Re: Client Certificate Authentication With HTTS POST (.NET 2.0)

The mechanics of it are all the same. The key is to make sure that the
identity that is executing the ASP.NET app has access to the private key for
the client certificate.

Often times, you can figure out what the problem is (likely permissions) by
running filemon on the server while the client certificate it trying to be
accessed and looking for the access denied messages that are reported.
Then, you can change the ACLs on the files or directories that are causing
the failures and will be all set.

It is probably a good idea to make sure the client cert is installed in the
machine store instead of a particular user's store, as the latter requires
access to that user's profile, and that won't be available in ASP.NET.

Best of luck!

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"DerekJMiller1" <DerekJMiller1@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:61999137-9E17-43A0-99C2-B50CD2B680AB@xxxxxxxxxxxxxxxx
Dominick,

Sorry my fault . I did not make it clear that the only scenario we have
the
issue with is when the client is an asp.net application (works from
windows
app).

Thanks.
--
Derek


"Dominick Baier" wrote:

Hi,

maybe this helps:

http://go.microsoft.com/?linkid=5151512
-----
Dominick Baier (http://www.leastprivilege.com)

We are having an issue with using a client certificate for
authentication on an HTTPS POST using WebClient related classes.

We are getting the certificate from the protected certificate store.
This seems to work OK, but the certificate is not presented as a valid
certificate to IIS at the other end (it doesn't get past IIS's
certificate checks - using Require Client Certificate).

If we turn off require client certificate, it gets to our code, but no
certificate is in the request.

It appears that somewhere in the guts of HTTPRequest, the certificate
is not transmitted over the wire (correctly?).

Note that even when using SOAP web services, we still have this issue.

If anybody can point us to some sample code demonstrating how to use a
client certificate for an HTTP post or any other assistance, it would
be appreciated.

Thanks






.

Relevant Pages

  • Re: Active Directory Federation Services
    ... How do I get a Microsoft CA to issue me a client cert? ... option for client certificate. ... There is a user certificate, ... I'm not an FSP expert by any means, but I might be able to help here. ...
    (microsoft.public.windows.server.active_directory)
  • Re: SSL client certificate authentication
    ... The list is populated by IE based on the list of root CA certs that the IIS ... > 2> When I install the microsoft certificate services, ... > client certificate is installed in the client machine and gets stored ... > * In the Anonymous access and authentication control section, ...
    (microsoft.public.win2000.security)
  • SSL client certificate authentication
    ... I tried out doing the SSL client certificate authentication in the ... 2> When I install the microsoft certificate services, ...
    (microsoft.public.win2000.security)
  • Certificate Trust List
    ... EventID 36885 is registered when a user presents a client certificate. ... Patch the server from Windows Update including refreshing trusted root ... Install a client certificate issued by the CA from step 4 to IE6. ... On the server the following event is recorded in the System Log: ...
    (microsoft.public.inetserver.iis.security)
  • Re: Windows Mobile + https + clientcertificates?
    ... the Crypto APIs returned the correct certificate? ... client certificate for which you have an associated private key. ... have an HTTP status of 500, internal server error, and no results). ...
    (microsoft.public.windowsce.app.development)