Build Secure XML Web Service series-WSe-certificate storage location

We made some suggestions on the security of the XML Web Service a few days ago. You can access it through the following address:

Creating a secure XML Web Service series using SOAP Headers

How to view soapmessage when building a secure XML Web Service series

SSL for building secure XML Web Service series

I usedArticleI promised to write something about wse3.0, but I have never had time. I have very limited understanding of wse3.0, so I have never been able to fulfill my promise, today, I am introducing a small problem to WSE. I hope you will continue to pay attention to and support me.

Windows Live writer is used for the first time, which is prone to typographical and omission. Sorry.

Today, a very depressing thing happened. Many days ago, I used the wse3 certificate verification method to set up a web service. In addition, I added SSL, and install the root certificate locally and the WSE verification certificate. The client created locally is a Web application, and debugging in VS 2005 has been normal for a long time, I thought everything went well. I wrote a document to the partner and sent it to someone else. The other party reported today that the website was inaccessible after it was published on the development machine, the error is that the X.509 certificate cannot be found at the specified storage location. I tested it on the local machine. Are you depressed? This problem occurs when a good page running during debugging in vs2005 is published to IIS. I stored the certificate under my of currentuser, I started to suspect that network services could not access this storage location, which caused this error. But why is there no problem in debugging in vs2005? Think about whether the original virtual IIS In vs2005 was running under the network service account, because every time I debug it, I did not see the w3wp process starting, the network services account cannot access the certificate stored by the current user. This is a WSE access certificate because of the most common permission problems, and Windows ApplicationsProgramThis is because the account is running but accessible. Network Service can access the certificate stored in the local computer, so I re-import the certificate to the local computer-personal, then, change <X509 storelocation = "currentuser" to <X509 storelocation = "localmachine" and open the webpage again.

Through this small question today, I have summarized three experiences:

1) when one program can run in the same environment and the other cannot run, we can first consider the permission issue, whether the account that runs the program has the permission to access a resource.

2) There are some differences between the virtual IIS and IIS In vs2005. it is not convenient to figure it at the moment. It is best to debug and run the program in IIS as the program standard, it can be less troublesome.

3) when your application is an application running in IIS, your application cannot access the certificate located under the current user if it is not simulated, this includes SSL certificates. This problem is more typical. If you can access the HTTPS page in IE but cannot access the page in the program, the problem may be located here. IE runs on the current user, so it can access the certificate of the current user, while the program in IIS runs on network services and cannot be accessed, you must store the certificate on your local computer.