Monday, December 15, 2008 8:41 AMIn an effort to better understand what's going on with the step by step guide, I am experimenting with AutoParts. I've got to the first part of scenario 1 where adamc can browse AutoParts. Before going to the next step to "modify the application for federation" (p35), I thought I would copy AutoParts and create an application called AutoPartsFed in the inetpub\wwroot\AutoPartsFed folder.
I've give it the same settings as AutoParts, but when logged on as contoso\administrator I cannot browse to it. I get the error below. What am I doing wrong? In particular, the IIS settings are the same - it's running under network service, windows authentication enabled etc.
Server Error in '/AutoPartsFed' Application.
Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.
Parser Error Message: ID1024: The configuration property value is not valid.
Error: ID1039: The certificate's private key could not be accessed. Ensure the access control list (ACL) on the certificate's private key grants access to the application pool user.
Line 200: -->
Line 201: <microsoft.identityModel>
Line 202: <audienceUris>
Line 203: <add value="https://web1.contoso.com/AutoPartsFed/default.aspx/" />
Source File: C:\inetpub\wwwroot\AutoPartsFed\web.config Line: 201
Monday, December 15, 2008 5:03 PMYou are running to a security issue with the account that the application is running under. By default the accounts used by IIS do not have access to the Certificate store. You will need to download the WinHttpCertCfg.exe application from Microsoft and give rights to the account. You can find information about WinHttpCertCfg.exe at http://msdn.microsoft.com/en-us/library/aa384088.aspx.
- Marked As Answer by Marc GoodnerMicrosoft Employee, Owner Monday, April 13, 2009 6:12 PM