Search code examples
.netiisx509certificateiis-express

IIS has no access to Certificate Store

IIS Exrepss vs IIS 10

I am not very familiar with IIS or Visual C#,

But recently i wanted to wrap a service controller within a .dll file in a web service that we can consume in our cloud app.

I wrote a short script to post the information on a Http WebAPi in C# and wrapped the function of the depending assembly in it.

Locally in my computer i can access the certificate store. Even when i run the app.exe or from IIS Express in localhost:5000 it works as web app can see the certificate keystore.

When i run it from the IIS 10 or from the server public ip it does not recognize the certificates.

The image is in the same localhost within the server. Running on IIS Express from webbapp.exe on the left and IIS10 on the right.

Any idea what is going wrong with IIS as per comparison with IIS Express locally? Can i do anything to fix it or should i find any other workaround.

Solution

  • As @LexLi suggested IIS is limited to the access of the KeyStore. The Configuration was running so that the dll was trying to access the 

    X509Store(StoreName.My, StoreLocation.CurrentUser);

    The problem was that ISS does not have access to that User for security purposes. After a few tweaks in the i changed to:

    X509Store(StoreName.Root, StoreLocation.LocalMachine);

    And in the IIS 10 "Application Pool" Under "Advances Settings" of my running application pool. I did the following

    Identity: LocalSystem
Load User Profile: True

    Everything seems to be working now.