This seems to be one of the top problem areas for people working with WSE, particularly at the server. The best way to get things right is to use the X.509 Certificate tool that is part of the WSE 2.0 Tech Preview. This tool allows you to select the certificate that you want to use and then set the appropriate access permissions on it's private key file.
For IIS/ASP.NET on either Windows 2000 or Windows XP, you need to grant the ASPNET user read permissions to the key. For IIS on Windows Server 2003, assuming the default setup, you need to give NetworkService read permission. If you are running your web services on Windows Server 2003 in a separate application pool with a specific identity, use that identity instead of NetworkService.
If you're still working with WSE 1.0SP1 that's OK - the WSE 2.0 Tech Preview will install side-by-side with 1.0SP1 and you can use the tool. Just watch out for Visual Studio switching your references to the 2.0 version of Microsoft.Web.Services.dll.
Posted by herveyw at October 30, 2003 12:00 AMYou are a life saver!!! Just bookmarked your sites and keep on reading. Thank you so much.
Posted by: Bing Zhang at December 15, 2003 08:14 AM