c# - Programatically adding certificate to personal store -


the project i'm working on consists of mvc website talking wcf web services, authenticated windows identity. have certificate identity delegation i'm trying add programatically. manually open certificates snap-in in mmc, import .pfx file personal , enter password. have click on manage private keys , allow permission iis_iusrs. replicate process i've come following console app:

class program {     static void main(string[] args)     {         var cert = new x509certificate2("location.pfx", "password", x509keystorageflags.machinekeyset);         addcert(storename.my, storelocation.localmachine, cert);         addaccesstocertificate(cert, "iis_iusrs");     }      private static void addcert(storename storename, storelocation storelocation, x509certificate2 cert)     {         x509store store = new x509store(storename, storelocation);         store.open(openflags.readwrite);         store.add(cert);         store.close();     }      private static void addaccesstocertificate(x509certificate2 cert, string user)     {         rsacryptoserviceprovider rsa = cert.privatekey rsacryptoserviceprovider;          if (rsa != null)         {             string keyfilepath =                 findkeylocation(rsa.cspkeycontainerinfo.uniquekeycontainername);              fileinfo file = new fileinfo(keyfilepath + "\\" +                 rsa.cspkeycontainerinfo.uniquekeycontainername);              filesecurity fs = file.getaccesscontrol();              ntaccount account = new ntaccount(user);             fs.addaccessrule(new filesystemaccessrule(account,             filesystemrights.fullcontrol, accesscontroltype.allow));              file.setaccesscontrol(fs);         }     }     private static string findkeylocation(string keyfilename)     {         string text1 =         environment.getfolderpath(environment.specialfolder.commonapplicationdata);         string text2 = text1 + @"\microsoft\crypto\rsa\machinekeys";         string[] textarray1 = directory.getfiles(text2, keyfilename);         if (textarray1.length > 0)         {             return text2;         }         string text3 =         environment.getfolderpath(environment.specialfolder.applicationdata);         string text4 = text3 + @"\microsoft\crypto\rsa\";         textarray1 = directory.getdirectories(text4);         if (textarray1.length > 0)         {             foreach (string text5 in textarray1)             {                 textarray1 = directory.getfiles(text5, keyfilename);                 if (textarray1.length != 0)                 {                     return text5;                 }             }         }         return "private key exists not accessible";     } }

unfortunately gives error:

the address of security token issuer not specified. explicit issuer address must specified in binding target 'https://service.svc' or local issuer address must configured in credentials.

i recognise have large knowledge gap stuff i'd appreciate guidance!

my question is, what's difference between manual , automated process?

this line:

var cert = new x509certificate2("location.pfx", "password", x509keystorageflags.machinekeyset);

should have been

var cert = new x509certificate2("location.pfx", "password", x509keystorageflags.machinekeyset | x509keystorageflags.persistkeyset);

it x509keystorageflags.persistkeyset missing.

i got helpful information on certificates here.


Comments

Post a Comment

Popular posts from this blog

javascript - RequestAnimationFrame not working when exiting fullscreen switching space on Safari -

request animation frame stops working when exiting fullscreen clicking on original space's safari window. fine if fullscreen mode canceled escape key or calling cancelfullscreen(). steps reproduce: open https://dl.dropboxusercontent.com/u/769042/prezi/safari-fullscreen.html click "draw raf", kittie appears click "fullscreen", go fullscreen click "draw raf", kittie appears go space original safari was, showing "click exit fullscreen mode", click anywhere, out fullscreen click "draw raf", nothing happens what handling click calling: window.requestanimationframe(draw); which draws on canvas context: function draw() { ctx.drawimage(img, math.random()*500|0, math.random()*400|0, 100, 100); } i checked .hidden , .visibilitystate, updated correctly. tested on osx 10.9.3, safari 7.0.4 (9537.76.4). has workaround/solution other switching old settimeout? this sounds webkit bug 88940 : using reque
Read more

Python ctypes access violation with const pointer arguments -

i have api i'm trying wrap in python (2.7.6 on win7) code using ctypes. here's api: client_dllfunc bool clientapi search_exporttoclipcopy(clienthsearch handle, int channel, lpctstr filename, const time_t& from, const time_t& to, const bool* cameras, int length, bool usepassword, lpctstr password, bool includetextin = false, bool excludeplayer = false); the issue i'm having cameras argument; , i've had issue other const pointer arguments well. here's how i'm wrapping api: def search_exporttoclipcopy(self, hsearch, csearch, filename, tfrom, tto, cameras, length, usepassword, password, includetextin=true, excludeplayer=false): exporttoclipcopy = self.sdkdll.search_exporttoclipcopy exporttoclipcopy.argtypes = [c_int, c_int, c_wchar_p, c_long, c_long, pointer(c_bool), c_int, c_bool, c_wchar_p, c_bool, c_bool] exporttoclipcopy.restype = c_bool exporttoclipcopy(hsearch, csearch, filename, tfrom, tto, cameras, length, usepassword, pass
Read more