当尝试通过基于TLS客户端证书的身份验证从Web应用程序(运行于IIS,使用.NET Framework 4.6.1在IIS上)发出https请求时,在加载客户端证书时出现以下错误:
System.Security.Cryptography.CryptographicException: The requested operation cannot be completed. The computer must be trusted for delegation and the current user account must be configured to allow delegation.
at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
at System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromFile(String fileName, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx)
at System.Security.Cryptography.X509Certificates.X509Utils.LoadCertFromFile(String fileName, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle pCertCtx)
at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromFile(String fileName, Object password, X509KeyStorageFlags keyStorageFlags)
at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password)
从文件加载和从字节数组加载时都会发生这种情况。我已经尝试将p12文件导入本地计算机证书中,并向运行该Web应用程序的应用程序池用户授予权限,但这不能解决问题。
服务器在Windows Server 2012 R2上运行,并使用活动目录进行用户管理。该Web应用程序正在内置的ApplicationPoolIdentity上运行。