当我在本地运行此程序时,它成功地从
certificatesmart card如果我在
client sideIIShttpsapplicationlocalhostclient side appcertificates不幸的是,因为它是
client sidelogsdebug到目前为止,我已经确定没有
certsthumbprintcertificatecertificatethumprint我尝试过将
X509StoreStoreNameStoreName.RootStoreName.CertificationAuthoritycert public (InvoiceResult resultValue, X509Certificate2 cert) GetDefaultCertificateStoredOnTheCard()
{
var resultValue = InvoiceResult.Success;
using X509Store x509Store = new X509Store("MY", StoreLocation.CurrentUser);
X509Store store = x509Store;
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
X509Certificate2Collection certs = store.Certificates.Find(X509FindType.FindByTimeValid, DateTime.Now, true);
// by thumbprint, there is only one
certs = certs.Find(X509FindType.FindByThumbprint, Settings.Default.Thumbprint, true);
_log.TraceInformation($"Locations of certs in store after opening flags is {certs.Count}!");
if (certs.Count == 0)
{
resultValue = InvoiceResult.CannotFindSignature;
// throw new ArgumentException("Please insert smart card to obtain certificate.");
}
X509Certificate2 cert = certs[0];
if (cert.HasPrivateKey)
{
// software cert
_ = cert.PrivateKey as RSACryptoServiceProvider;
}
else
{
// certificate from smartcard
CspParameters csp = new CspParameters(1, "Microsoft Base Smart Card Crypto Provider")
{
Flags = CspProviderFlags.UseDefaultKeyContainer
};
_ = new RSACryptoServiceProvider(csp);
}
_log.TraceInformation($"GetDefaultCerticateStoredOnTheCard method gets values {cert}.");
_log.TraceInformation($"GetDefaultCerticateStoredOnTheCard method gets values {resultValue}.");
return (resultValue, cert);
}
如有任何建议,我们将不胜感激。
最有可能的是,您的应用程序运行所用的帐户没有从存储中读取证书的权限。
在 MMC 中打开您的证书存储。右键单击证书并选择“所有任务”>“管理私钥”(注意:我的计算机上安装的是 Windows 7;在其他版本的 Windows 中可能有所不同)。然后您可以将读取权限分配给正确的用户帐户。
我建议使用 Machine Store,因为在 IIS 中运行的应用程序运行在与您在构建计算机上安装证书和运行软件的开发版本时使用的“当前用户”不同的用户下。
var store = new X509Store(StoreLocation.LocalMachine);