Monday, July 28, 2008

WCF and Message based security

Monday, July 28, 2008 Posted by Andre Broers 3 comments
To use message based security in combination with username clientcredential type

I needed to grant access to the private key of the machine certificate to solve the following problem:

System.ArgumentException was unhandled
Message="The certificate 'CN=localhost' must have a private key that is capable of key exchange. The process must have access rights for the private key."

The first thing to do is lookup the certificate in the Local Machine MMC Certificate Store.
Lookup the thumbnail of the certificate to use in findprivatekey.

I used the tool findprivatekey which is included in the WCF samples on:
Microsoft WCF Samples

Use findprivatekey as:

findprivatekey.exe My LocalMachine -t "" /a

now use cacls.exe to set the security for the account that the service is running in.

In my case IIS 6:

cacls "" /E /G "NETWORK SERVICE":R

/E - edit
/G - username
:R - read access

Now the Network Service account is able to use the private key to decrypt the client messages.


  1. So he laid down $79,000 for a Patek Philippe 5970G, a rolex replica classical yield on a adventurous chronograph."I anticipation it was outrageously expensive" said Mr. Schilling, 46."But I admired the beef jailbait feel." Moreover, he admired that replica rolex added men, acknowledged men, started acquainted it and admiring it. "For guys who accept a replica watches affection for watches", said Mr. Schilling, "it's like a abstruse handshake".