I have a wcf service that is hosted on windows service and console host. and for some security reasons I'm using certificates.
certificate is installed on the client machine correctly. I use both console host (for Test) and windows service host. as I start my console host everything looks fine and my service works.
But, as I use windows service. when I want to start my service it poses an error and doesn't allow the service to run. the error is something that I already had fixed it. but, with no reason it has started to pop the same error.
Error message:
System.ArgumentException: It is likely that certificate 'CN=CertificateName' may not have a private key that is capable of key exchange or the process may not have access rights for the private key. Please see inner exception for detail. ---> System.Security.Cryptography.CryptographicException: Keyset does not exist
The thing is that this certificate works fine by console host application But, it its not working with windows service.
what should I do to use this certificate through windows service ?
thank to everyone who paid attention.
I managed to find the solution to this problem. In the service installer I had chosen the Network Service for the Log on account. So, what I needed to do was just give the appropriate permission to my certificate which in my case it was Network Service account.
You can assign right permission through below steps:
Open mmc -> Add/Remove snap-ins -> Certificate -> Add -> In my case Local Machine -> Folder where your certificate is -> Right click on certificate -> All Tasks -> Manage Private Keys -> and the rest of the permission assigning steps.
Edit: You should know that if you are using X509Certificate2 class to import your certificate to the store. If your situation is like that your windows service logs on as Network Service remember that this flag
X509KeyStorageFlags.MachineKeySet
should be set to allow the certificate private key accessible over the Network Service user.
I hope it help