IIS 6 Private Key certificate access

徘徊边缘 提交于 2019-12-11 14:38:05

问题


We have a Web asp.net application running in the framework 2.0 and hosted in an IIS 6 server, and the OS is windows server 2003. The web application is suing a client certificate to be authenticated by a web service. We have impersonalized the application pool with de user “Network Service”.

The problem is when we have to access to the private key of the certificate that is stored in the machine key/my storage. The user Network Service cannot access the key.

We have given privileges to the Network Service user using the winhttpcertcfg.exe tool, however the result is the same.

When we impersonalize the application pool with the local administrator the result is successfully. Therefore we think that the problem is the privileges of the user.

If someone could give us some information about, we would be gratefully.

Thanks in advance


回答1:


Finally we got to solve the problem after many unsuccessfully results but at finish each problem has its own solution.

Our solution consists of creating an administrator account for the local machine. After that we log on with this account and run the MMC /s Command. We import the certificate in LOCAL_MACHINE/My store.

The second part is to remove the user from the administrator group and we create a Service Account for an ASP.NET 2.0 Application with the created user, which is better explained in the following URL http://msdn.microsoft.com/en-us/library/ms998297.aspx.

Good luck.




回答2:


As for me, only this solution works (IIS 6, Win 2003 Srv), but with one issue... My special account can read certificate from ASP.NET application only if I start any application before it with it's rights ("Run as..."). Without this action a have security error when I try to send http-request (WinHttpRequest) with certificate I need.



来源:https://stackoverflow.com/questions/2774382/iis-6-private-key-certificate-access

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!