Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Windows Server TechCenter >
How to Grant IIS 7.5 / ASP.NET 3.5 access to a certificate in certificate store?

Locked How to Grant IIS 7.5 / ASP.NET 3.5 access to a certificate in certificate store?

  • Monday, April 12, 2010 8:14 PM
     
     
    Sign In to Vote
    0

    There seems to be a bug / issue where ASP.NET cannot access the Private key in a certificate. You can replicate the steps to recreate the issue at the below url. If I'm missing something please let me know. Everything is working fine in production on II6 Server 2003 however going to a brand new Server 2008 R2 and IIS 7.5 one cannot give access to a cert in the "Local Computer\Personal" cert store even if you grant "Everyone" full access.

    http://forums.iis.net/p/1166684/1940339.aspx#1940339

       

    All Replies

    • Saturday, June 19, 2010 6:59 PM
       
       
      Sign In to Vote
      0
      Hi,
       
      I built a project with your code (slightly modified due to some changes
      in System.Cryptography) with .Net 4.0 and I didn't seem to have any
      problems:
       
      Cert Private Key
      server.domain.com True
      serveraltname.domain.com True
       
      In terms of permissions System and Administrators have Full control and
      Read on the private keys of the certificates in the Local
      Computer\Personal\Certificates store. Were you able to find a solution yet?
       
       
      <asp:Repeater ID="repeater1" runat="server">
      <HeaderTemplate>
      </HeaderTemplate>
      <ItemTemplate>
      </ItemTemplate>
      <FooterTemplate>
      Cert
      Private Key
      <%#((X509Certificate2)Container.DataItem).GetNameInfo(X509NameType.SimpleName,
      false) %>
      <%#((X509Certificate2)Container.DataItem).HasPrivateKey %>
      </FooterTemplate>
      </asp:Repeater>
       
       
       
      namespace TestWebApp
      {
      public partial class _Default : System.Web.UI.Page
      {
       
      public X509Certificate2Collection Certificates;
      protected void Page_Load(object sender, EventArgs e)
      {
      // Local Computer\Personal
      var store = new X509Store(StoreLocation.LocalMachine);
      // create and open store for read-only access
      store.Open(OpenFlags.ReadOnly);
      Certificates = store.Certificates;
      repeater1.DataSource = Certificates;
      repeater1.DataBind();
      }
      }
       
      public static class Extensions
      {
      public static string HasPublicKeyAccess(this X509Certificate2 cert)
      {
      try
      {
      AsymmetricAlgorithm algorithm = cert.PublicKey.Key;
      }
      catch (Exception ex)
      {
      return "No";
      }
      return "Yes";
      }
       
      public static string HasPrivateKeyAccess(this X509Certificate2
      cert)
      {
      try
      {
      string algorithm = cert.PrivateKey.KeyExchangeAlgorithm;
      }
      catch (Exception ex)
      {
      return "No";
      }
      return "Yes";
      }
      }
      }
       
      -- Mike Burr