«

HI ng,

I am attempting to call a function in a managed .NET DLL from an asp page
that signs an xml doc and returns the string to the calling asp page.

I have this code working in my windows test app with no prob, but cannot
seem to make the same call from my classic asp page.

When I view the asp page my object gets created no problem, my function gets
called, but seems to fail around the point where I create a
RSACryptoServiceProvider object.

To me this says it is a permissions issue, but I do not know what permission
and where.

thx for help!

It sounds like a probable permissions problem on the private key associated
with the certificate. By default, only admin and system have permissions to
read a private key. The ASP app will run under an app pool identity but ASP
also always impersonates the authenticated user (or the anonymous user if
anonymous auth is used), so it would need permissions to read the private
key. The key would also need to be stored in the Machine store and not in
the local user store.

If you don't want to give permissions to the private key to the
authenticated user, you might need to consider putting your COM component
under COM+ and running it as a fixed identity that is granted the necessary
permissions.

Tools like process monitor from MS/SysInternals can help with finding these
types of permissions issues on files and registry keys.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
"Joe" <> wrote in message
news:utUh$...
> HI ng,
>
> I am attempting to call a function in a managed .NET DLL from an asp page
> that signs an xml doc and returns the string to the calling asp page.
>
> I have this code working in my windows test app with no prob, but cannot
> seem to make the same call from my classic asp page.
>
> When I view the asp page my object gets created no problem, my function
> gets called, but seems to fail around the point where I create a
> RSACryptoServiceProvider object.
>
> To me this says it is a permissions issue, but I do not know what
> permission and where.
>
> thx for help!
>

Thx Joe!

I appreciate your information, your tip about "The key would also need to be
stored in the Machine store and not in
> the local user store." was dead on the issue. Turns out it was installed
> in localUser's not the localmachine's.

cheers & thanks mate, joe





"Joe Kaplan" <> wrote in message
news:...
> It sounds like a probable permissions problem on the private key
> associated with the certificate. By default, only admin and system have
> permissions to read a private key. The ASP app will run under an app pool
> identity but ASP also always impersonates the authenticated user (or the
> anonymous user if anonymous auth is used), so it would need permissions to
> read the private key. The key would also need to be stored in the Machine
> store and not in the local user store.
>
> If you don't want to give permissions to the private key to the
> authenticated user, you might need to consider putting your COM component
> under COM+ and running it as a fixed identity that is granted the
> necessary permissions.
>
> Tools like process monitor from MS/SysInternals can help with finding
> these types of permissions issues on files and registry keys.
>
> --
> Joe Kaplan-MS MVP Directory Services Programming
> Co-author of "The .NET Developer's Guide to Directory Services
> Programming"
> http://www.directoryprogramming.net
> "Joe" <> wrote in message
> news:utUh$...
>> HI ng,
>>
>> I am attempting to call a function in a managed .NET DLL from an asp
>> page that signs an xml doc and returns the string to the calling asp
>> page.
>>
>> I have this code working in my windows test app with no prob, but cannot
>> seem to make the same call from my classic asp page.
>>
>> When I view the asp page my object gets created no problem, my function
>> gets called, but seems to fail around the point where I create a
>> RSACryptoServiceProvider object.
>>
>> To me this says it is a permissions issue, but I do not know what
>> permission and where.
>>
>> thx for help!
>>
>

Glad that was easy. These issues frequently are not.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
"Joe Van Meer" <> wrote in message
news:36E0557E-58E5-48FA-BD29-...
> Thx Joe!
>
> I appreciate your information, your tip about "The key would also need to
> be stored in the Machine store and not in
>> the local user store." was dead on the issue. Turns out it was installed
>> in localUser's not the localmachine's.
>
> cheers & thanks mate, joe
>
>
>
>
>