Hi!
I'm creating a web application which needs to enumerate certificates in CurrentUser's certificate store. Following is the code snippet I'm using:
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
try
{
// Open store. Fails with exception.
store.Open(OpenFlags.ReadOnly);
// Enumerate certificates
// and do some useful stuff here.
}
finally
{
store.Close();
}
It works flawlessly on Windows XP with IIS5. But under Windows Server 2008 and IIS7 I'm getting CryptographicException "Access is denied" at store.Open() call. With IIS5 it worked under generic ASPNET user account, with IIS7 under NetworkService (with Load User Profile set to True).
I tried to monitor filesystem activity with Procmon but it didn't show any "access denied" problems. Actually, it even didn't show any activity around MachineKeys folder name (where I suppose certificates should be stored).
I even tried to run it under LocalSystem account with no luck. And it fails with either OpenFlags.ReadOnly or OpenFlags.ReadWrite.
What kind of permissions it may refer to? If it is file access permissions then where certificates for NetworkService are stored? If it is some kind of other permissions how can I check them?
Thanx in advance.