Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Web Services > X.509 certificates and HTTPwebrequest

Reply
Thread Tools

X.509 certificates and HTTPwebrequest

 
 
Deepak
Guest
Posts: n/a
 
      03-28-2005
We retrieve data from a company called XYZ through httpwebrequest.
The program is coded using VB.NET
They have given a certificate to install.
This certificate is included with the request object.I use httpwebrequest to
retrieve data. The certificate is added to the client certificates
collection.


When this component is called from a windows application, I can retrieve the
data.
When this component is called from a web page, I get the following error
The remote server returned an error 403 forbidden.
we have no special setting in machine.config for the section processmodel.
The aspnet process is running under the username aspnet.
if I deploy my component in COM+, it runs successfully.
we feel it is because of permission issue for the user ASPNET .
I have used winhttpcertcfg tool from microsoft to give access to the private
key for the user ASPNET.
The certificate is installed under local machine account in the folder
Personals(LOCAL_MACHINE\MY).
I have no success even after utilizing winhttpcertcfg . I feel that the
httpwebrequest is somehow not passing the client certificate.
to the server. I donot want to put this component in COM+ or make any
changes to Processmodel section of machine.config files.
I have given permission to the key under C:\Document and
Settings\Allusers\applicationd¬*ata\microsoft\Cryp to\RSA\Machi¬*neKeys for the
user ASPNET.
I have had no success even after doing all these steps.
I have tried using LogOnuser API to change the security context but still I
had problems.
In .net framework V1.1, to successfully run LogOnuser API, we have to make
the user ASPNET to act as part of the operating system. This results to
giving high privilege account to the user ASPNET which is against our
security policy.
Environment: windows 2000
..Net framework Version 1.1
IIS 5.0
Programming Language used is VB.NET


give me some insights into the issue



 
Reply With Quote
 
 
 
 
Sri
Guest
Posts: n/a
 
      05-06-2005
Deepak,

I've had the same problem for the last month or so.... hence i'm curious
to know whether you manager to get a solution to your problem?

If not i'll keep you posted here if I get to know how to work around
this.

Cheers,
Sri



*** Sent via Developersdex http://www.developersdex.com ***
 
Reply With Quote
 
 
 
 
Yunus Emre ALP÷ZEN [MCAD.NET]
Guest
Posts: n/a
 
      05-06-2005
Did u send client certificate manually ?
Did u set credentials ?

--

Thanks,
Yunus Emre ALP÷ZEN
BSc, MCAD.NET

"Deepak" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> We retrieve data from a company called XYZ through httpwebrequest.
> The program is coded using VB.NET
> They have given a certificate to install.
> This certificate is included with the request object.I use httpwebrequest
> to
> retrieve data. The certificate is added to the client certificates
> collection.
>
>
> When this component is called from a windows application, I can retrieve
> the
> data.
> When this component is called from a web page, I get the following error
> The remote server returned an error 403 forbidden.
> we have no special setting in machine.config for the section processmodel.
> The aspnet process is running under the username aspnet.
> if I deploy my component in COM+, it runs successfully.
> we feel it is because of permission issue for the user ASPNET .
> I have used winhttpcertcfg tool from microsoft to give access to the
> private
> key for the user ASPNET.
> The certificate is installed under local machine account in the folder
> Personals(LOCAL_MACHINE\MY).
> I have no success even after utilizing winhttpcertcfg . I feel that the
> httpwebrequest is somehow not passing the client certificate.
> to the server. I donot want to put this component in COM+ or make any
> changes to Processmodel section of machine.config files.
> I have given permission to the key under C:\Document and
> Settings\Allusers\applicationd*ata\microsoft\Crypt o\RSA\Machi*neKeys for
> the
> user ASPNET.
> I have had no success even after doing all these steps.
> I have tried using LogOnuser API to change the security context but still
> I
> had problems.
> In .net framework V1.1, to successfully run LogOnuser API, we have to make
> the user ASPNET to act as part of the operating system. This results to
> giving high privilege account to the user ASPNET which is against our
> security policy.
> Environment: windows 2000
> .Net framework Version 1.1
> IIS 5.0
> Programming Language used is VB.NET
>
>
> give me some insights into the issue
>
>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
creating certificates and public and private keys Adam Akhtar Ruby 5 11-28-2009 12:18 AM
HttpWebRequest using Certificates Josef Brunner ASP .Net Security 9 03-03-2006 05:49 PM
Are SSL certificates and x.509 certificates the same? n33470 ASP .Net Web Services 0 12-14-2005 03:30 PM
httpwebrequest and client certificates =?Utf-8?B?RGVlcGFr?= ASP .Net 1 02-07-2005 11:12 PM
Self-issued certificates and commercial certificates. Lord Amoeba Computer Security 2 05-05-2004 01:40 PM



Advertisments