Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > x509certificate2 to load a pfx file, still needs CA in cert store?

Reply
Thread Tools

x509certificate2 to load a pfx file, still needs CA in cert store?

 
 
daed
Guest
Posts: n/a
 
      07-20-2006

Hello,

I'm in the process of creating a C# application which connects to a client
side SSL authenticated website. It uses the x509certificate2 class to load a
pfx file (without the need for access to the certificate stores, at least in
theory).

When compiled into a command line client the code works but still appears to
need the Root CA which signed the Client Cert in the Trusted Root CA Local
Machine certifcate store.

Command Line Code:

using System;
using System.Collections.Generic;
using System.Text;
using System.Security.Cryptography.X509Certificates;
using System.IO;
using System.Net;


namespace ConnectToWS
{
class Program
{
static void Main(string[] args)
{
string strValue = "3";

com.webservice myWebService = new com.webservice();

FileStream fs = File.Open("c:\\myCert.pfx", FileMode.Open,
FileAccess.Read);

byte[] buffer = new byte[fs.Length];

int count = fs.Read(buffer, 0, buffer.Length);

fs.Close();

X509Certificate2 cert = new X509Certificate2(buffer, "Password");
myWebService.ClientCertificates.Add(cert);

string strResult = myWebService.myMethod(strValue).ToString();

Console.Write(strResult);

}
}
}

By doctoring the code slightly (see below), I wanted to query the web
service via an aspx page.

using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Security.Cryptography.X509Certificates;
using System.IO;
using System.Net;

public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{

}
protected void Button1_Click(object sender, EventArgs e)
{

string strValue = "3";

com.webService myWebService = new com.WebService();

FileStream fs = File.Open("c:\\myCert.pfx", FileMode.Open,
FileAccess.Read);

byte[] buffer = new byte[fs.Length];

int count = fs.Read(buffer, 0, buffer.Length);

fs.Close();

X509Certificate2 cert = new X509Certificate2(buffer, "Password");
myWebService.ClientCertificates.Add(cert);

string strResult = myWebService.Method(strValue).ToString();

Label1.Text = strResult;

}
}

This generates an error when the button is pressed:

System.Security.Authentication.AuthenticationExcep tion: The remote
certificate is invalid according to the validation procedure.

[AuthenticationException: The remote certificate is invalid according to the
validation procedure.]
System.Net.Security.SslState.StartSendAuthResetSig nal(ProtocolToken
message, AsyncProtocolRequest asyncRequest, Exception exception) +1036882

System.Net.Security.SslState.CheckCompletionBefore NextReceive(ProtocolToken
message, AsyncProtocolRequest asyncRequest) +333
System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count,
AsyncProtocolRequest asyncRequest) +313
System.Net.Security.SslState.ProcessReceivedBlob(B yte[] buffer, Int32
count, AsyncProtocolRequest asyncRequest) +386
System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32
readBytes, AsyncProtocolRequest asyncRequest) +293
System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer,
AsyncProtocolRequest asyncRequest) +297

System.Net.Security.SslState.CheckCompletionBefore NextReceive(ProtocolToken
message, AsyncProtocolRequest asyncRequest) +364
System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count,
AsyncProtocolRequest asyncRequest) +313
System.Net.Security.SslState.ProcessReceivedBlob(B yte[] buffer, Int32
count, AsyncProtocolRequest asyncRequest) +386
System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32
readBytes, AsyncProtocolRequest asyncRequest) +293
System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer,
AsyncProtocolRequest asyncRequest) +297

System.Net.Security.SslState.CheckCompletionBefore NextReceive(ProtocolToken
message, AsyncProtocolRequest asyncRequest) +364
System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count,
AsyncProtocolRequest asyncRequest) +313
System.Net.Security.SslState.ProcessReceivedBlob(B yte[] buffer, Int32
count, AsyncProtocolRequest asyncRequest) +386
System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32
readBytes, AsyncProtocolRequest asyncRequest) +293
System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer,
AsyncProtocolRequest asyncRequest) +297

System.Net.Security.SslState.CheckCompletionBefore NextReceive(ProtocolToken
message, AsyncProtocolRequest asyncRequest) +364
System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count,
AsyncProtocolRequest asyncRequest) +313
System.Net.Security.SslState.ProcessReceivedBlob(B yte[] buffer, Int32
count, AsyncProtocolRequest asyncRequest) +386
System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32
readBytes, AsyncProtocolRequest asyncRequest) +293
System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer,
AsyncProtocolRequest asyncRequest) +297

System.Net.Security.SslState.CheckCompletionBefore NextReceive(ProtocolToken
message, AsyncProtocolRequest asyncRequest) +364
System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count,
AsyncProtocolRequest asyncRequest) +313
System.Net.Security.SslState.ProcessReceivedBlob(B yte[] buffer, Int32
count, AsyncProtocolRequest asyncRequest) +386
System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32
readBytes, AsyncProtocolRequest asyncRequest) +293
System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer,
AsyncProtocolRequest asyncRequest) +297

System.Net.Security.SslState.CheckCompletionBefore NextReceive(ProtocolToken
message, AsyncProtocolRequest asyncRequest) +364
System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count,
AsyncProtocolRequest asyncRequest) +313
System.Net.Security.SslState.ForceAuthentication(B oolean receiveFirst,
Byte[] buffer, AsyncProtocolRequest asyncRequest) +138
System.Net.Security.SslState.ProcessAuthentication (LazyAsyncResult
lazyResult) +120
System.Net.TlsStream.CallProcessAuthentication(Obj ect state) +47
System.Threading.ExecutionContext.runTryCode(Objec t userData) +66

System.Runtime.CompilerServices.RuntimeHelpers.Exe cuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData) +0
System.Threading.ExecutionContext.RunInternal(Exec utionContext
executionContext, ContextCallback callback, Object state) +166
System.Threading.ExecutionContext.Run(ExecutionCon text executionContext,
ContextCallback callback, Object state) +145
System.Net.TlsStream.ProcessAuthentication(LazyAsy ncResult result) +728
System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size) +44
System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size) +21
System.Net.ConnectStream.WriteHeaders(Boolean async) +266

[WebException: The underlying connection was closed: Could not establish
trust relationship for the SSL/TLS secure channel.]
System.Web.Services.Protocols.WebClientProtocol.Ge tWebResponse(WebRequest
request) +54

System.Web.Services.Protocols.HttpWebClientProtoco l.GetWebResponse(WebRequest
request) +4
System.Web.Services.Protocols.SoapHttpClientProtoc ol.Invoke(String
methodName, Object[] parameters) +172
com.experian.uk.cems.uat.kms.Kms.getExternalKeySet (String name) +47
_Default.Button1_Click(Object sender, EventArgs e) +192
System.Web.UI.WebControls.Button.OnClick(EventArgs e) +105
System.Web.UI.WebControls.Button.RaisePostBackEven t(String eventArgument)
+107

System.Web.UI.WebControls.Button.System.Web.UI.IPo stBackEventHandler.RaisePostBackEvent(String eventArgument) +7
System.Web.UI.Page.RaisePostBackEvent(IPostBackEve ntHandler
sourceControl, String eventArgument) +11
System.Web.UI.Page.RaisePostBackEvent(NameValueCol lection postData) +33
System.Web.UI.Page.ProcessRequestMain(Boolean
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +5102

Again I can get rid of this error by installing the Root CA that signed the
client certificate into the Trusted Root CA Local Machine Certificate Store.

Can anyone shed any light into why the CA still needs to be installed in a
cert store even if its included in the pfx file?



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
microsoft.public.certification, microsoft.public.cert.exam.mcsa, microsoft.public.cert.exam.mcad, microsoft.public.cert.exam.mcse, microsoft.public.cert.exam.mcsd loyola MCSE 4 11-15-2006 02:40 AM
microsoft.public.certification, microsoft.public.cert.exam.mcsa, microsoft.public.cert.exam.mcad, microsoft.public.cert.exam.mcse, microsoft.public.cert.exam.mcsd loyola Microsoft Certification 3 11-14-2006 05:18 PM
microsoft.public.certification, microsoft.public.cert.exam.mcsa, microsoft.public.cert.exam.mcad, microsoft.public.cert.exam.mcse, microsoft.public.cert.exam.mcsd loyola MCSD 3 11-14-2006 05:18 PM
microsoft.public.certification, microsoft.public.cert.exam.mcsa, microsoft.public.cert.exam.mcad, microsoft.public.cert.exam.mcse, microsoft.public.cert.exam.mcsd loyola MCAD 3 11-14-2006 05:18 PM
microsoft.public.certification, microsoft.public.cert.exam.mcsa, microsoft.public.cert.exam.mcad, microsoft.public.cert.exam.mcse, microsoft.public.cert.exam.mcsd realexxams@yahoo.com Microsoft Certification 0 05-10-2006 02:35 PM



Advertisments