[英]Client Certificate Authentication in .NET (Windows Server)
I have a very weird issue with a Web Application I have deployed. 我已部署的Web应用程序存在一个非常奇怪的问题。
Relevant Data: 相关数据:
Application Server: IIS 7.5
Server: Windows Server 2008 R2 Standard SP1
Framework: ASP.NET
.NET Framework: 4 (4.0.30319)
Application Pool: Integrated
I the web application I make use of a service that's authenticated with Client Certificate Authentication. 在Web应用程序中,我使用了通过客户端证书身份验证进行身份验证的服务。 I don't have problems relating to the authentication itself (it is working on my development environment).
我没有与身份验证本身有关的问题(它正在我的开发环境中工作)。 But I am seeing problems whenever I want to use the service from the server (production) environment.
但是,每当我想使用服务器(生产)环境中的服务时,都会遇到问题。
Here's the relevant portion of the CODE: 这是CODE的相关部分:
private void SetupClienteCertificate(HttpWebRequest req)
{
var binding = new BasicHttpBinding();
binding.Security.Mode = BasicHttpSecurityMode.Transport;
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
var crt = new X509Certificate2(
txtClientCertificateFile.Text,
txtCertificatePassword.Text,
X509KeyStorageFlags.MachineKeySet
);
req.ClientCertificates.Add(crt);
}
The error I am getting is pretty common and self explanatory: 我遇到的错误很常见,很容易解释:
The request was aborted: Could not create SSL/TLS secure channel.
The very weird part of it is that if I run the exact same code from a C#
.Net Windows Forms Desktop Application (with the same .NET 4 framework) I can get the code to communicate with the server. 它的最奇怪的部分是 ,如果我从
C#
.Net Windows Forms桌面应用程序(具有相同的.NET 4框架)运行完全相同的代码 ,则可以获取与服务器通信的代码。
So my question is: Why is it working from the Desktop Application and not working from the ASP.NET Web Application? 所以我的问题是: 为什么它不能在桌面应用程序中工作,而不能在ASP.NET Web应用程序中工作?
Some stuff that I've already made sure of: 我已经确定的一些东西:
Any ideas? 有任何想法吗?
I think I get your problem. 我想我能解决你的问题。 Can you ensure the account under which application pool is running have sufficient privilege to read certificate from certificate store .
您可以确保运行应用程序池的帐户具有足够的特权来从证书存储中读取证书 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.