您的位置:首页 > 其它

如何让带证书的WCF服务 部署在以network service 帐户运行的Windows Service中 原创

2009-06-28 10:54 741 查看
主要问题:
授权Network Service 帐户访问证书文件.
Install Service
安装WCF 服务
1.Import a server certification:

导入证书



Start=>Run mmc
开始=>运行mmc



File=>Add/Remove Snap-in
Certifications=>
文件=>添加删除管理单员



Certifications=>Add=>Computer Account
选择 证书=>添加=>计算机帐户



Right click on certification: All Task=>Import
Select the certification. Example: Create a test certification use MakeCert suppose server name is “dev01”
Start=>Programs=>Microsoft visual studio 2008=>visual studio tools=>visual studio command prompt (Right click run as administrator)
Run makecert.exe -sr LocalMachine -ss MY -a sha1 -n CN= dev01 -sky exchange –pe
(open mmc to see the certification)
2.Grant read purview to NETWORK SERVICE use FindPrivatekey tool to find the private key file store location of the certification imported just now.
For example (FindPrivatekey.exe in C:\) Open command prompt with administrator



From the picture above we can see that the private key file is in
F:\ProgramData\MicroSoft\Crypto\RSA\MachineKeys\ 1817c10fb6f21ea57a247b8d31ee9a0e_b0b895a9-b6c9-4147-a32c-d3e1c1659fa5 Open this folder:



Right click =>Properties=>Security=>Edit=>Add=>Advanced=>Find Now=>
Select NETWORK SERVIE =>Ok=>Uncheck Read & Execute => Ok



Notice: You can run a command instead of this action:
In Server 2008: ICacls F:\ProgramData\MicroSoft\Crypto\RSA\MachineKeys\1817c10fb6f21ea57a247b8d 31ee9a0e_b0b895a9-b6c9-4147-a32c-d3e1c1659fa5 /grant "NETWORK SERVICE":(R,WDAC)
In Server 2003: cacls.exe "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\ RSA\MachineKeys\1817c10fb6f21ea57a247b8d\31ee9a0e_b0b895a9-b6c9-4147-a32c-d3e1c1659fa5 " /E /G "NETWORK SERVICE":R
3:Install



In Server 2003: cacls.exe "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\ RSA\MachineKeys\1817c10fb6f21ea57a247b8d\31ee9a0e_b0b895a9-b6c9-4147-a32c-d3e1c1659fa5 " /E /G "NETWORK SERVICE":R



3:Install Service In Windows service Run Command prompt with administrator: Go to the install directory of dotnet framework For Example: The service host application is in C:\PlexusChartService\PlexusChartServiceHost.exe Run InstallUtil “C:\PlexusChartService\PlexusChartServiceHost.exe”



Now.It is run in network service account. Notice: Do not double click the certification to import the certification, In that case ,the private key file will be in the login user(administrator)’s folder.
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签: 
相关文章推荐