问题
We have a Web asp.net application running in the framework 2.0 and hosted in an IIS 6 server, and the OS is windows server 2003. The web application is suing a client certificate to be authenticated by a web service. We have impersonalized the application pool with de user “Network Service”.
The problem is when we have to access to the private key of the certificate that is stored in the machine key/my storage. The user Network Service cannot access the key.
We have given privileges to the Network Service user using the winhttpcertcfg.exe tool, however the result is the same.
When we impersonalize the application pool with the local administrator the result is successfully. Therefore we think that the problem is the privileges of the user.
If someone could give us some information about, we would be gratefully.
Thanks in advance
回答1:
Finally we got to solve the problem after many unsuccessfully results but at finish each problem has its own solution.
Our solution consists of creating an administrator account for the local machine. After that we log on with this account and run the MMC /s Command. We import the certificate in LOCAL_MACHINE/My store.
The second part is to remove the user from the administrator group and we create a Service Account for an ASP.NET 2.0 Application with the created user, which is better explained in the following URL http://msdn.microsoft.com/en-us/library/ms998297.aspx.
Good luck.
回答2:
As for me, only this solution works (IIS 6, Win 2003 Srv), but with one issue... My special account can read certificate from ASP.NET application only if I start any application before it with it's rights ("Run as..."). Without this action a have security error when I try to send http-request (WinHttpRequest) with certificate I need.
来源:https://stackoverflow.com/questions/2774382/iis-6-private-key-certificate-access