3

我知道问题标题可能是重复的,但我还没有找到适合我的情况的答案,所以这里是;

我有这段简单的代码

// Convert the Filename to an X509 Certificate
X509Certificate2 cert = new X509Certificate2(certificateFilePath);

// Get the server certificate store
X509Store store = new X509Store(StoreName.TrustedPeople, StoreLocation.LocalMachine);

store.Open(OpenFlags.MaxAllowed);
store.Add(cert); // x509 certificate created from a user supplied filename

但不断出现“拒绝访问”异常。

我已经阅读了一些建议使用 StorePermissions 可以解决我的问题的信息,但我认为这与我的代码无关。话虽如此,我确实对其进行了测试以确保它无法正常工作。

我还发现建议在 Windows 中更改文件夹权限是可行的方法,虽然这可能有效(未经测试),但对于将成为分布式代码的内容似乎并不实用。

我还必须补充一点,因为代码将作为服务在服务器上运行,将证书添加到当前用户存储似乎也是错误的。

无论如何以编程方式将证书添加到本地机器存储中?

4

1 回答 1

0

Thank you to Oscar and Bob for asking the questions and leading me in the right direction +10 to you both :)

My issue, as I think we all knew (even me) was the user running the application had insufficient privilages to add a certificate to the local machine store.

But various attempts to elevate the user permissions were failing for me, let me explain why.

I had 3 seperate projects in my solution, the wcf service which requires the X509certificates, the windows form client and the cryptography class library which, amongst other things, installs the certificates provided via the windows form client.

As most of the code within all 3 projects could run without elevated permissions, I really wanted to only elevate them at the certificate install stage within the class library but I tried to use Process and Verb= "runas" in code and this didn't work. Then I tried to add a custom manifest but if you try to alter the properties of a class library to use a custom manifest, you'll find the option is disabled.

So I changed things. My cryptography class is now within my windows form client and I've added the custom manifest to the client. This now means the whole client opens with elevated privilages but I'd rather that than the alternative.

Thank you again

于 2013-06-25T14:05:50.183 回答