如何让带证书的WCF服务 部署在以network service 帐户运行的Windows Service中 原创
2009-06-28 10:54
741 查看
主要问题:
授权Network Service 帐户访问证书文件.
Install Service
安装WCF 服务
1.Import a server certification:
导入证书
Start=>Run mmc
开始=>运行mmc
File=>Add/Remove Snap-in
Certifications=>
文件=>添加删除管理单员
Certifications=>Add=>Computer Account
选择 证书=>添加=>计算机帐户
Right click on certification: All Task=>Import
Select the certification. Example: Create a test certification use MakeCert suppose server name is “dev01”
Start=>Programs=>Microsoft visual studio 2008=>visual studio tools=>visual studio command prompt (Right click run as administrator)
Run makecert.exe -sr LocalMachine -ss MY -a sha1 -n CN= dev01 -sky exchange –pe
(open mmc to see the certification)
2.Grant read purview to NETWORK SERVICE use FindPrivatekey tool to find the private key file store location of the certification imported just now.
For example (FindPrivatekey.exe in C:\) Open command prompt with administrator
From the picture above we can see that the private key file is in
F:\ProgramData\MicroSoft\Crypto\RSA\MachineKeys\ 1817c10fb6f21ea57a247b8d31ee9a0e_b0b895a9-b6c9-4147-a32c-d3e1c1659fa5 Open this folder:
Right click =>Properties=>Security=>Edit=>Add=>Advanced=>Find Now=>
Select NETWORK SERVIE =>Ok=>Uncheck Read & Execute => Ok
Notice: You can run a command instead of this action:
In Server 2008: ICacls F:\ProgramData\MicroSoft\Crypto\RSA\MachineKeys\1817c10fb6f21ea57a247b8d 31ee9a0e_b0b895a9-b6c9-4147-a32c-d3e1c1659fa5 /grant "NETWORK SERVICE":(R,WDAC)
In Server 2003: cacls.exe "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\ RSA\MachineKeys\1817c10fb6f21ea57a247b8d\31ee9a0e_b0b895a9-b6c9-4147-a32c-d3e1c1659fa5 " /E /G "NETWORK SERVICE":R
3:Install
In Server 2003: cacls.exe "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\ RSA\MachineKeys\1817c10fb6f21ea57a247b8d\31ee9a0e_b0b895a9-b6c9-4147-a32c-d3e1c1659fa5 " /E /G "NETWORK SERVICE":R
3:Install Service In Windows service Run Command prompt with administrator: Go to the install directory of dotnet framework For Example: The service host application is in C:\PlexusChartService\PlexusChartServiceHost.exe Run InstallUtil “C:\PlexusChartService\PlexusChartServiceHost.exe”
Now.It is run in network service account. Notice: Do not double click the certification to import the certification, In that case ,the private key file will be in the login user(administrator)’s folder.
授权Network Service 帐户访问证书文件.
Install Service
安装WCF 服务
1.Import a server certification:
导入证书
Start=>Run mmc
开始=>运行mmc
File=>Add/Remove Snap-in
Certifications=>
文件=>添加删除管理单员
Certifications=>Add=>Computer Account
选择 证书=>添加=>计算机帐户
Right click on certification: All Task=>Import
Select the certification. Example: Create a test certification use MakeCert suppose server name is “dev01”
Start=>Programs=>Microsoft visual studio 2008=>visual studio tools=>visual studio command prompt (Right click run as administrator)
Run makecert.exe -sr LocalMachine -ss MY -a sha1 -n CN= dev01 -sky exchange –pe
(open mmc to see the certification)
2.Grant read purview to NETWORK SERVICE use FindPrivatekey tool to find the private key file store location of the certification imported just now.
For example (FindPrivatekey.exe in C:\) Open command prompt with administrator
From the picture above we can see that the private key file is in
F:\ProgramData\MicroSoft\Crypto\RSA\MachineKeys\ 1817c10fb6f21ea57a247b8d31ee9a0e_b0b895a9-b6c9-4147-a32c-d3e1c1659fa5 Open this folder:
Right click =>Properties=>Security=>Edit=>Add=>Advanced=>Find Now=>
Select NETWORK SERVIE =>Ok=>Uncheck Read & Execute => Ok
Notice: You can run a command instead of this action:
In Server 2008: ICacls F:\ProgramData\MicroSoft\Crypto\RSA\MachineKeys\1817c10fb6f21ea57a247b8d 31ee9a0e_b0b895a9-b6c9-4147-a32c-d3e1c1659fa5 /grant "NETWORK SERVICE":(R,WDAC)
In Server 2003: cacls.exe "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\ RSA\MachineKeys\1817c10fb6f21ea57a247b8d\31ee9a0e_b0b895a9-b6c9-4147-a32c-d3e1c1659fa5 " /E /G "NETWORK SERVICE":R
3:Install
In Server 2003: cacls.exe "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\ RSA\MachineKeys\1817c10fb6f21ea57a247b8d\31ee9a0e_b0b895a9-b6c9-4147-a32c-d3e1c1659fa5 " /E /G "NETWORK SERVICE":R
3:Install Service In Windows service Run Command prompt with administrator: Go to the install directory of dotnet framework For Example: The service host application is in C:\PlexusChartService\PlexusChartServiceHost.exe Run InstallUtil “C:\PlexusChartService\PlexusChartServiceHost.exe”
Now.It is run in network service account. Notice: Do not double click the certification to import the certification, In that case ,the private key file will be in the login user(administrator)’s folder.
相关文章推荐
- [原创]WCF技术剖析之二十三:服务实例(Service Instance)生命周期如何控制[第1篇]
- [原创]WCF技术剖析之二十三:服务实例(Service Instance)生命周期如何控制[第2篇]
- Silverlight3(IIS部署)+WCF(Windows服务部署)最佳实践(原创)
- [原创]我的WCF之旅(5):面向服务架构(SOA)和面向对象编程(OOP)的结合——如何实现Service Contract的重载(Overloading)
- [原创]我的WCF之旅(7):面向服务架构(SOA)和面向对象编程(OOP)的结合——如何实现Service Contract的继承
- 如何把spring微服务部署为Windows Service并开机自动启动
- Windows Server Active Directory 证书服务(AD CS)安装与部署指南
- 除非Windows Activation Service (WAS)和万维网发布服务(W3SVC)均处于运行状态,否则无法启动网站。
- 除非 Windows Activation Service (WAS)和万维网发布服务(W3SVC)均处于运行状态,否则无法启动网站。IIS 7
- 在学习部署WCF如下:ServiceHost 指令中作为服务属性值提供的类型“Service.CalculatorService”。
- WCF技术剖析之二十四: ServiceDebugBehavior服务行为是如何实现异常的传播的?
- 除非Windows Activation Service (WAS)和万维网发布服务(W3SVC)均处于运行状态,否则无法启动网站
- 【原创】Windows服务管家婆之Service Control Manager
- 【JavaService】部署Java jar为Windows后台服务
- 阿里云证书服务如何配置部署
- 如何把JAVA程序做成Windows服务,并开机运行
- WCF技术剖析之二十三:服务实例(Service Instance)生命周期如何控制[中篇]
- 除非 Windows Activation Service (WAS)和万维网发布服务(W3SVC)均处于运行状态,否则无法启动网站。目前,这两项服务均处于停止状态。
- 如何在Windows下以服务的形式运行Nginx
- 【JavaService】部署Java jar为Windows后台服务