Client-side Cert Web application problem

From: Roman Pereyaslavsky (rpereyaslavsky_at_mpsbc.com)
Date: 08/14/03 

Date: Thu, 14 Aug 2003 07:00:05 -0700

I had the same problem about a year ago. I currently don't
have a link to the article, but there's one on MSDN (I
think it's part of a book "Implementing Secure ASP.Net
Applications" or something like that). It has even a
source code example in C# how to do it. In short - you'll
need to create a COM+ component that will do the actual
connection. That COM+ component will run under specific
user profile. You have to load a valid Client Certificate
into that user Personal Certificate store and than extract
a public key out of it. You'll be using this public key to
access the Client Certificate in that user's personal
store. At run time COM+ component loads the user profile
and at that point it can access this user's personal
certificate store. Than you need to use the Cryptography
libraries from .NET to add X509Certificate to your
HTTPWebRequest object before connecting. You also might
need to send your public key to the server for it to be
installed if the server want to allow only certain
certificates to access it.

>-----Original Message-----
>Hi all,
>I'm trying to progamaticly connect to a website through a
httpwebrequest.
>The remote site requires a client side cert to be
installed. I have
>completed a command line a C# program that performs this
task just fine.
>When I move the functionality into a dotnet website, I
get a 403 error from
>the remote server. I've changed the iis login for
anonymous access to the
>user that the cert was installed for. At this point I'm
at a loss for where
>or what to try next. If anyone has any experince doing
this I would
>appreciate the input.
>
>Thanks again,
>Tom Clark
>
>
>.
>

Relevant Pages

  • Re: X.509 and ssh
    ... certificate issued by a trusted party can access the server. ... When you extend their reach out to all these other forms of communication, and used by computer laymen, old-fashioned random public key strings is simply not at all feasibile. ...
    (comp.security.ssh)
  • Re: how can you verify that the site you get is not a fake?
    ... >> know what the information shoudl be from the server with the ssl cert, ... > The information sent to the client is the server's public key bearing ... In order to play ball you don't just need the certificate (or ... Web certs and so on) identity is valid and passes some validity ...
    (Fedora)
  • Encrypting off-site with certificates public key
    ... I thought it would be wise to use a certificate encryption scheme to allow ... Then the data is written into a varbinarycolumn on the central server ... For some reason the public key is generating a different algorithm on .NET ...
    (microsoft.public.sqlserver.security)
  • Re: Is this right? Question about SSL and PKI...
    ... > issuing CLIENT certificates. ... > certificate on my server. ... can be authenticated with some public key in their table of trusted ...
    (sci.crypt)
  • Re: S/MIME Certificates from External CA
    ... > I know that BizTalk Server 2004 can use a digital certificate for signing ... > and encryption of outbound documents from a Windows Server acting ... > as a CA but can it use a certificate from an external CA such as VeriSign? ... digital signature with the public key and compares the two hashes. ...
    (microsoft.public.windows.server.security)
Quantcast