Scenario 1 - copy of AutoParts application - why won't it work

Question

In an effort to better understand what's going on with the step by step guide, I am experimenting with AutoParts. I've got to the first part of scenario 1 where adamc can browse AutoParts. Before going to the next step to "modify the application for federation" (p35), I thought I would copy AutoParts and create an application called AutoPartsFed in the inetpub\wwroot\AutoPartsFed folder.

I've give it the same settings as AutoParts, but when logged on as contoso\administrator I cannot browse to it. I get the error below. What am I doing wrong? In particular, the IIS settings are the same - it's running under network service, windows authentication enabled etc.

Server Error in '/AutoPartsFed' Application.

 

Configuration Error

Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.

Parser Error Message: ID1024: The configuration property value is not valid.
PropertyName: serviceCertificate
Error: ID1039: The certificate's private key could not be accessed. Ensure the access control list (ACL) on the certificate's private key grants access to the application pool user.
Thumbprint: FAD205E951E2B278FF362E75932C9C52BBCEE8E6

Source Error:

Line 199: Line 200:  --> Line 201:  <microsoft.identityModel> Line 202:    <audienceUris> Line 203:      <add value="https://web1.contoso.com/AutoPartsFed/default.aspx/" />

Source File: C:\inetpub\wwwroot\AutoPartsFed\web.config Line: 201

 

Answer 1

You are running to a security issue with the account that the application is running under. By default the accounts used by IIS do not have access to the Certificate store. You will need to download the WinHttpCertCfg.exe application from Microsoft and give rights to the account. You can find information about WinHttpCertCfg.exe at http://msdn.microsoft.com/en-us/library/aa384088.aspx.

---

jlavin