[lnkForumImage]
TotalShareware - Download Free Software

Confronta i prezzi di migliaia di prodotti.
Asp Forum
 Home | Login | Register | Search 


 

v-lwang

8/19/2003 3:53:00 AM

Hi Simon,

In order for an application to use a certificate contained in the
collection it must have access rights to the this certificate. The mere
fact that an application adds a certificate to the collection does not
assure that it can access it. The application must have the same access
rights of the entity that issued the certificate.

The ASPNET account is a service account and it has not a user profile. So,
it may not have the access right to the certificate installed by the user.

Best regards,
Lewis

This posting is provided "AS IS" with no warranties, and confers no rights.


--------------------
| Content-Class: urn:content-classes:message
| From: "Simon Stockdale" <stockds2@hotmail.com>
| Sender: "Simon Stockdale" <stockds2@hotmail.com>
| References: <089801c3658c$ec84aa50$a401280a@phx.gbl>
| Subject: WebService access https page
| Date: Mon, 18 Aug 2003 08:10:43 -0700
| Lines: 72
| Message-ID: <094401c3659a$e491df80$a601280a@phx.gbl>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="iso-8859-1"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Thread-Index: AcNlmuSRVrdqrb3HQqq3P+IpVQwOgA==
| X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
| Newsgroups: microsoft.public.dotnet.framework.aspnet.webservices
| Path: cpmsftngxa06.phx.gbl
| Xref: cpmsftngxa06.phx.gbl
microsoft.public.dotnet.framework.aspnet.webservices:18861
| NNTP-Posting-Host: TK2MSFTNGXA14 10.40.1.166
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.webservices
|
|
| >-----Original Message-----
| >Hi,
| >
| >I have a webservice which points to a server which has no
| >http security. My code works no problem. I now need to
| >point to a replica of the first server which has SSL
| >enabled and I'm failing miserably. I have a .pfx
| >certificate which I can import into IE and access the
| >pages but when I try and use that cert (using some helper
| >classes to convert to X509) I cannot get it to work.
| >
| >I've read that it might be due to ASPNET privs but I've
| >set ASPNET user as an administrator (in desperation!) to
| >remove those limitations.
| >
| >Here's the code I'm using:
| >
| > Dim result As Boolean
| > Dim filetosend As String
| > Dim wr As HttpWebRequest
| > Dim reqStream As Stream
| > Dim resp As HttpWebResponse
| > Dim s As StreamReader
| > Dim poststr As String
| > Dim postdata() As Byte
| > wr = HttpWebRequest.Create
| ("http://10.213.32....)
| > Dim cert As Certificate
| > wr.Proxy = New WebProxy("132.146.156.42", 8089)
| >
| >
| > ' Load the client certificate from a file.
| > cert = Certificate.CreateFromPfxFile
| >("C:\borg\certificates\certificate.pfx", "fasttrack",
| >False)
| > wr.ClientCertificates.Add(cert.ToX509)
| > ' ServicePointManager.CertificatePolicy = New
| >CertPolicy
| >
| > resp = wr.GetResponse()
| > s = New StreamReader(resp.GetResponseStream())
| >
| > ' resp contains the result returned from the ASP
| >page we uploaded to.
| > ' we now need to parse this to check whether the
| >file was uploaded correctly
| > m_ServerResponseStr = s.ReadToEnd()
| > s.Close()
| >
| >The classes which do the pfx to X509 load and convert can
| >be downloaded from:
| >http://www.mentalis.org/soft/projects/seclib/do...
| >
| >Thanks,
| >
| >Simon
| >
| >.
| >
|
|
| Right, I got it working using code similar to above but
| using an exported .CER file. What confused me was even
| though I'm supplying the cert in the code the cert still
| had to be installed (using IE) for that particular user.
| Can you explain why? I like to know roughly what my code
| is doing and why.
|
| Thanks,
|
| Simon
|

1 Answer

simon Stockdale

8/20/2003 8:38:00 AM

0

Lewis,

I understand that a user should have access to a cert if
I'd specified a reference to the cert. But from what I can
see the content of the cert is supplied to the collection -
therefore what on earth is it doing going off into the
weeds looking for an installed cert. That's adding
installation complexity where none is needed.

Simon

>-----Original Message-----
>Hi Simon,
>
>In order for an application to use a certificate
contained in the
>collection it must have access rights to the this
certificate. The mere
>fact that an application adds a certificate to the
collection does not
>assure that it can access it. The application must have
the same access
>rights of the entity that issued the certificate.
>
>The ASPNET account is a service account and it has not a
user profile. So,
>it may not have the access right to the certificate
installed by the user.
>
>Best regards,
>Lewis
>
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>
>
>--------------------
>| Content-Class: urn:content-classes:message
>| From: "Simon Stockdale" <stockds2@hotmail.com>
>| Sender: "Simon Stockdale" <stockds2@hotmail.com>
>| References: <089801c3658c$ec84aa50$a401280a@phx.gbl>
>| Subject: WebService access https page
>| Date: Mon, 18 Aug 2003 08:10:43 -0700
>| Lines: 72
>| Message-ID: <094401c3659a$e491df80$a601280a@phx.gbl>
>| MIME-Version: 1.0
>| Content-Type: text/plain;
>| charset="iso-8859-1"
>| Content-Transfer-Encoding: 7bit
>| X-Newsreader: Microsoft CDO for Windows 2000
>| Thread-Index: AcNlmuSRVrdqrb3HQqq3P+IpVQwOgA==
>| X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
>| Newsgroups:
microsoft.public.dotnet.framework.aspnet.webservices
>| Path: cpmsftngxa06.phx.gbl
>| Xref: cpmsftngxa06.phx.gbl
>microsoft.public.dotnet.framework.aspnet.webservices:18861
>| NNTP-Posting-Host: TK2MSFTNGXA14 10.40.1.166
>| X-Tomcat-NG:
microsoft.public.dotnet.framework.aspnet.webservices
>|
>|
>| >-----Original Message-----
>| >Hi,
>| >
>| >I have a webservice which points to a server which has
no
>| >http security. My code works no problem. I now need to
>| >point to a replica of the first server which has SSL
>| >enabled and I'm failing miserably. I have a .pfx
>| >certificate which I can import into IE and access the
>| >pages but when I try and use that cert (using some
helper
>| >classes to convert to X509) I cannot get it to work.
>| >
>| >I've read that it might be due to ASPNET privs but
I've
>| >set ASPNET user as an administrator (in desperation!)
to
>| >remove those limitations.
>| >
>| >Here's the code I'm using:
>| >
>| > Dim result As Boolean
>| > Dim filetosend As String
>| > Dim wr As HttpWebRequest
>| > Dim reqStream As Stream
>| > Dim resp As HttpWebResponse
>| > Dim s As StreamReader
>| > Dim poststr As String
>| > Dim postdata() As Byte
>| > wr = HttpWebRequest.Create
>| ("http://10.213.32....)
>| > Dim cert As Certificate
>| > wr.Proxy = New WebProxy("132.146.156.42", 8089)
>| >
>| >
>| > ' Load the client certificate from a file.
>| > cert = Certificate.CreateFromPfxFile
>| >("C:\borg\certificates\certificate.pfx", "fasttrack",
>| >False)
>| > wr.ClientCertificates.Add(cert.ToX509)
>| > ' ServicePointManager.CertificatePolicy = New
>| >CertPolicy
>| >
>| > resp = wr.GetResponse()
>| > s = New StreamReader(resp.GetResponseStream())
>| >
>| > ' resp contains the result returned from the
ASP
>| >page we uploaded to.
>| > ' we now need to parse this to check whether
the
>| >file was uploaded correctly
>| > m_ServerResponseStr = s.ReadToEnd()
>| > s.Close()
>| >
>| >The classes which do the pfx to X509 load and convert
can
>| >be downloaded from:
>|
>http://www.mentalis.org/soft/projects/seclib/do...
>| >
>| >Thanks,
>| >
>| >Simon
>| >
>| >.
>| >
>|
>|
>| Right, I got it working using code similar to above but
>| using an exported .CER file. What confused me was even
>| though I'm supplying the cert in the code the cert
still
>| had to be installed (using IE) for that particular
user.
>| Can you explain why? I like to know roughly what my
code
>| is doing and why.
>|
>| Thanks,
>|
>| Simon
>|
>
>.
>