Although I have granted the current user corresponding permiss, on my client side, it still prompts me that the process doesn't have the right access rights for the certificate private key.

[YonglianQian]

Hi Product owner, I ran into a problem when I use a certificate to authenticate the client. On two virtual machines, I built a WCF application using certificates to authenticate each other based on message security. I created a WCF application on a vabqia593vm host, and hosted it on IIS, as shown in the above official example. I consume this WCF application in the console program by adding a service reference on the vabqia864vm host. The configuration file refers fully to the above official page configuration. Also, I used Powershell command New-selfsignedcertificate to create two self-signed certificates for each machine. New-SelfSignedCertificate -CertStoreLocation cert:\LocalMachine\My -DnsName "vabqia593vm" New-SelfSignedCertificate -CertStoreLocation cert:\LocalMachine\My -DnsName "vabqia864vm" -KeyUs age KeyEncipherment,DigitalSignature

On both certificates, I added some users to manage private key, such as Everyone, IIS_IUSRS,network service, in the certificate management interface(certlm.msc), but on the client side, the console application still prompted that the process might not have permission to access the certificate private key. Feel free to let me know if you need more details.

---

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: b00b30f3-a957-1073-1f86-37db1732b26f
• Version Independent ID: 76e7b7b4-058a-9668-ce02-c8811e3ba01d
• Content: Message Security with a Certificate Client
• Content Source: docs/framework/wcf/feature-details/message-security-with-a-certificate-client.md
• Product: dotnet-framework
• Technology: dotnet-wcf
• GitHub Login: @Lxiamail
• Microsoft Alias: wcfsrvt

[YonglianQian]

I didn’t solve the problem, the problem still exists. I closed the discussion since I have posted it on the WCF project. https://github.com/dotnet/wcf/issues/3567 I am the moderator of the WCF MSDN forum (Microsoft service vendor), I also answer some questions related WCF on StackOverflow, I got stuck on this question for a long time, please give me some advice on this.

[Lxiamail]

@yujayee can you help with this question? Please see more info at dotnet/wcf#3567

[jiayi11]

@YonglianQian Could you try to see if adding the following line in your web.config works? The target framework should be 4.6.2 or above.

  <system.web>
    <httpRuntime targetFramework="4.7"/>
  </system.web>

[YonglianQian]

@Lxiamail Thanks for your time and patience. @yujayee, It works, you are too tough. In addition, I found that I had to at least ensure the client target framework should be 4.6.2 or above, the server framework could be ignored. How would you know that?

[jiayi11]

Glad that helps. Certificates created by powershell cmdlet are CNG certificates which were not supported at the beginning. When we fix this issue to support CNG, we quirk the code change to make it default turned on for framework version 4.6.2 and above.

[jiayi11]

If there are no more questions to this issue, shall we close it?