NET的进程标识分配只读访问权限WCF服务

Run the following command line to assign read only access permissions to the process identity of the ASP.NET/WCF Service

cacls.exe "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\Machinekeys\4d657b73466481beba7b0e1b5781db81_c225a308-d2ad-4e58-91a8-6e87f354b030" /E /G "NT AUTHORITY\NETWORK SERVICE":R 

注意：如果您运行的是MicrosoftWindows®XP，请为ASPNET标识授予证书权限，而不是NT Authority\Network服务标识，因为IIS进程在ASPNET

NOTE: If you are running Microsoft Windows® XP, give the certificate permissions for the ASPNET identity instead of the NT Authority\Network Service identity, because the IIS process runs under the ASPNET account in Windows XP.

证书可从MMC管理单元中的证书中查看。打开MMC，选择文件 - >添加/删除管理单击，单击添加按钮并选择证书。从这里，您需要选择适当的商店（通常是计算机帐户 - 本地计算机的ASP.NET项目）来管理，然后您可以查看/管理证书。

Certificates are viewable from the MMC snap in for Certificates. Open MMC, choose File --> Add/Remove Snap in, click the add button and choose certificates. From here you will need to choose the appropriate store (usually Computer Account - Local Computer for ASP.NET items) to manage and then you can view/admin the certs.

请仔细阅读不同的命令行选项，并确保您在授予任何权限之前，清楚地了解哪些证书及其工作原理。

Please take a good hard look at the different command line options, and make sure that you have a clear understanding of what certificates are and how they work before granting any permissions.

这篇关于ASP.net对根证书存储的权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！