| Groups | Blog | Home |
asp.net security : ASP.Net using a Client Certificate on IIS 6.0
certificate to communicate to a third party. Now, in Win2K, to install the Class 1 Client Certificate, you have to log in as the ASPNET user (or what ever user the aspnet_wp runs as), and install the certificate for that user. In Win2003 (IIS 6.0), I have followed the same process and it does not work. I have not been able to find documentation on this. Any tips out there? Although my question does not refer to any code, here is a sample to give a better picture of what the ASP.Net app is doing. Dim oRequest As HttpWebRequest Dim oResponse As HttpWebResponse Dim oClientCert As System.Security.Cryptography.X509Certificates.X509Certificate Dim POSTBuffer() As Byte Dim DataStream As System.IO.Stream Dim sr As System.IO.StreamReader Dim OutputString As String POSTBuffer = System.Text.Encoding.UTF8.GetBytes("DataToSend") oClientCert = New X509Certificate(X509Certificate.CreateFromCertFile(ApplicationConfig.CertificatePath)) oRequest = HttpWebRequest.Create("http://ThirdPartyURL") oRequest.Credentials = CredentialCache.DefaultCredentials oRequest.ClientCertificates.Add(oClientCert) oRequest.Method = POST oRequest.ContentType = "application/x-www-form-urlencoded" Try DataStream = oRequest.GetRequestStream() DataStream.Write(POSTBuffer, 0, POSTBuffer.Length) DataStream.Close() '* * * * * * * * * * * * * * * * * * * * * * * * * * '* Code fails here due to a 403.1 error oResponse = CType(oRequest.GetResponse, HttpWebResponse) sr = New System.IO.StreamReader(oResponse.GetResponseStream()) OutputString = sr.ReadToEnd sr.Close() catch ex Exception '(more boring code) ... Thanks,
I'm not sure what did not work, but in Win2003 you should sign in as a local
admin to install certificates. Are you just encrypting requests, or, are you also decrypting responses? If it is the former then you should be good to go. If it is the latter then you may need to grant the ASPNET account permission to access the private key. Simon Horrell has an article that clearly shows you how to do this. (His article relates to WSE but the same principle applies to what you need to accomplish): http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwse/html/wse2wspolicy.asp Good luck, Jeffrey Hasan, MCSD President, Bluestone Partners, Inc. ----------------------------------------------- Author of: Expert SOA in C# Using WSE 2.0 (APress, 2004) http://www.bluestonepartners.com/soa.aspx [quoted text, click to view] "CatpWilco" <captwilco2002@yahoo.com> wrote in message X509Certificate(X509Certificate.CreateFromCertFile(ApplicationConfig.Certifinews:b5611c77.0408031359.1386ddeb@posting.google.com... > I have an ASP.Net application application that uses a client > certificate to communicate to a third party. > > Now, in Win2K, to install the Class 1 Client Certificate, you have to > log in as the ASPNET user (or what ever user the aspnet_wp runs as), > and install the certificate for that user. > > In Win2003 (IIS 6.0), I have followed the same process and it does not > work. I have not been able to find documentation on this. Any tips > out there? > > > Although my question does not refer to any code, here is a sample to > give a better picture of what the ASP.Net app is doing. > > Dim oRequest As HttpWebRequest > Dim oResponse As HttpWebResponse > Dim oClientCert As > System.Security.Cryptography.X509Certificates.X509Certificate > Dim POSTBuffer() As Byte > Dim DataStream As System.IO.Stream > Dim sr As System.IO.StreamReader > Dim OutputString As String > > POSTBuffer = > System.Text.Encoding.UTF8.GetBytes("DataToSend") > > oClientCert = New > catePath)) [quoted text, click to view] > > oRequest = HttpWebRequest.Create("http://ThirdPartyURL") > oRequest.Credentials = CredentialCache.DefaultCredentials > oRequest.ClientCertificates.Add(oClientCert) > oRequest.Method = POST > oRequest.ContentType = "application/x-www-form-urlencoded" > > Try > > DataStream = oRequest.GetRequestStream() > DataStream.Write(POSTBuffer, 0, POSTBuffer.Length) > DataStream.Close() > > '* * * * * * * * * * * * * * * * * * * * * * * * * * > '* Code fails here due to a 403.1 error > oResponse = CType(oRequest.GetResponse, > HttpWebResponse) > sr = New > System.IO.StreamReader(oResponse.GetResponseStream()) > OutputString = sr.ReadToEnd > sr.Close() > catch ex Exception > '(more boring code) ... > > > Thanks, > R. Wilco
Thank you Jeffrey.
The link you provided is very informative but does not go in the right direction for this issue. It did help me come accross some other links that helped. I did make some progress. By changing the Identity for the Application Pool ( http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconidentityapplicationpoolsettings.asp ) to use the ASPNet account and logging onto the machine as the ASPNet user, the web app worked. When I reboot the machine, the web app does not work. So, this leads to the following: When the ASPNET user account logs in, the credentials (which includes the client certificate installed for the ASPNET account) are loaded and remain in memory for a while (or until reboot). I am still stumped on getting the ASPNET credentials loaded without logging into the machine as the ASPNET user. I am still looking for some help on this one. Any ideas? I could write a windows service to run as ASPNET and to startup automatically, but there must be a better way. I think I am missing something where I set the Identity for the Application Pool (or maybe not). (General statement: If the root of the problem is not clear, let me know and I can clarify the scenario) Thanks, RW [quoted text, click to view] "Jeffrey Hasan" <jeff@noreply.com> wrote in message news:<e9hQUeaeEHA.3792@TK2MSFTNGP09.phx.gbl>...
> I'm not sure what did not work, but in Win2003 you should sign in as a local > admin to install certificates. Are you just encrypting requests, or, are you > also decrypting responses? If it is the former then you should be good to > go. If it is the latter then you may need to grant the ASPNET account > permission to access the private key. Simon Horrell has an article that > clearly shows you how to do this. (His article relates to WSE but the same > principle applies to what you need to accomplish): > > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwse/html/wse2wspolicy.asp > > Good luck, > > Jeffrey Hasan, MCSD > President, Bluestone Partners, Inc. > ----------------------------------------------- > Author of: Expert SOA in C# Using WSE 2.0 (APress, 2004) > http://www.bluestonepartners.com/soa.aspx > > "CatpWilco" <captwilco2002@yahoo.com> wrote in message > news:b5611c77.0408031359.1386ddeb@posting.google.com... > > I have an ASP.Net application application that uses a client > > certificate to communicate to a third party. > > > > Now, in Win2K, to install the Class 1 Client Certificate, you have to > > log in as the ASPNET user (or what ever user the aspnet_wp runs as), > > and install the certificate for that user. > > > > In Win2003 (IIS 6.0), I have followed the same process and it does not > > work. I have not been able to find documentation on this. Any tips > > out there? > > > > > > Although my question does not refer to any code, here is a sample to > > give a better picture of what the ASP.Net app is doing. > > > > Dim oRequest As HttpWebRequest > > Dim oResponse As HttpWebResponse > > Dim oClientCert As > > System.Security.Cryptography.X509Certificates.X509Certificate > > Dim POSTBuffer() As Byte > > Dim DataStream As System.IO.Stream > > Dim sr As System.IO.StreamReader > > Dim OutputString As String > > > > POSTBuffer = > > System.Text.Encoding.UTF8.GetBytes("DataToSend") > > > > oClientCert = New > > > X509Certificate(X509Certificate.CreateFromCertFile(ApplicationConfig.Certifi > catePath)) > > > > oRequest = HttpWebRequest.Create("http://ThirdPartyURL") > > oRequest.Credentials = CredentialCache.DefaultCredentials > > oRequest.ClientCertificates.Add(oClientCert) > > oRequest.Method = POST > > oRequest.ContentType = "application/x-www-form-urlencoded" > > > > Try > > > > DataStream = oRequest.GetRequestStream() > > DataStream.Write(POSTBuffer, 0, POSTBuffer.Length) > > DataStream.Close() > > > > '* * * * * * * * * * * * * * * * * * * * * * * * * * > > '* Code fails here due to a 403.1 error > > oResponse = CType(oRequest.GetResponse, > > HttpWebResponse) > > sr = New > > System.IO.StreamReader(oResponse.GetResponseStream()) > > OutputString = sr.ReadToEnd > > sr.Close() > > catch ex Exception > > '(more boring code) ... > > > > > > Thanks,
Don't see what you're looking for? Try a search.
|
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |