Re: .Net client and SSL mutual authentication : 403 Forbidden, client certificate not sent

From: Peter Jakab (someone_at_from.hu)
Date: 10/11/05 

Date: Tue, 11 Oct 2005 09:57:22 +0200

One more thing:
You should check if there is a problem with the cert switching logging on
for schannel:

http://support.microsoft.com/?id=260729

and one more question:

with IE did you get any notifications about the server certificate that you
had to bypass manually( for example site is not trusted, the cert and site
urls dont match, or cert is expired) ?
In this case you can do this trick in development environment:
http://weblogs.asp.net/jan/archive/2003/12/04/41154.aspx

Best regards

Peter

"Mfenetre" <mfenetre@gmail.com> wrote in message
news:1129015340.591045.187420@g14g2000cwa.googlegroups.com...
> Hello all,
>
> Thanks for all your answers, so let me answer all of these questions :
>
>>Try using Filemon and Regmon (sysinternals)
> Ok I don't know these tools but I'll do that
>
>>Also, make sure the private key is not password protected as IIS obviously
>>can't deal with that.
> No password
>
>>So your client is running as network service?
> Yes, i'm sure, I'm printing the identity on screen just to be sure
>
>>this means that the cert has to be in the Local Machine/MY store - is that
>>the case?
> Yes that's the case.
>
>> is there anything in the col[0] ?
> Yes, I did debugging and I checked that the right certificate was found
>
>>Was the access grant with winhttpcertcfg successful?
> Yes, I granted access to the private key for the user "Network Service"
>
>>If your client is an asp.net code, are you sure, that impersonation is not
>>set?
> I tried impersonation with the user "Administrator", just to use the
> Current User Store instead of Local Machine Store but no luck...
>
>>You could also try loading the cert from file instead of loading from
>>store with WSE 2.0.
> I did it but no luck too...
>
>>You should try with a console or a windows app first, if that works you
>>could get 1 step forth...
> Good idea. I'll try that. So far I know it works with a browser.
>
> Anyway, thank you Joe, Dominick and Peter for all your answers.
>
> regards,
> Alexis.
>

Relevant Pages

  • Re: Accessing certificate store from ASP.NET web project
    ... the cert must be in the local computer/personal) store - it will then open ... Have a look at the source code to open the right cert store... ... One of the locations requires a x509 certificate in order ... different user context than my vb.net web project. ...
    (microsoft.public.dotnet.security)
  • Re: Need advice: Storing EFS, S/MIME, VPN certs on USB token
    ... into the OS's secure store. ... > your encrypted files on the same device as the encrypted files. ... > Granted, it is protected by the master key encrypting the cert store, ... > So I turn to USB devices. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: ADAM wirh SSL
    ... The cert is in both the local machine personal store and trust roots store, ... Unfortunately, I have 174 files in my machinekeys directory, so I'm not ... I'd like to be able to find the root cause instead of giving ...
    (microsoft.public.windows.server.active_directory)
  • Re: Outlook over internet RPC not working
    ... The cert was already in that store, ... same certificate, and then regardless of the configuration on the working ... Checked all Outlook over the Internet settings? ...
    (microsoft.public.windows.server.sbs)
  • Re: Exporting/ importing certificates
    ... Sorry - I guess I didn't see "import successful" in the earlier thread. ... I wonder if somehow there's already a copy of the cert in the store that's ... >>Likewise if I run install cert ...
    (microsoft.public.security)
Quantcast