[英]Error: 'ID1039: The certificate's private key could not be accessed
I am implementing ADFS authentication in azure but I face the following problem: 我在azure中实现ADFS身份验证,但是我面临以下问题:
An exception of type 'System.Configuration.ConfigurationErrorsException' occurred in System.IdentityModel.Services.dll but was not handled in user code System.IdentityModel.Services.dll中出现“System.Configuration.ConfigurationErrorsException”类型的异常,但未在用户代码中处理
Additional information: ID1024: The configuration property value is not valid. 附加信息:ID1024:配置属性值无效。
Property name: serviceCertificate
属性名称: serviceCertificate
Error: 'ID1039: The certificate's private key could not be accessed. 错误:'ID1039:无法访问证书的私钥。 Ensure the access control list (ACL) on the certificate's private key grants access to the application pool user. 确保证书私钥上的访问控制列表(ACL)授予对应用程序池用户的访问权限。
Thumbprint: 'df113454dsf1321(value here I changed the value)'' Thumbprint:'df113454dsf1321(这里的值我更改了值)''
when I right click on the certificate and then click all task then it not show me the option for Manage Private Keys and gave access to IIS user. 当我右键单击证书然后单击所有任务时,它不显示管理私钥的选项并授予IIS用户访问权限。 How I fix the problem. 我是如何解决这个问题的。 web.config file contents: web.config文件内容:
<serviceCertificate>
<certificateReference x509FindType="FindByThumbprint" findValue="dfdsfdfdf(here I changed the value)" storeLocation="LocalMachine" storeName="My" />
</serviceCertificate>
I was getting same issue. 我遇到了同样的问题。 The fix is, to allow the AppPool user (NETWORK SERVICE) to read the certificate private key). 修复方法是,允许AppPool用户(NETWORK SERVICE)读取证书私钥。
Thanks, Shivesh 谢谢,Shivesh
Please check the Application Pool setting for the particular application. 请检查特定应用程序的“应用程序池”设置。 In Application pool advanced setting : Identity should be NetworkService. 在应用程序池高级设置中:标识应为NetworkService。
It is also possible that even though you have the certificate, the private key is not installed in the right place. 即使您拥有证书,也可能没有在正确的位置安装私钥。 I got the same error, but adding the correct user (IIS AppPool\\DefaultAppPool) was not sufficient. 我得到了同样的错误,但添加正确的用户(IIS AppPool \\ DefaultAppPool)是不够的。 I also had import the .pfx: 我也导入了.pfx:
On Windows 7 在Windows 7上
-Open MMC - 打开MMC
-Add Certificates snap-in to manage Local Computer - 添加证书管理单元以管理本地计算机
-Right click Personal store, All Tasks->Import - 右键单击个人存储,所有任务 - >导入
-Select the .pfx file (NOT the default .crt/.cer) - 选择.pfx文件(不是默认的.crt / .cer)
-Enter password, complete the wizard - 输入密码,完成向导
This got my local site working when nothing else I Googled worked. 这让我的本地网站工作,而没有其他任何我用Google搜索工作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.