[lnkForumImage]
TotalShareware - Download Free Software

Confronta i prezzi di migliaia di prodotti.
Asp Forum
 Home | Login | Register | Search 


 

Forums >

microsoft.public.dotnet.framework.aspnet.webservices

Re: Web Service Call Using Digital Certificates

bs

5/31/2004 4:05:00 AM

Hi Durgaprasad,

As the knowledge base article you referred to only relates to version 1.0 of
the .NET Framework I decided to upgrade my machine to 1.1. After upgrading
I attempted access the web service again however I still get the same error.
The certificate is installed under the impersonated ASP.NET user account and
is installed in the "Certificates(Local Computer)" store. I am assuming
this is what you mean by the "machine certificate store". Unfortunately
still no luck.
Is it possible that this bug is still present in 1.1 of the framework?
Also, I don't understand why the ASP.NET application doesn't throw an
exception when it unsuccessfully attempts to access the certificate store.

Thanks
Ben

"Durgaprasad Gorti[MSFT]" <dgorti@online.microsoft.com> wrote in message
news:eOVnhDQREHA.3300@tk2msftngp13.phx.gbl...
> If you are using 1.0 Version, there is a hotfix you could obtain through
the
> support services. Please see the following URL
> http://support.microsoft.com/default.aspx?scid=kb;en...
> After applying the fix the system then looks for the certificate in
> the machine store in addition to the ASP.NET User account certificate
store.
> One thing to make sure is that the ASP.NET account has access to the
> machine certificate store.
>
>
>
>
>
>
> "bs" <bens@no-spam-please.esd.nec.com.au> wrote in message
> news:1085718892.231756@proxy.nec.com.au...
> > Hi,
> > I tried posting this to the microsoft.public.dotnet.framework.aspnet
group
> > however I thought it might be more appropriate in this group.
> >
> > I am currently having a problem calling a web service that is secured
> using
> > a digital certificate. I set up a Windows application to make a call to
> the
> > service and it works fine. However when I make a call from my ASP.NET
> page
> > it fails with "System.Net.WebException: The request failed with HTTP
> status
> > 403: Forbidden". The code that I am using to make the call in both
> > instances is:
> > MyWebService myService = new MyWebService();
> >
> >
>
myService.ClientCertificates.Add(X509Certificate.CreateFromCertFile(@"C:\myC
> > ert.cer"));
> >
> > myService.HelloWorld();
> >
> > I think the problem may be related to permissions. The Windows
> application
> > runs using my account so I changed IIS to run as me as well. I have set
> > <identity impersonate="true"> in the web.config and I have checked using
> my
> > ASP.NET application that I am running under this account.
> >
> > The Root CA certificate is installed under the "Current User" and the
> "Local
> > Computer" certificate stores and the client certificate is installed in
> both
> > these stores as well.
> >
> > If anyone could help me solve this problem it would be great.
> >
> > Ben
> >
> >
> >
>
>


1 Answer

bs

6/4/2004 3:01:00 AM

0

I found the solution to this problem after escalating it to the Microsoft
Support Division. The problem was solved when I granted the ASPNET user
(Windows 2000) security privileges to the <drive>:\Documents and
Settings\ApplicationData\Microsoft\Crypto\RSA folder. I also discovered
that the certificate needs to be installed in the "Certificates (Local
Machine)\Personal\Certificates" store. You can access this store through
mmc, choose Console --> Add\Remove Snap-in --> Add --> Certificates -->
Computer Account --> Local Computer.

"Durgaprasad Gorti[MSFT]" <dgorti@online.microsoft.com> wrote in message
news:eOVnhDQREHA.3300@tk2msftngp13.phx.gbl...
> If you are using 1.0 Version, there is a hotfix you could obtain through
the
> support services. Please see the following URL
> http://support.microsoft.com/default.aspx?scid=kb;en...
> After applying the fix the system then looks for the certificate in
> the machine store in addition to the ASP.NET User account certificate
store.
> One thing to make sure is that the ASP.NET account has access to the
> machine certificate store.
>
>
>
>
>
>
> "bs" <bens@no-spam-please.esd.nec.com.au> wrote in message
> news:1085718892.231756@proxy.nec.com.au...
> > Hi,
> > I tried posting this to the microsoft.public.dotnet.framework.aspnet
group
> > however I thought it might be more appropriate in this group.
> >
> > I am currently having a problem calling a web service that is secured
> using
> > a digital certificate. I set up a Windows application to make a call to
> the
> > service and it works fine. However when I make a call from my ASP.NET
> page
> > it fails with "System.Net.WebException: The request failed with HTTP
> status
> > 403: Forbidden". The code that I am using to make the call in both
> > instances is:
> > MyWebService myService = new MyWebService();
> >
> >
>
myService.ClientCertificates.Add(X509Certificate.CreateFromCertFile(@"C:\myC
> > ert.cer"));
> >
> > myService.HelloWorld();
> >
> > I think the problem may be related to permissions. The Windows
> application
> > runs using my account so I changed IIS to run as me as well. I have set
> > <identity impersonate="true"> in the web.config and I have checked using
> my
> > ASP.NET application that I am running under this account.
> >
> > The Root CA certificate is installed under the "Current User" and the
> "Local
> > Computer" certificate stores and the client certificate is installed in
> both
> > these stores as well.
> >
> > If anyone could help me solve this problem it would be great.
> >
> > Ben
> >
> >
> >
>
>