ASP.net permissions to root certificate store

Question

Is it possible to give asp.net read permission to the certificate store?

If yes , how?

If no... do I need to set the permission manually per certificate file

Answer 1

Generally you give permissions to A certificate. I use a method like this to find the custom made cert and grant permissions. If you are using a cert issued by a public entity like Verisign, Thawte, etc, this is probably unnecessary.

FindPrivateKey.exe My LocalMachine –n "CN=" 

...will find certificates on the local machine in the personal store for a particular issuer.

Note: If FindPrivateKey is not on your local machine, download the WCF samples, including the FindPrivateKey tool, at http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=21459

FindPrivateKey returns the location of the private key for the certificate, similar to

"C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\Machinekeys\4d657b73466481beba7b0e1b5781db81_c225a308-d2ad-4e58-91a8-6e87f354b030".

Run the following command line to assign read only access permissions to the process identity of the ASP.NET/WCF Service

cacls.exe "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\Machinekeys\4d657b73466481beba7b0e1b5781db81_c225a308-d2ad-4e58-91a8-6e87f354b030" /E /G "NT AUTHORITY\NETWORK SERVICE":R 

NOTE: If you are running Microsoft Windows® XP, give the certificate permissions for the ASPNET identity instead of the NT Authority\Network Service identity, because the IIS process runs under the ASPNET account in Windows XP.

Certificates are viewable from the MMC snap in for Certificates. Open MMC, choose File --> Add/Remove Snap in, click the add button and choose certificates. From here you will need to choose the appropriate store (usually Computer Account - Local Computer for ASP.NET items) to manage and then you can view/admin the certs.

Please take a good hard look at the different command line options, and make sure that you have a clear understanding of what certificates are and how they work before granting any permissions.