证书存储访问被拒绝

时间:2012-11-23 05:06:01

标签: azure azure-web-sites

我收到一个System.Security.Cryptography.CryptographicException访问被拒绝。在尝试创建媒体服务任务或工作时。该应用程序正在一个蔚蓝的网站实例上运行。一切都在当地工作。看起来应用程序无法写入证书存储区。我已经尝试将应用程序的信任级别提升到完全没有效果。

    System.Security.Cryptography.CryptographicException: Access is denied.

   at System.Security.Cryptography.X509Certificates.X509Store.Open(OpenFlags flags)
   at Microsoft.WindowsAzure.MediaServices.Client.EncryptionUtils.SaveCertificateToStore(X509Certificate2 certToStore)
   at Microsoft.WindowsAzure.MediaServices.Client.BaseContentKeyCollection.GetCertificateForProtectionKeyId(DataServiceContext dataContext, String protectionKeyId)
   at Microsoft.WindowsAzure.MediaServices.Client.BaseContentKeyCollection.GetCertificateToEncryptContentKey(DataServiceContext dataContext, ContentKeyType contentKeyType)
   at Microsoft.WindowsAzure.MediaServices.Client.JobData.ProtectTaskConfiguration(TaskData taskData, X509Certificate2& certToUse)
   at Microsoft.WindowsAzure.MediaServices.Client.JobData.Submit()
   at MediaServices.Encoding.Encode_video_h264(IAsset asset)
   at Business.Background_tasks.Kickoff_encoding(IAsset asset, Guid id)
   at Routing.Controllers.BlobsController.UploadBlock(Int32 id)
   at lambda_method(Closure , ControllerBase , Object[] )
   at System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters)
   at System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters)
   at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters)
   at System.Web.Mvc.ControllerActionInvoker.<>c__DisplayClass15.<InvokeActionMethodWithFilters>b__12()
   at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilter filter, ActionExecutingContext preContext, Func`1 continuation)
   at System.Web.Mvc.ControllerActionInvoker.<>c__DisplayClass15.<>c__DisplayClass17.<InvokeActionMethodWithFilters>b__14()
   at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodWithFilters(ControllerContext controllerContext, IList`1 filters, ActionDescriptor actionDescriptor, IDictionary`2 parameters)
   at System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName)
   at System.Web.Mvc.Controller.ExecuteCore()
   at System.Web.Mvc.ControllerBase.Execute(RequestContext requestContext)
   at System.Web.Mvc.ControllerBase.System.Web.Mvc.IController.Execute(RequestContext requestContext)
   at System.Web.Mvc.MvcHandler.<>c__DisplayClass6.<>c__DisplayClassb.<BeginProcessRequest>b__5()
   at System.Web.Mvc.Async.AsyncResultWrapper.<>c__DisplayClass1.<MakeVoidDelegate>b__0()
   at System.Web.Mvc.Async.AsyncResultWrapper.<>c__DisplayClass8`1.<BeginSynchronous>b__7(IAsyncResult _)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult`1.End()
   at System.Web.Mvc.MvcHandler.<>c__DisplayClasse.<EndProcessRequest>b__d()
   at System.Web.Mvc.SecurityUtil.<GetCallInAppTrustThunk>b__0(Action f)
   at System.Web.Mvc.SecurityUtil.ProcessInApplicationTrust(Action action)
   at System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult)
   at System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAsyncResult result)
   at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

修改 我已将应用程序移动到VM并仍然收到相同的异常

修改 在此处找到最终解决方案http://social.msdn.microsoft.com/Forums/en-US/wcf/thread/67216e79-c259-4685-95d0-3a09bab5c0c5/

在IIS7上运行时 - 您可以指定加载应用程序池的用户配置文件。这使您可以访问应用程序池帐户的每用户存储。

1 个答案:

答案 0 :(得分:1)

这是您对Windows Azure网站的期望。您与其他网站一起在共享环境中运行,出于安​​全考虑,您可以做很多事情。

如果要完全控制托管Web应用程序的计算机(例如完全访问证书存储区,在注册表中进行更改,...),则应将应用程序部署到Web角色。