|
| I had a similar problem only we where using an ASP.NET web service to
call the certificates. We found that once the certs where installed
they would work fine if you envoked them using an Administrator, Domain
Admin, or Domain user account.
After some time we decided to work in the same way you did by using a
COM + object and had the same problem as you. We finally found that if
you allow in our case the ASP.NET service account to have read access to
the C:\Documents and Settings\All Users\Application
Data\Microsoft\Crypto\RSA directory solved our problem. Although in
your case i guess it would need read / write / modify.
I hope this helps.
Helena Cai wrote:
> Hi,
>
> Due to the nature of our system, we need to dynamically import certificate
> files into windows certificates store and access the certificate store from
> ASP pages, these ASP pages call a VB dll component, which uses the CAPICOM
> component to manipulate windows certficate store.
>
> Because ASP is running under IWAM account, we got "Access is denied" error
> when trying to import the certificate files. We registered the VB
> components under COM+ to get around this security problem. However,
> recently we are experiencing all sorts of problems with COM+ ( eg.
> DLLHost.exe hang with 100% CPU after heavy traffic, ActiveX component can
> not be created out of sudden), we decided to move this VB component out of
> COM+, which means we are facing the same old "Access is denied" problem
> again.
>
> I did some search in the newsgroups, somebody suggested to log on under IWAM
> account to enable ASP import certificates, however, because our machine is
> the server, this is not a prefered option.
>
> Also, there is a tool provided by microsoft called "winhttpcertcfg.exe",
> which can import certficates into the certifcate store and allow IWAM
> account to access them. At this stage, I am thinking to use shell command
> to call this exe from VB program, however, I am not quite comfortable with
> solution...
>
> Can anybody give me some sugguestion or let me know if I am on the right
> track?
>
> Thanks in advance.
> helena
>
>
>
>
>
>
|
|