[英]Service account cannot load the X509Certificate from windows certificate store
所有,我遇到一个问题,我的ASP.NET Web表单应用程序(.Net Framework 4.6.1)运行的服务帐户无法从Windows 2012 R2服务器上的个人存储加载X509Certificate(.pfx)。这是怎么回事我将证书导入证书存储区我使用服务帐户(域\\用户名)登录到服务器,使用mmc管理单元将证书导入当前用户个人证书存储区(请参见最后的屏幕截图)
这是我用来在C#中加载证书的代码。但是证书是null
public X509Certificate2 Load()
{
X509Certificate2 x509Certificate = null;
var store = new X509Store(StoreName.My,StoreLocation.CurrentUser);
string thumbPrint = StripTheSpacesAndMakeItUpper(ConfigurationManager.AppSettings["pfxthumbPrint"]);
store.Open(OpenFlags.ReadOnly);
var certCollection = store.Certificates;
foreach (var x509 in certCollection)
{
if (x509.Thumbprint.Equals(thumbPrint))
{
x509Certificate = x509;
break;
}
}
store.Close();
return x509Certificate;
}
private string StripTheSpacesAndMakeItUpper(string thumbPrint)
{
if(!string.IsNullOrWhiteSpace(thumbPrint))
{
return Regex.Replace(thumbPrint, @"\s|\W", "").ToUpper();
}
return thumbPrint;
}
有关为什么方法Load返回null的任何建议?
] 3
我不知道你如何设置ConfigurationManager.AppSettings["pfxthumbPrint"] 。 我想您双击了CurrentUser商店中的证书并从详细信息选项卡中复制了指纹,对吧? 如果是这种情况,您还会从指纹的开头复制一个不可见的字符。
最可悲的是,这个角色(我不知道它是什么)在app.config / web.config中不可见。 摆脱if的唯一方法是delete the first quote character with the first character of the thumbprint and type them in again manually 。 或删除整个指纹和引号,如果您愿意,再次键入它们。
代替
if (x509.Thumbprint.Equals(x509CertificateFriendlyName))
不应该
if (x509.Thumbprint.Equals(thumbPrint))
...?
此外,您似乎将x509Certificate声明为本地变量,然后将其丢弃。 您是否打算将值分配给实例变量? 我甚至没有看到return声明。
此外,您不会处置您的商店,尽管这可能不是您的问题的原因。
这是一个解决这些问题的不同版本,也将消除配置条目中的任何不可见字符(请参阅pepo的答案)。
public X509Certificate2 Load()
{
var thumbPrintFromConfig = ConfigurationManager.AppSettings["pfxthumbPrint"]
var thumbPrint = Regex.Replace(thumbPrintFromConfig.ToUpper(),"[^A-F0-9]",""); //Keep only hex digits
return Load(thumbPrint);
}
private X509Certificate2 Load(string thumbPrint)
{
using (var store = new X509Store(StoreName.My,StoreLocation.CurrentUser))
{
store.Open(OpenFlags.ReadOnly);
var cert = store
.Certificates
.OfType<X509Certificate2>()
.Where(x => x.Thumbprint == thumbPrint)
.Single();
store.Close();
return cert;
}
}
Windows Phone 8上的X509Certificate2到X509Certificate
[英]X509Certificate2 to X509Certificate on Windows Phone 8
显示X509Certificate,其链元素不在证书库中
[英]Display X509Certificate with chain elements not in certificate store
将BouncyCastle X509证书+私钥(RSA)导入Windows证书存储
[英]Import BouncyCastle X509Certificate + Private Key (RSA) into Windows Certificate Store
X509Certificate IssuedTo / IssuedBy供用户从X509Store显示
[英]X509Certificate IssuedTo / IssuedBy for user display from X509Store
如何从证书存储中获取 X509Certificate 并生成 xml 签名数据?
[英]How to get X509Certificate from certificate store and generate xml signature data?
从X509Store获取X509证书时提示用户输入密码?
[英]Prompt user for password when grabbing X509Certificate from X509Store?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.