I posted days ago about access control to web service (Access control to web service). In short, I have an ASP.NET web service deployed on //service/webserviceand I want my ASP.NET web application (app1) on the //web1to access the web service with certificate authentication. I keep getting System.Net.WebException: The request failed with HTTP status 403: Forbiddenexception. The following is my setup:

我几天前发布了关于对 Web 服务的访问控制（对 Web 服务的访问控制）。简而言之，我在//service/webservice上部署了一个 ASP.NET web 服务，我希望//web1上的 ASP.NET web 应用程序 (app1)使用证书身份验证访问 web 服务。我不断收到System.Net.WebException: The request failed with HTTP status 403: Forbiddenexception。以下是我的设置：

On certificate export;

关于证书出口；

• I exported a server certificate issued to //servicefrom LocalMachine store and saved it as service.cer.
• I also exported a client certificate issued to //web1from LocalMachine store and saved it as web1.cer

• 我从 LocalMachine 存储导出颁发给//service的服务器证书并将其保存为 service.cer。
• 我还导出了从 LocalMachine 商店颁发给//web1的客户端证书并将其保存为 web1.cer

Setup on //service/webservice:

在//service/webservice 上设置：

• On Directory Security, unchecked Anonymous Access and all Authentication Access (Integrated Windows Access, Digest Authentication and Basic Authentication).
• On Secure communications, checked Required secure channel(SSL), Require 128-bit encyption, Require client certificate, and Enable client certificate mapping. I then mapped web1.cer to an AD account MyDomain/userwhich has access right to //service/webservice
• For //service/webservice/WebService.asmx, set <authentication mode="Windows" />on web.config

• 在目录安全上，取消选中匿名访问和所有身份验证访问（集成 Windows 访问、摘要式身份验证和基本身份验证）。
• 在安全通信上，选中必需的安全通道 (SSL)、需要 128 位加密、需要客户端证书和启用客户端证书映射。然后我将 web1.cer 映射到一个 AD 帐户MyDomain/user，它有权访问//service/webservice
• 对于//service/webservice/WebService.asmx，<authentication mode="Windows" />在 web.config 上设置

Setup on //web1/app1

在//web1/app1 上设置

• Set <authentication mode="Windows" />and <identity impersonate="true" />on web.config
• In VS2008, I added the web reference to //service/webservice/WebService.asmxand named it WService
• In //web1/app1/default.aspx.cs, I had this:

• 在 web.config 上设置<authentication mode="Windows" />和<identity impersonate="true" />
• 在 VS2008 中，我将 web 引用添加到//service/webservice/WebService.asmx并将其命名为 WService
• 在//web1/app1/default.aspx.cs 中，我有这个：

using System.Security.Cryptography.X509Certificates;
    using System.Net;
        WService.WebService ws = new WService.WebService();
        ServicePointManager.ServerCertificateValidationCallback = delegate(Object sender1, X509Certificate cert, X509Chain chain, System.Net.Security.SslPolicyErrors errors) { return true; };
//I was a bit confused here on which certificate I should use so I have tried both service.cer and web1.cer but still got the same error
        X509Certificate x509 = X509Certificate.CreateFromCertFile(@"C:\Certificates\service.cer"); 
        ws.ClientCertificates.Add(x509);
        ws.DoSomething();

• I ran WinHttpCertCfg.exe to grant access to both certificates in LocalMachine for ASPNET account

• 我运行 WinHttpCertCfg.exe 以授予对 ASPNET 帐户的 LocalMachine 中的两个证书的访问权限

I went to https://service/webservice/WebService.asmxand was prompted to provide a client certificate and after that I was through. But if I went to https://web1/app1/default.aspx(which would call the web service) and I would get the HTTP status 403 exception.

我去了https://service/webservice/WebService.asmx并被提示提供客户端证书，然后我就通过了。但是如果我去https://web1/app1/default.aspx（它会调用 web 服务），我会得到 HTTP 状态 403 异常。

What did I miss? I would assume the problem is because //web1/app1/default.aspx.csfailed to transmit the certificate across. If that's the problem, how do I do that? I built both the asmx and aspx on VS 2008 and ASP.NET 3.5.

我错过了什么？我认为问题是因为//web1/app1/default.aspx.cs无法传输证书。如果这是问题，我该怎么做？我在 VS 2008 和 ASP.NET 3.5 上构建了 asmx 和 aspx。