Hi:

I've create the following certificate using makecert.exe version
5.131.2157.1 (Come with .Net SDK v.1.1)

makecert -cy authority -r -n "CN=Test Authority" -sr localmachine -ss
"Trust"
makecert -cy end -n "CN=Test Server" -sky exchange -sk "TestServer" -ss
"My" -sr localmachine -in "Test Authority" -ir localmachine -is "Trust"

And the certificate has been install into LocalComputer\Enterprise
Trust and LocalComputer\Personal store respectively.

I've export the "Test Server" certificate from LocalComputer\Personal
store and import it into CurrentUser\Other People store

I configure both my webservice and client application WSE 2.0 policy
file by:

1. Enable signature and encryption on both request and response message
2. Select user name token as client authentication token
3. Choose the X509 certificate from local machine-personal store (or
current user-other people store for client application)

When the WinForm client try to access the web service it raise the
SoapHeaderException: "Server unavailable, please try later -->
System.InvalidOperationException: Private Key is not available"

May be this is because the APS.Net account has no permission to access
the private key, so I use the WSE x.509 Certificate tool,
choose the "Test Server" certificate from Local Computer/Personal store
click the "View private key file properties".

My questions:

1. Why the properties dialog only show general tab, i don't know where
to grant the permission to ASP.net account
  (I already uncheck the "Use simple file sharing" in Window explorer
tools|FolderOptions)

2. Why the privatekey location is at "C:\Documents and Settings\My
login name" instead of "C:\Documents and Settings\All Users" ?

Both the Winform client and webservice is running on same WinXP Pro
machine and the disk is format as FAT32.

Please Help

Thanks
JCVoon