Secure WebService Failing

[Matt Sollars]

I've struggled with this problem, and it's lack of examples, for a couple of
months now. On several different web applications that we have written, we
need to communicate with a credit card merchant servicer. On one of the
projects a secure connection was made with a WebRequest object and during
the reply, a trust error was received. I can't remember the full details due
to the time it's been since that project.

The most recent project required a secure connection via a web service that
the merchant service provides. I instantiate an instance of the service and
call the method that processes the credit card. No matter what I try to get
around it, I get the same error message:

System.EntryPointNotFoundException: Unable to find an entry point named
EnumerateSecurityPackagesW in DLL security.dll.

The stack trace results in the following:

[EntryPointNotFoundException: Unable to find an entry point named
EnumerateSecurityPackagesW in DLL security.dll.]
System.Net.NativeNTSSPI.EnumerateSecurityPackagesW (Int32& pkgnum, IntPtr&
arrayptr) +0
System.Net.SSPISecureChannelType.EnumerateSecurity Packages(Int32& pkgnum,
IntPtr& arrayptr) +45
System.Net.SSPIWrapper.EnumerateSecurityPackages(S SPIInterface SecModule)
+57
System.Net.SSPIWrapper.GetSupportedSecurityPackage s(SSPIInterface
SecModule) +29
System.Net.SecureChannel..cctor() +41

[TypeInitializationException: The type initializer for
"System.Net.SecureChannel" threw an exception.]
System.Net.SecureChannel..ctor(String hostname, X509CertificateCollection
clientCertificates) +0
System.Net.TlsStream.Handshake(ProtocolToken message) +51

[WebException: The underlying connection was closed: Could not establish
secure channel for SSL/TLS.]
System.Net.HttpWebRequest.CheckFinalStatus() +674
System.Net.HttpWebRequest.EndGetRequestStream(IAsy ncResult asyncResult)
+74
System.Net.HttpWebRequest.GetRequestStream() +132
System.Web.Services.Protocols.SoapHttpClientProtoc ol.Invoke(String
methodName, Object[] parameters) +105

MyApplication.net.eftsecure.va.TRANSACTION_PROCESS ING.BANKCARD_AUTHONLY(Stri
ng M_ID, String M_KEY, String C_NAME, String C_ADDRESS, String C_CITY,
String C_STATE, String C_ZIP, String C_COUNTRY, String C_EMAIL, String
C_CARDNUMBER, String C_EXP, String C_CVV, String T_CUSTOMER_NUMBER, String
T_AMT, String T_SHIPPING, String T_TAX, String T_ORDERNUM, String
C_TELEPHONE, String C_FAX, String C_SHIP_NAME, String C_SHIP_ADDRESS, String
C_SHIP_CITY, String C_SHIP_STATE, String C_SHIP_ZIP, String C_SHIP_COUNTRY)
in c:\inetpub\wwwroot\MyApplication\Web
References\net.eftsecure.va\Reference.vb:140
MyApplication.ConfirmOrder.btnConfirm_Click(Object sender, EventArgs e)
in c:\inetpub\wwwroot\MyApplication\ConfirmOrder.aspx .vb:93
System.Web.UI.WebControls.Button.OnClick(EventArgs e) +108

System.Web.UI.WebControls.Button.System.Web.UI.IPo stBackEventHandler.RaisePo
stBackEvent(String eventArgument) +57
System.Web.UI.Page.RaisePostBackEvent(IPostBackEve ntHandler
sourceControl, String eventArgument) +18
System.Web.UI.Page.RaisePostBackEvent(NameValueCol lection postData) +33
System.Web.UI.Page.ProcessRequestMain() +1247


I've tried a few things. I created a new class implementing
ICertificatePolicy that just returns True in the CheckValidationResult
method and set the ServicePointManager.CertificatePolicy to a new instance
of that class. I've output the SSL certificate on the server to a CER file
and added it to the web service's client certificates via
ClientCertificates.Add(X509Certificate.CreateFromC ertFile(Server.MapPath("My
ApplicationCert.cer"))). Each of these things were tried separately and
together just before the web service's method is invoked and nothing has
remedied the problem.

Please, help. Any suggestions, questions, ideas or examples will be greatly
appreciated.


Thanks in advance,

--
Matt Sollars
[email]matt@hypersite.net[/email]
-------------------
The Hypersite Network
2002 N. Salisbury Blvd.
Suite C
Salisbury, Maryland 21801
T: 410.749.2000
F: 410.219.3400
[url]http://www.hypersite.net[/url]

[Tian Min Huang]

Hi Matt,

The error looks more like a certificate issue. Following are few known
conditions this error may occur.

1) Mismatched Certificate: a certificate is associated with the user ID of
the user who installed the certificate (this is the certificate user);
therefore, the certificate is available only when that user profile is
loaded. ASP.NET will be running under different account. Check the
Certificate in the MMC.

2) Mismatched server name: the server name should be same as the server
name on the certificate. This is most common problem. If the client and
server are on the same box, make sure that you are not using ¡°localhost?
Please change it to server name.

3) Proxy settings.
Please check the KB article Q307267
<http://support.microsoft.com/default.aspx?scid=kb;en-us;Q307267> and make
sure the certificates are installed properly.

Thanks very much.

Regards,

HuangTM
Microsoft Online Partner Support
MCSE/MCSD

Get Secure! ¨C [url]www.microsoft.com/security[/url]
This posting is provided ¡°as is¡± with no warranties and confers no rights.

[Matt Sollars]

Thanks a lot, Tian. I'll look into that. It's probably the user issue. I
guess I'll have to impersonate that user.

Matt


"Tian Min Huang" <timhuang@online.microsoft.com> wrote in message
news:e1GDPsnVDHA.2152@cpmsftngxa06.phx.gbl...
Hi Matt,

The error looks more like a certificate issue. Following are few known
conditions this error may occur.

1) Mismatched Certificate: a certificate is associated with the user ID of
the user who installed the certificate (this is the certificate user);
therefore, the certificate is available only when that user profile is
loaded. ASP.NET will be running under different account. Check the
Certificate in the MMC.

2) Mismatched server name: the server name should be same as the server
name on the certificate. This is most common problem. If the client and
server are on the same box, make sure that you are not using ¡°localhost?
Please change it to server name.

3) Proxy settings.
Please check the KB article Q307267
<http://support.microsoft.com/default.aspx?scid=kb;en-us;Q307267> and make
sure the certificates are installed properly.

Thanks very much.

Regards,

HuangTM
Microsoft Online Partner Support
MCSE/MCSD

Get Secure! ¨C [url]www.microsoft.com/security[/url]
This posting is provided ¡°as is¡± with no warranties and confers no rights.

[Munish Sethi]

Tim,

I have the same error, but the problem is only on ISP side..any ideas?
Following is a brief description of my problem...

I have an aspx page, code for which I am including in mail. This page
works only for a few hours a day. It is inconsistent code does NOT
change but the page stops working. This page works fine on localhost
(at all
times) however at my ISP it is a different story. It works randomly ,
as best I can figure out it works for a few hours every day. Nothing is
consistent and it works in a random fashion. It appears to be some kind
of
sever specific issue at my ISP. Is anyone else having similar problems?
ISP (webhost4life) has not been of much help. Why does this page find
the entry point every so often and then does not find it?

Error Message that is reported

Unable to find an entry point named EnumerateSecurityPackagesW in DLL
security.dll.

It fails on the following line of code

Dim postData As Stream = oHttp.GetRequestStream()

Following is the stack trace output

[EntryPointNotFoundException: Unable to find an entry point named
EnumerateSecurityPackagesW in DLL security.dll.]
System.Net.NativeNTSSPI.EnumerateSecurityPackagesW (Int32& pkgnum,
IntPtr&
arrayptr) +0
System.Net.SSPISecureChannelType.EnumerateSecurity Packages(Int32&
pkgnum,
IntPtr& arrayptr) +45
System.Net.SSPIWrapper.EnumerateSecurityPackages(S SPIInterface
SecModule)
+57
System.Net.SSPIWrapper.GetSupportedSecurityPackage s(SSPIInterface
SecModule) +29
System.Net.SecureChannel..cctor() +41

[TypeInitializationException: The type initializer for
"System.Net.SecureChannel" threw an exception.]
System.Net.SecureChannel..ctor(String hostname,
X509CertificateCollection
clientCertificates) +0
System.Net.TlsStream.Handshake(ProtocolToken message) +51

[WebException: The underlying connection was closed: Could not establish
secure channel for SSL/TLS.]
System.Net.HttpWebRequest.CheckFinalStatus() +676
System.Net.HttpWebRequest.EndGetRequestStream(IAsy ncResult
asyncResult)
+75
System.Net.HttpWebRequest.GetRequestStream() +132
ASP.test_aspx.Page_Load(Object sender, EventArgs e) in
c:\webhost4life_aspnet\cincospa\aspx\test.aspx:37
System.Web.UI.Control.OnLoad(EventArgs e) +67
System.Web.UI.Control.LoadRecursive() +35
System.Web.UI.Page.ProcessRequestMain() +731


__________________________________________________ __________
Complete code for this aspx page
__________________________________________________ __________

<%@ Page Debug="true" Language="vb" AutoEventWireup="false"%>
<%@ Import Namespace="System.Net" %>
<%@ Import Namespace="System.IO" %>
<%@ Import Namespace="System.Text" %>
<%@ Import Namespace="System.Web.HttpRequest" %>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>test</title>
<meta name="GENERATOR" content="Microsoft Visual Studio .NET 7.1">
<meta name="CODE_LANGUAGE" content="Visual Basic .NET 7.1">
<meta name=vs_defaultClientScript content="JavaScript">
<meta name=vs_targetSchema
content="http://schemas.microsoft.com/intellisense/ie5">
</head>
<body MS_POSITIONING="GridLayout">

<form id="Form1" method="post" runat="server">

<script language="vb" runat="server">
Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
' 'Put user code to initialize the page here

' ' Create Web Request
Dim url As String = "https://secure.authorize.net/gateway/transact.dll"
Dim params As String = String.Empty

Dim oHttp As HttpWebRequest = CType(WebRequest.Create(Url),
HttpWebRequest)

' Post form variables
params = "x_Version=" & "3.1" & "&x_delim_data=" & "True" + "&x_Login="
&
"userid" & "&x_tran_key=" & "somepwd" _
+ "&x_Amount=" & "1" & "&x_Card_Num=" & "1234567812345678" +
"&x_Exp_Date="
& "1234" + "&x_Type=" + "AUTH_CAPTURE"

oHttp.Method = "POST"

Dim postBuffer() As Byte =
System.Text.Encoding.GetEncoding(1252).GetBytes(Pa rams)
oHttp.ContentLength = postBuffer.Length
Dim postData As Stream = oHttp.GetRequestStream()
postData.Write(postBuffer, 0, postBuffer.Length)
postData.Close()

' Get results
Dim myResponse As HttpWebResponse = CType(oHttp.GetResponse(),
HttpWebResponse)
Dim enc As Encoding = System.Text.Encoding.GetEncoding(1252)

Dim loResponseStream As StreamReader
loResponseStream = New StreamReader(myResponse.GetResponseStream(), enc)
Dim retHtml As String = loResponseStream.ReadToEnd()
myResponse.Close()
loResponseStream.Close()

Response.Write(retHtml)
End Sub

</script>

</form>

</body>
</html>




<b> Munish </b>

*** Sent via Developersdex [url]http://www.developersdex.com[/url] ***
Don't just participate in USENET...get rewarded for it!