HttpWebRequest Client Certificate not working in IIS

I'm trying to create a WCF application hosted in IIS. This WCF App will call a third party website to download a CSV file. Third party website has provided a certificate to authenticate the WCF call. My development environment is,

-OS: Windows 2008R2 -Tools: Visual Studio 2010 (.Net 4.x)

During development I've no problem to make the calls using a HttpWebRequest, but after I deploy the same thing in IIS, it gives me the following error, even if I run the Visual Studio 2010 using IIS as dev server,

"\r\nCertificate information doesn't match login, connection denied."

The certificate during installation requires a password. I've installed it in "My User account" and "Computer account". It is also installed in IE. In all the installation it is installed in "Trusted Root Certification Authorities". But, still I'm getting the error message. I've given my code snippet below,

        X509Certificate2 xc = new X509Certificate2(CertPath, GetCertificatePassword());

        HttpWebRequest wc = (HttpWebRequest)WebRequest.Create(QryUrl);
        wc.ClientCertificates.Add(xc);
 开发者_如何学C       Stream str = wc.GetResponse().GetResponseStream();

If someone can provide me any information, would be nice, thanks again,

This is just a guess: check that the user account that IIS runs under has access to the private key associated with the certificate.

If you use the MMC Certificates snap-in, select the certificate and then right-click -> All Tasks -> Manage Private Keys, and from there if you don't see the user account of IIS listed, you can add it there by clicking Add, and then in the dialog that comes up if for example you run IIS as Network Service, type "network service" (with the space) and click Check Names and then when you are back to Manage Private Keys you can set the security access.

I believe you only need to allow Read access to use the private key for a TLS connection.

You can set the access to the private key whether installed in Local Computer or Current User, but IIS won't have access to your Current User unless it runs as your user account.

Also, if it is a client certificate with a private key it almost certainly should go in the Personal store, and not in Trusted Root Certification Authorities. So try Local Computer, Personal, and give access to the private key to the account that IIS (or the application) runs under.