RE: 403 Error Web App to Web App with Client Certificates

From: [MSFT] (lukezhan_at_online.microsoft.com)
Date: 10/04/04


Date: Mon, 04 Oct 2004 07:08:45 GMT

Hi Peter,

For 1.1 framework :
821156 INFO: ASP.NET 1.1 June 2003 Hotfix Rollup Package
http://support.microsoft.com/?id=821156
Along with this fix you will need to install the client certificate under
the Local_Machine registry hive and not the Current_User hive. You will
then need to give the ASP.Net account access to the private key for the
client certificate to get all of this to work. You can use KeyWiz.EXE for
this purpose.

Also, you may consider following solution:

Invoke the Web service from a Serviced Component, and use a Microsoft
Windows service to automatically load the profile of the certificate user
so that the Serviced Component can retrieve the client certificate and then
communicate with the Web service over SSL.

1. Create a Windows service program with only one function to run under the
certificate user identity.

2. Create a Serviced Component that runs under the identity of the
certificate user.

3. Move the authentication code from the ASP.NET application to the
Serviced Component. Verify that the Serviced Component runs under the
identity of the certificate user.

4. Call the Serviced Component method from the ASP.NET Web application.

Hope this help,

Luke



Relevant Pages

  • Re: 403 Error Web App to Web App with Client Certificates
    ... Are you sure the client certificate private key is available to the account ... > Everything works fine when I put a Windows frontend in front of my .dll. ... >> Invoke the Web service from a Serviced Component, ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Enabling SSL on the server with test certificate
    ... > certificate to the server. ... Good luck! ... ready any certificate from any store. ... If you'll be able to make it work without the serviced component please let ...
    (microsoft.public.dotnet.framework.aspnet.webservices)
  • Re: Active Directory Federation Services
    ... How do I get a Microsoft CA to issue me a client cert? ... option for client certificate. ... There is a user certificate, ... I'm not an FSP expert by any means, but I might be able to help here. ...
    (microsoft.public.windows.server.active_directory)
  • Re: SSL client certificate authentication
    ... The list is populated by IE based on the list of root CA certs that the IIS ... > 2> When I install the microsoft certificate services, ... > client certificate is installed in the client machine and gets stored ... > * In the Anonymous access and authentication control section, ...
    (microsoft.public.win2000.security)
  • SSL client certificate authentication
    ... I tried out doing the SSL client certificate authentication in the ... 2> When I install the microsoft certificate services, ...
    (microsoft.public.win2000.security)