1. 首页
  2. 问答
  3. 避免管理员访问SslStream.AuthenticateAsClient?

避免管理员访问SslStream.AuthenticateAsClient?

2010-11-11 43 views
1

我有一个使用.NET SslStream类以及客户端和服务器证书的应用程序。此应用程序在Windows XP上运行良好。但是在Windows 7(可能是Vista中也是如此),调用SslStream.AuthenticateAsClient当出现以下异常:避免管理员访问SslStream.AuthenticateAsClient?

System.ComponentModel.Win32Exception: The credentials supplied to the package were not recognized 
    at System.Net.SSPIWrapper.AcquireCredentialsHandle(SSPIInterface SecModule, String package, CredentialUse intent, SecureCredential scc) 
    at System.Net.Security.SecureChannel.AcquireCredentialsHandle(CredentialUse credUsage, SecureCredential& secureCredential) 
    at System.Net.Security.SecureChannel.AcquireClientCredentials(Byte[]& thumbPrint) 
    at System.Net.Security.SecureChannel.GenerateToken(Byte[] input, Int32 offset, Int32 count, Byte[]& output) 
    at System.Net.Security.SecureChannel.NextMessage(Byte[] incoming, Int32 offset, Int32 count) 
    at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) 
    at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) 
    at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest) 
    at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) 
    at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) 
    at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) 
    at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest) 
    at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult) 
    at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation)

如果应用程序管理员在Windows 7上“运行”,一切都很正常。我猜测这里的根本原因是AuthenticateAsClient需要客户端证书的私钥(它安装在本地机器个人证书存储中),并且该操作需要管理员访问权限。

我的问题是,是否有任何可以做的补救措施呢?或者,使用带有客户端证书的AuthenticateAsClient需要管理员权限仅仅是一个事实:

来源

2010-11-11 zdv

回答

2

您是否尝试过使用WinHttpCertCfg将当前用户的访问权限授予证书?

喜欢的东西:

winhttpcertcfg -g -c LOCAL_MACHINE\My -s MyCertificate -a TESTUSER

欲了解更多信息,请参阅this article

来源

2010-11-16 12:31:56

+0

这是完美的,正是我一直在寻找的! – zdv 2010-11-18 04:31:40

+0

小调;可以使用-C CURRENT_USER \ TrustedPublisher,而Trusted和Publisher之间没有空格。 Not Trusted_Publisher或“CURRENT_USER \ Trusted Publisher”。感谢WinHttpCertCfg默默无视我的错误。 – 2013-06-21 13:43:12

1

Microsoft管理控制台(MMC)使管理员能够将客户端证书导入本地计算机。但是,导入证书不会自动授予对其他帐户的私钥访问权限。客户端证书认证需要此私钥。 Microsoft Windows HTTP服务(WinHTTP)证书配置工具提供了在需要时授予对其他帐户(例如IWAM帐户)的访问权限的功能。

https://msdn.microsoft.com/en-us/library/aa384088(VS.85).aspx#_using

来源

2015-02-17 06:42:02 Slogger

相关问题

 相关问题