[英]Can't read CurrentUser certificates from X509Store
I'm developing ASP.NET 4.0 web application, and I want to read the current user certificates from X509Store. 我正在开发ASP.NET 4.0 Web应用程序,并且想从X509Store中读取当前的用户证书。 Reading the LocalMachine certificates works fine, but if I set the StoreLocation to CurrentUser, it gives me an empty collection. 读取LocalMachine证书可以正常工作,但是如果我将StoreLocation设置为CurrentUser,它会给我一个空集合。
The following code works fine : 以下代码可以正常工作:
X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine); // StoreLocation.CurrentUser
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
I've checked my personal store (via certmgr.mmc) and I'm sure that I have the certificates. 我已经检查了我的个人商店(通过certmgr.mmc),并且确定我具有证书。
What am I missing ? 我想念什么? ( store.Certificates is empty ) (store.Certificates为空)
It appears that you can not access the Personal Certificate Store via web application, no matter what application pool identity you're using. 似乎无论您使用什么应用程序池标识,都无法通过Web应用程序访问“个人证书存储”。
It makes sense, a web application has no access to that location. 有道理,Web应用程序无法访问该位置。 :) :)
My solution : 我的解决方案:
I've developed an ActiveX control which I think its the only way to access the Store. 我已经开发了ActiveX控件,我认为它是访问商店的唯一方法。 (Also, a Java Applet offers the same functionality). (此外,Java Applet提供相同的功能)。 I use the ActiveX control via JavaScript to access the Store, and send that information to the server. 我通过JavaScript使用ActiveX控件来访问商店,并将该信息发送到服务器。
If your worker process cannot access cert store, maybe it's just account setup problem. 如果您的工作进程无法访问证书存储,则可能仅仅是帐户设置问题。 Try go ing to IIS Configuration, open ApplicationPools, right click on yours, select Advanced and try setting LoadUserProfile to TRUE. 尝试转到IIS配置,打开ApplicationPools,右键单击您的,选择Advanced,然后尝试将LoadUserProfile设置为TRUE。 And restart the pool. 并重新启动池。 It worker for me - no more exceptions when loading .PFX with private keys. 它为我工作-用私钥加载.PFX时没有更多异常。
I had a similar problem. 我有一个类似的问题。 The solution was: 解决方案是:
IIS admin->[your virtual dir]->Authentication->Anonymous Authentication (select then click "Edit...") and change it to use "Application pool identity". IIS管理员-> [您的虚拟目录]->身份验证->匿名身份验证(选择然后单击“编辑...”),然后将其更改为使用“应用程序池标识”。
Otherwise it may be running as the generic "IUSR" 否则,它可能会作为通用“ IUSR”运行
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.