Ask a Question related to ASP.NET Security, Design and Development.
-
CatpWilco #1
ASP.Net using a Client Certificate on IIS 6.0
I have an ASP.Net application application that uses a client
certificate to communicate to a third party.
Now, in Win2K, to install the Class 1 Client Certificate, you have to
log in as the ASPNET user (or what ever user the aspnet_wp runs as),
and install the certificate for that user.
In Win2003 (IIS 6.0), I have followed the same process and it does not
work. I have not been able to find documentation on this. Any tips
out there?
Although my question does not refer to any code, here is a sample to
give a better picture of what the ASP.Net app is doing.
Dim oRequest As HttpWebRequest
Dim oResponse As HttpWebResponse
Dim oClientCert As
System.Security.Cryptography.X509Certificates.X509 Certificate
Dim POSTBuffer() As Byte
Dim DataStream As System.IO.Stream
Dim sr As System.IO.StreamReader
Dim OutputString As String
POSTBuffer =
System.Text.Encoding.UTF8.GetBytes("DataToSend")
oClientCert = New
X509Certificate(X509Certificate.CreateFromCertFile (ApplicationConfig.CertificatePath))
oRequest = HttpWebRequest.Create("http://ThirdPartyURL")
oRequest.Credentials = CredentialCache.DefaultCredentials
oRequest.ClientCertificates.Add(oClientCert)
oRequest.Method = POST
oRequest.ContentType = "application/x-www-form-urlencoded"
Try
DataStream = oRequest.GetRequestStream()
DataStream.Write(POSTBuffer, 0, POSTBuffer.Length)
DataStream.Close()
'* * * * * * * * * * * * * * * * * * * * * * * * * *
'* Code fails here due to a 403.1 error
oResponse = CType(oRequest.GetResponse,
HttpWebResponse)
sr = New
System.IO.StreamReader(oResponse.GetResponseStream ())
OutputString = sr.ReadToEnd
sr.Close()
catch ex Exception
'(more boring code) ...
Thanks,
R. Wilco
CatpWilco Guest
-
How to determine which certificate that client uses?
Hello, I have a Web Server which uses Certificate Authority(CA) and SSL. One computer with client certificate can browse web pages of this web... -
Client Side Certificate
Hi, Regarding Microsoft Knowledge Base Article : 315588, We have 60 clients for our ASP.NET application. Do we need to buy an SSL Key from... -
Programmatically Asking for Client Certificate
Hello All, I have written a web service. I've added the following code to the global.asax.cs protected void Application_BeginRequest(Object... -
Client Certificate Info
This document on mitigating session fixation and hijacking: http://www.acros.si/papers/session_fixation.pdf recommends "Binding the session ID... -
client certificate
Hi, I have this problem: I use windows 2003 iis6 and framework. I installed some web service with client certification required but if i ask the... -
Jeffrey Hasan #2 Re: ASP.Net using a Client Certificate on IIS 6.0
I'm not sure what did not work, but in Win2003 you should sign in as a local
admin to install certificates. Are you just encrypting requests, or, are you
also decrypting responses? If it is the former then you should be good to
go. If it is the latter then you may need to grant the ASPNET account
permission to access the private key. Simon Horrell has an article that
clearly shows you how to do this. (His article relates to WSE but the same
principle applies to what you need to accomplish):
[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwse/html/wse2wspolicy.asp[/url]
Good luck,
Jeffrey Hasan, MCSD
President, Bluestone Partners, Inc.
-----------------------------------------------
Author of: Expert SOA in C# Using WSE 2.0 (APress, 2004)
[url]http://www.bluestonepartners.com/soa.aspx[/url]
"CatpWilco" <captwilco2002@yahoo.com> wrote in message
news:b5611c77.0408031359.1386ddeb@posting.google.c om...X509Certificate(X509Certificate.CreateFromCertFile (ApplicationConfig.Certifi> I have an ASP.Net application application that uses a client
> certificate to communicate to a third party.
>
> Now, in Win2K, to install the Class 1 Client Certificate, you have to
> log in as the ASPNET user (or what ever user the aspnet_wp runs as),
> and install the certificate for that user.
>
> In Win2003 (IIS 6.0), I have followed the same process and it does not
> work. I have not been able to find documentation on this. Any tips
> out there?
>
>
> Although my question does not refer to any code, here is a sample to
> give a better picture of what the ASP.Net app is doing.
>
> Dim oRequest As HttpWebRequest
> Dim oResponse As HttpWebResponse
> Dim oClientCert As
> System.Security.Cryptography.X509Certificates.X509 Certificate
> Dim POSTBuffer() As Byte
> Dim DataStream As System.IO.Stream
> Dim sr As System.IO.StreamReader
> Dim OutputString As String
>
> POSTBuffer =
> System.Text.Encoding.UTF8.GetBytes("DataToSend")
>
> oClientCert = New
>
catePath))>
> oRequest = HttpWebRequest.Create("http://ThirdPartyURL")
> oRequest.Credentials = CredentialCache.DefaultCredentials
> oRequest.ClientCertificates.Add(oClientCert)
> oRequest.Method = POST
> oRequest.ContentType = "application/x-www-form-urlencoded"
>
> Try
>
> DataStream = oRequest.GetRequestStream()
> DataStream.Write(POSTBuffer, 0, POSTBuffer.Length)
> DataStream.Close()
>
> '* * * * * * * * * * * * * * * * * * * * * * * * * *
> '* Code fails here due to a 403.1 error
> oResponse = CType(oRequest.GetResponse,
> HttpWebResponse)
> sr = New
> System.IO.StreamReader(oResponse.GetResponseStream ())
> OutputString = sr.ReadToEnd
> sr.Close()
> catch ex Exception
> '(more boring code) ...
>
>
> Thanks,
> R. Wilco
Jeffrey Hasan Guest
-
CatpWilco #3 Re: ASP.Net using a Client Certificate on IIS 6.0
Thank you Jeffrey.
The link you provided is very informative but does not go in the right
direction for this issue. It did help me come accross some other
links that helped.
I did make some progress.
By changing the Identity for the Application Pool (
[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconidentityapplicationpoolsettings.asp[/url]
) to use the ASPNet account and logging onto the machine as the ASPNet
user, the web app worked. When I reboot the machine, the web app does
not work. So, this leads to the following:
When the ASPNET user account logs in, the credentials (which includes
the client certificate installed for the ASPNET account) are loaded
and remain in memory for a while (or until reboot).
I am still stumped on getting the ASPNET credentials loaded without
logging into the machine as the ASPNET user. I am still looking for
some help on this one. Any ideas? I could write a windows service to
run as ASPNET and to startup automatically, but there must be a better
way. I think I am missing something where I set the Identity for the
Application Pool (or maybe not).
(General statement: If the root of the problem is not clear, let me
know and I can clarify the scenario)
Thanks,
RW
"Jeffrey Hasan" <jeff@noreply.com> wrote in message news:<e9hQUeaeEHA.3792@TK2MSFTNGP09.phx.gbl>...> I'm not sure what did not work, but in Win2003 you should sign in as a local
> admin to install certificates. Are you just encrypting requests, or, are you
> also decrypting responses? If it is the former then you should be good to
> go. If it is the latter then you may need to grant the ASPNET account
> permission to access the private key. Simon Horrell has an article that
> clearly shows you how to do this. (His article relates to WSE but the same
> principle applies to what you need to accomplish):
>
> [url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwse/html/wse2wspolicy.asp[/url]
>
> Good luck,
>
> Jeffrey Hasan, MCSD
> President, Bluestone Partners, Inc.
> -----------------------------------------------
> Author of: Expert SOA in C# Using WSE 2.0 (APress, 2004)
> [url]http://www.bluestonepartners.com/soa.aspx[/url]
>
> "CatpWilco" <captwilco2002@yahoo.com> wrote in message
> news:b5611c77.0408031359.1386ddeb@posting.google.c om...> X509Certificate(X509Certificate.CreateFromCertFile (ApplicationConfig.Certifi> > I have an ASP.Net application application that uses a client
> > certificate to communicate to a third party.
> >
> > Now, in Win2K, to install the Class 1 Client Certificate, you have to
> > log in as the ASPNET user (or what ever user the aspnet_wp runs as),
> > and install the certificate for that user.
> >
> > In Win2003 (IIS 6.0), I have followed the same process and it does not
> > work. I have not been able to find documentation on this. Any tips
> > out there?
> >
> >
> > Although my question does not refer to any code, here is a sample to
> > give a better picture of what the ASP.Net app is doing.
> >
> > Dim oRequest As HttpWebRequest
> > Dim oResponse As HttpWebResponse
> > Dim oClientCert As
> > System.Security.Cryptography.X509Certificates.X509 Certificate
> > Dim POSTBuffer() As Byte
> > Dim DataStream As System.IO.Stream
> > Dim sr As System.IO.StreamReader
> > Dim OutputString As String
> >
> > POSTBuffer =
> > System.Text.Encoding.UTF8.GetBytes("DataToSend")
> >
> > oClientCert = New
> >
> catePath))> >
> > oRequest = HttpWebRequest.Create("http://ThirdPartyURL")
> > oRequest.Credentials = CredentialCache.DefaultCredentials
> > oRequest.ClientCertificates.Add(oClientCert)
> > oRequest.Method = POST
> > oRequest.ContentType = "application/x-www-form-urlencoded"
> >
> > Try
> >
> > DataStream = oRequest.GetRequestStream()
> > DataStream.Write(POSTBuffer, 0, POSTBuffer.Length)
> > DataStream.Close()
> >
> > '* * * * * * * * * * * * * * * * * * * * * * * * * *
> > '* Code fails here due to a 403.1 error
> > oResponse = CType(oRequest.GetResponse,
> > HttpWebResponse)
> > sr = New
> > System.IO.StreamReader(oResponse.GetResponseStream ())
> > OutputString = sr.ReadToEnd
> > sr.Close()
> > catch ex Exception
> > '(more boring code) ...
> >
> >
> > Thanks,
> > R. WilcoCatpWilco Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
