C#调用C++写的dll在iis下无法运行
0
悬赏园豆:100
[已关闭问题]
关闭于 2009-08-07 13:39
dll中有一个使用Rsa验证签名的方法, 用vs2005自带的server调试没有问题,能够正确验签,但发布到iis上死活不行, dll已经给了network service权限,不知道什么原因.
另外,dll放在了system32下, 哪位解决过这种问题, 先谢了!
问题补充:
dll中的方法返回true或false, 但是一直返回false, 运行过程中并没有出错,使用权用dbgview跟踪,确定是dll中调用advapi.dll的CryptAcquireContext方法出现了问题,刚在web.config中加入了模拟认证, 在本地没问题,发布上去还是有问题.
所有回答(3)
0
怎么个不行?
0
本地和服务器都是WINdows 2003 OR WINdows2008 ?如果不一致,一定是开发的环境中有的东西服务器上没有
确认一下你dll需要引用(或依赖)的程序集是否有问题,用Dependt 工具查看,如果引用没有问题;
很可能用户IIS的权限问题,授权一下IUser 看是否可以解决。
0
我用google 搜了一下,这个问题很可能是你的C++写的DLL 中CryptAcquireContext 调用时没有指定Flag 为 CRYPT_MACHINE_KEYSET.
参考下面两篇
http://www.mombu.com/microsoft/iis-general/t-iis-authentication-and-cryptacquirecontext-407186.html
http://www.issociate.de/board/goto/805682/CryptAcquireContext_fails_in_ISAPI_application.html
下面是 MSDN 中关于 CRYPT_MACHINE_KEYSET 的解释
By default, keys and key containers are stored as user keys. For Base Providers, this means that user key containers are stored in the user's profile. A key container created without this flag by an administrator can be accessed only by the user creating the key container and a user with administration privileges.
Windows XP: A key container created without this flag by an administrator can be accessed only by the user creating the key container and the local system account.
A key container created without this flag by a user that is not an administrator can be accessed only by the user creating the key container and the local system account.
The CRYPT_MACHINE_KEYSET flag can be combined with all of the other flags to indicate that the key container of interest is a computer key container and the CSP treats it as such. For Base Providers, this means that the keys are stored locally on the computer that created the key container. If a key container is to be a computer container, the CRYPT_MACHINE_KEYSET flag must be used with all calls to CryptAcquireContext that reference the computer container. The key container created with CRYPT_MACHINE_KEYSET by an administrator can be accessed only by its creator and by a user with administrator privileges unless access rights to the container are granted using CryptSetProvParam.
Windows XP: The key container created with CRYPT_MACHINE_KEYSET by an administrator can be accessed only by its creator and by the local system account unless access rights to the container are granted using CryptSetProvParam.
The key container created with CRYPT_MACHINE_KEYSET by a user that is not an administrator can be accessed only by its creator and by the local system account unless access rights to the container are granted using CryptSetProvParam.
The CRYPT_MACHINE_KEYSET flag is useful when the user is accessing from a service or user account that did not log on interactively. When key containers are created, most CSPs do not automatically create any public/private key pairs. These keys must be created as a separate step with the CryptGenKey function.
