WCF WebService无法从证书中获取PrivateKey
Rub*_*mez 2 c# ssl wcf web-services
我已经创建了一个托管在IIS中的WCF服务,我已经创建了一个CA makecert和一个用于使用该服务来验证服务的证书HTTPS.有了这个证书,我就可以了.现在我正在尝试在服务中使用Message Security.
在web.config我有下一个代码:
<serviceCredentials>
<serviceCertificate findValue="192.168.1.230" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
<clientCertificate>
<authentication certificateValidationMode="ChainTrust" />
</clientCertificate>
</serviceCredentials>
当我尝试通过Chrome等浏览器查看Web服务时,我收到了下一个错误System.Security.Cryptography.CryptographicException: KeySet does not exists.我查看内部异常,这就是我所看到的
[CryptographicException: El conjunto de claves no existe]
System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer) +5368074
System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle) +138
System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair() +221
System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey() +516
System.ServiceModel.Security.SecurityUtils.GetKeyContainerInfo(X509Certificate2 certificate) +45
System.ServiceModel.Security.SecurityUtils.EnsureCertificateCanDoKeyExchange(X509Certificate2 certificate) +76
[ArgumentException: Puede que el certificado 'CN=192.168.1.230' no tenga un clave privada capaz de intercambiar claves, o que el proceso no tenga permisos de acceso a la clave privada. Vea la excepción interna para obtener información detallada.]
System.ServiceModel.Security.SecurityUtils.EnsureCertificateCanDoKeyExchange(X509Certificate2 certificate) +16947147
System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager.CreateLocalSecurityTokenProvider(RecipientServiceModelSecurityTokenRequirement recipientRequirement) +190
System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager.CreateSecurityTokenProvider(SecurityTokenRequirement requirement) +50
System.ServiceModel.Security.AsymmetricSecurityProtocolFactory.OnOpen(TimeSpan timeout) +930
System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) +740
System.ServiceModel.Security.SecurityListenerSettingsLifetimeManager.Open(TimeSpan timeout) +79
System.ServiceModel.Channels.SecurityChannelListener`1.OnOpen(TimeSpan timeout) +397
System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) +740
System.ServiceModel.Dispatcher.ChannelDispatcher.OnOpen(TimeSpan timeout) +375
System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) +740
System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout) +249
System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) +740
System.ServiceModel.HostingManager.ActivateService(ServiceActivationInfo serviceActivationInfo, EventTraceActivity eventTraceActivity) +125
System.ServiceModel.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath, EventTraceActivity eventTraceActivity) +901
[ServiceActivationException: El servicio '/WebFrontITAS.svc' no se puede activar debido a una excepción durante la compilación. El mensaje de la excepción es: Puede que el certificado 'CN=192.168.1.230' no tenga un clave privada capaz de intercambiar claves, o que el proceso no tenga permisos de acceso a la clave privada. Vea la excepción interna para obtener información detallada..]
System.Runtime.AsyncResult.End(IAsyncResult result) +622882
System.ServiceModel.Activation.HostedHttpRequestAsyncResult.End(IAsyncResult result) +196075
System.Web.CallHandlerExecutionStep.OnAsyncHandlerCompletion(IAsyncResult ar) +282
我搜索了很多关于这一点,但我没有找到任何有用的东西.当我尝试使用FindPrivateKey.exe它的私钥失败并给我下一个错误No certificates with key '192.168.1.230' found in the store.
我不确定问题是与证书有关还是与WCF的配置有关.
除了更改用户另一种解决此问题的方法是给予应用程序池WCF服务正在读取私钥的权限下运行.
打开系统的证书存储区并找到您的证书,然后从中选择"管理私钥"
在安全设置内部通过添加名称添加您的WCF服务正在运行的应用程序池IIS AppPool\App_Pool_Name_Here(如果您在域中,请确保该位置设置为计算机而不是域)
然后选中Read权限框,您的应用应该可以开始阅读您的证书了.
注意:我遇到了一个错误,根据您导入证书的方式,程序仍然无法正常工作,我发现如果您使用IIS导入证书通常会发生这种情况.如果您使用内置于管理器的向导删除证书并从证书管理器内重新添加证书,它通常会解决问题.
| 归档时间: |
|
| 查看次数: |
3156 次 |
| 最近记录: |