对Azure订阅日志使用证书-禁止使用403

Question

Background:

I have a Windows Service which polls Azure subscription logs (API: http://msdn.microsoft.com/en-us/library/windowsazure/gg715318.aspx )

On my local development machine the service is set to log on as my account. The X509 certificate was imported under CurrentUser\\Personal and in the source code where I check the cert store I have:

X509Store certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);

Issue:

The service works fine on my dev machine, it can retrieve data from the API. On the testing machine I get this error:

The remote server returned an error: (403) Forbidden.

The service is set to log on as a specific user, dmz\\aaseclg1 and the current user\\personal cert store has the required certificate.

Any ideas?

Thanks in advance.

Edit: image of password prompt:

Answer 1

I have seen this error when I export the certificate from the machine on which it is created and while exporting, I choose to import it in .cer format (ie without exporting private keys). Can you try by exporting the certificate from your dev box in pfx format and then copy the file on your test box and import it again in your test box by selecting the file and installing the certificate?

UPDATE

I was able to reproduce this. When you import the certificate, please make sure that you have unchecked the checkbox which reads "Enable strong private key protection" as shown in the screenshot below.

When I check this checkbox, every time I use this certificate it prompts me to enter a password. Now I was using a GUI application so I could see that box. In your case since you are consuming the certificate through a Windows Service (a non UI thingie), this box never shows and you think the service is hanging.