stackoom
  简体   繁体   中英

WCF can't access local machine certificate store certificates without elevation

 原文  2020-02-26 08:26:37       c#/ sockets/ wcf/ ssl/ certificate

Question

I am having weird issue. My service certificate is stored in localMachine/Personal.

And is referenced like,

          <serviceCredentials>
            <serviceCertificate findValue="TestCertificate56" storeLocation="LocalMachine" storeName="My" x509FindType="FindByIssuerName" />
          </serviceCredentials>

When certificate is installed all seems to be working fine without needing elevation rights when running. After restarting machine, suddenly client's can no longer connect as service terminates socket on connection

System.ServiceModel.CommunicationException: The socket connection was aborted. This could be caused by an error processing your message or a receive timeout being exceeded by the remote host, or an underlying network resource issue. Local socket timeout was '00:10:00'. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
   at System.Net.Sockets.Socket.Receive(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
   at System.ServiceModel.Channels.SocketConnection.ReadCore(Byte[] buffer, Int32 offset, Int32 size, TimeSpan timeout, Boolean closing)
   --- End of inner exception stack trace ---

There is no message indicating error on service side. If I run service in elevated mode, there is no issue. Also If I reinstall the certificate it works until the next restart. Also if CurrentUser store is used, no issues.

Why is this an issue? My service will be deployed and run as NetworkService user, so I believe it needs it's certificate in LocalMachine store, rather than CurrentUser store. My service won't have admin rights, so issue will re-appear in production

Edit: I replicated the issue on two different computers running VS 2017 and 2019

1 answers

solution1
 0  2020-02-28 07:19:08

I also recommend that you use local machine storage instead of current user storage. Because when the user running the program changes, it may result in the certificate not being searchable. In addition, it is better to configure certificates through Thumbprint .

    <serviceCertificate storeLocation="LocalMachine" 
storeName="My" x509FindType="FindByThumbprint"
 findValue="974ad39ff0b86210f5e7d661e56945ad5c2d3770"/>

              </serviceCredentials>

In the end, I think the source of the problem may be that access to the public or private key of the certificate requires permissions, and I suggest that you add Everyone account to the certificate management private key group.
在此处输入图片说明
Feel free to let me know if the problem still exists.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question WCF Certificates without Certificate Store Can't Access WCF REST service from any other machine on my local area network How to access store certificates from client machine Can a .p12 file with CA certificates be used in C# without importing them to certificate store Install certificates in to the Windows Local user certificate store in C# WCF wsdualhttpbinding client without elevation How can I install a certificate into the local machine store programmatically using c#? can't use certificates installed in the store as server-side certificates How to Read PFX Certificate from local machine Store with C# WCF wsHttpBinding Client Certificate Authentication without using store in client
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM