incubator-stonehenge-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Dewey <>
Subject RE: Authorize WCF Services scripts
Date Tue, 07 Jul 2009 16:36:19 GMT
I experienced the Certificate error as well, but I installed the certs as administrator, then
created the BenD account which received the errors.  I reinstalled the certs from the BenD
account and it worked.  I'm not sure if users would still receive this error if they only
used a single account.

I'll do some testing to see if I can get the scripts to grant keystore permissions as well.
 Either way, do you think we should keep this script? Of course, we'll have to supplement
the documentation a bit.

-Ben Dewey

-----Original Message-----
From: Scott Golightly [] 
Sent: Tuesday, July 07, 2009 11:44 AM
To: Stonehenge Development
Subject: RE: Authorize WCF Services scripts

This particular VM is Windows Server 2008 Enterprise (without Hyper-V) SP2. I downloaded the
latest version of the batch file and the errors removing the reservation as well as canceling
are fixed. I am now getting the certificate error for certificate '' that says
"The Certivicate '' must have a private key that is capable of key exchange. The
process must have access rights for the private key.". This is happening on the call to serviceHost.Open();
at line 95 in Trade.BusinessServiceConsole.BusinessService_ConsoleHost.BusinessServiceConsoleHost.

Since this still works as administrator I am guessing the script needs to grant rights to
the selected user (or everyone) to the key store. This is probably the ACL on the physical
file that stores the key. I created the user after installing the application so that might
have something to do with the permissions problem. 

I think there was an example of how to do this with the Woodgrove Bank sample application
(it might have been a different sample app) from Microsoft a while back. If I remember correctly
that sample used an application called FindCert to find the physical path to the certificate
and PowerShell to set the permissions. I don't see FindCert on my machine so is the workaround
to uninstall and reinstall the certificates?


Scott Golightly 
> From:
> To:
> Date: Tue, 7 Jul 2009 10:02:49 -0400
> Subject: RE: Authorize WCF Services scripts
> Scott,
> I just fixed the bug where quit was running delete. It seems that the order of the 'choice'
statement has an effect.
> As for the delete not actually working, I was unable to repro that. What version of windows
are you using?
> -Ben Dewey
> -----Original Message-----
> From: Scott Golightly [] 
> Sent: Tuesday, July 07, 2009 12:54 AM
> To: Stonehenge Development
> Subject: RE: Authorize WCF Services scripts
> Ben,
> The first time I ran the script I chose the option to cancel and it tried to remove the
reservations. It didn't seem to cause any problems just wasn't the behavior I expected.
> I tested the patch and before I ran your script I couldn't run the services. After running
the script it allows me to run from a prompt where I didn't specifically 'Run as administrator'
when starting the command prompt. So far so good. 
> When I remove the reservation it still allows me to run the services from a non-elevated
prompt so it appears that removing the reservation didn't work. I tried removing the reservation
again and got errors about not finding the file so it does something but seems incomplete
in the removing the reservation.
> Scott Golightly
> > From:
> > To:
> > Date: Mon, 6 Jul 2009 22:51:29 -0400
> > Subject: Authorize WCF Services scripts
> > 
> > I just made my first commit. It's a little script that I've had that adds a URL
reservation to your network configuration. This prevents users from having to run the RunServices.bat
file with elevated privileges (ie. Run As Administrator). If someone who is running the .NET
services can test this script it would be appreciated.
> > 
> > I've also added this script to the WIKI under
> > 
> >
> > 
> > and
> > 
> >
> > 
> > 
> > 
> > -Ben Dewey

View raw message