Build a secure XML Web service family of WSE certificate store locations

Original: Building a secure XML Web service family of WSE certificate store locations

We made some suggestions for the security of XML Web service in the last few days, and you can access it from the following address:

Discussion on constructing secure XML Web service series using SOAP headers

How to build a secure XML Web service family View SoapMessage

Building a secure XML Web service family of SSL articles

I have in the above several articles promised to write some about wse3.0, but there is no time, their own understanding of wse3.0 is very limited, so has not realized the promise, is guilty, today I have a small problem as a primer for WSE, I hope you continue to pay attention and support me.

The first time you use Windows Live Writer, there is inevitably a layout and omission, forgive me

Today, a very depressing thing, a lot of days ago I used WSE3 certificate authentication method to set up a Web service, and also superfluous add SSL, and locally installed root certificate and for WSE authentication certificate, locally created client is a Web application, In the VS 2005 debugging has been no problem, for a long time, I thought everything went well, to the partners also wrote a document description, sent to others, the results of today's report said that the website published in the development machine, can not access, Error is not found in the specified storage location of the certificate, I tested in this machine, you say depressed not? In vs2005 the good page running in debugging, published to IIS in the problem, I stored the certificate under the CurrentUser my, I began to suspect that network services can not access this storage location caused by this error, But why debugging in vs2005 is no problem? I think that the original virtual IIS in VS2005 is not running under the Network Service account, because every time I debug, and do not see the w3wp process start, the network Services account is not able to access the current user store under the certificate, This is a WSE access certificate because of the most common problem with permissions issues, and Windows applications can be accessed because they are running on the current account. And the network service has access to the certificate under the local computer's storage location, so I re-imported the certificate to the local computer-personal, and changed <x509 storelocation= "CurrentUser" to <x509 Storelocation= "LocalMachine", re-open the Web page, the program will be OK.

Through this small question today, I have summed up three lessons:

1) When we encounter the same environment, the same program one can run, one cannot run, we can first consider the issue of permissions, our program runs the account has access to a resource.

2) vs2005 in the virtual IIS and IIS there are some differences, do not take a moment of convenience, with this as a normal standard of the program, it is best to debug and run the program in IIS, you can less trouble.

3) When your application is running in IIS applications, if you do not use impersonation, your application will not be able to access the certificate under the current user, including the certificate for SSL, this problem is more typical, if you can access https in IE page, in the program can not, That's probably the problem here. IE is running on the current user, so it can access the current user under the certificate, and the program in IIS is running in network services and cannot be accessed, you must store the certificate on the local computer.

Build a secure XML Web service family of WSE certificate store locations