When use WIF create STS: The certificate's private k

The certificate's private key could not be accessed. Ensure the access control list (ACL) on the certificate's private key grants access to the application pool user. Make sure you know under which account your web app is running (do a Res

The certificate's private key could not be accessed. Ensure the access control list (ACL) on the certificate's private key grants access to the application pool user.

Make sure you know under which account your web app is running (do a Response.Write(WindowsIdentity.GetCurrent().Name to find out).This account needs read access to the private key file. I got a security error on the application site due to my certificates being inaccessible by IIS user, something along the lines of ID1039: The certificate’s private key could not be accessed. Ensure the access control list (ACL) on the certificate’s private key grants access to the application pool user.  I found a solution to that problem on the web.  Basically, you have to give READ permission to the group IIS_IUSRS to the files located at%ALLUSERSPROFILE%\Microsoft\Crypto\RSA\MachineKeys.