2014-03-10 22:56:49 UTC
I wrote an API that encrypts a string and decrypts across a client - server architecture. This work's perfectly fine for destok based applications.
When a Asp.net web service tries to encrypt the same string under a IUSR_ account, i get ERROR_ACCESS_DENIED (0x8007005) for CertOpenStore.
hXchngCertStoreCtxt = CertOpenStore(CERT_STORE_PROV_SYSTEM,
IUSR_ require's both read and write access permissions to the Other people's certificate store because, it retrieves server's public key certificate from a trusted network share and installs it to the ADDRESSBOOK/Other people's certificate store.
So i cannot open my certificate store with only read access.
And i cannot give administrator rights to my IUSR_ account either.
Is there any approach that i can follow to resolve this issue?
Will i be able to modify permissions for IUSR_ to grant write access?
I cannot understand why permission's is restricted for Other people store. As the name suggests its other people store right?