Windows 2008 R2 permissions for accessing certificate stores from IIS

Question

I'm creating web application what has to require client certificates for authentification. After it user have to sign some text by his private key and send it to server. When data was received I need to decrypt it using users open key what is already stored at server at "other people" certificate store. Also I need to check is this user's certificate in "not trusted store". Here is my c# code.

X509Store store = new X509Store(StoreName.My);
store.Open(OpenFlags.ReadOnly);
int Count = store.Certificates.Count;
foreach (X509Certificate2 mCert in store.Certificates)
{
    ClientName2 = mCert.Subject;
}

        store.Close();

But after I run it no certificates are found at personal store. But I see tham at certmgr.msc The similar situation is with other stores - some certificates can be accessed and some not. I think that windows 2008 r2 server permissions for ApplicationPoolIdentity do not alow to get public user's certificates. But I can be wrong... Can you tell me how can I check permissins for storages access from iis? Or maybe I need to use other approach?

24 Feb 2013 (edit): Yes, it seems that this issue is due to IIS permissions. If I run console application with the same code everything works. Does everybody know how to set read permissinos for certificate stores at windows 2008 r2?

Answer 1

Here is my solution what I found some days after post this question. There were several issues in my code but for this question I need to be attentive where certificates are added.

I added certificates at certmgr.msc and IE. And they was added automatically to user certificate store but IIS looks for certificates at computer certificate store! So when I ran console application from my current user application see users certificate. And IIS looks at other place. If you want your certificates be visible at IIS add them to local computer storage via mmc console.