Monday, July 28, 2008

WCF and Message based security

Monday, July 28, 2008 Posted by Andre Broers 3 comments
To use message based security in combination with username clientcredential type













I needed to grant access to the private key of the machine certificate to solve the following problem:


System.ArgumentException was unhandled
Message="The certificate 'CN=localhost' must have a private key that is capable of key exchange. The process must have access rights for the private key."
Source="System.ServiceModel"


The first thing to do is lookup the certificate in the Local Machine MMC Certificate Store.
Lookup the thumbnail of the certificate to use in findprivatekey.

I used the tool findprivatekey which is included in the WCF samples on:
Microsoft WCF Samples

Use findprivatekey as:

findprivatekey.exe My LocalMachine -t "" /a


now use cacls.exe to set the security for the account that the service is running in.

In my case IIS 6:


cacls "" /E /G "NETWORK SERVICE":R



/E - edit
/G - username
:R - read access

Now the Network Service account is able to use the private key to decrypt the client messages.

3 comments:

  1. So he laid down $79,000 for a Patek Philippe 5970G, a rolex replica classical yield on a adventurous chronograph."I anticipation it was outrageously expensive" said Mr. Schilling, 46."But I admired the beef jailbait feel." Moreover, he admired that replica rolex added men, acknowledged men, started acquainted it and admiring it. "For guys who accept a replica watches affection for watches", said Mr. Schilling, "it's like a abstruse handshake".

    ReplyDelete