RE: Access denied 403.7 client certificate
- From: Zerro <Zerro@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 10 Jan 2008 05:28:01 -0800
We managed to solve/find the issue after some more testing and discussions.
So for all others out there I will post the solution.
The certificate I received have three levels in the path.
VeriSign Class 1 Public Primary Certification Authority
-> VeriSign Class 1 Individual Subscriber CA - G2
-> My Client cert.
The problem is that the middle certifiate also must be imported and cranted
access rights as if it where the root certificate.
Good luck.
"Zerro" wrote:
Hi,.
I'm trying ta access a webservice that requires identification by client
certificate. Browsing the webservice and console testprogram works fine, but
my webapplication gets a 403.7 access denied all the time.
I've followed the instructions and imported the certificate with
Winhttpcertcfg and granted access rights to both ASPNET and NetworkService
account. In the log it looks as if communication is established and my
request is sent, but then a new validation of certificates is asked for and
then it fails. See SEC_I_RENEGOTIATE on line 176 and then it gets Zero client
certificates to choose among.
Anyone got any clues?
---- Log file ----
System.Net Verbose: 0 : [5276]
WebRequest::Create(https://www.everywheremoney.com/ws/ext2/emcard.asmx)
System.Net Verbose: 0 : [5276]
HttpWebRequest#34767408::HttpWebRequest(https://www.everywheremoney.com/ws/ext2/emcard.asmx#-2070773650)
System.Net Verbose: 0 : [5276] Exiting
HttpWebRequest#34767408::HttpWebRequest()
System.Net Verbose: 0 : [5276] Exiting WebRequest::Create() ->
HttpWebRequest#34767408
System.Net Verbose: 0 : [5276] HttpWebRequest#34767408::GetRequestStream()
System.Net Information: 0 : [5276] Associating HttpWebRequest#34767408 with
ServicePoint#44471219
System.Net Information: 0 : [5276] Associating Connection#64696659 with
HttpWebRequest#34767408
System.Net.Sockets Verbose: 0 : [5276] Socket#45399024::Socket(InterNetwork#2)
System.Net.Sockets Verbose: 0 : [5276] Exiting Socket#45399024::Socket()
System.Net.Sockets Verbose: 0 : [5276]
Socket#45399024::Connect(65:443#1107111800)
System.Net.Sockets Verbose: 0 : [5276] Exiting Socket#45399024::Connect()
System.Net Information: 0 : [5276]
TlsStream#5938035::.ctor(host=www.everywheremoney.com, #certs=1)
System.Net Information: 0 : [5276] Associating HttpWebRequest#34767408 with
ConnectStream#53442317
System.Net Verbose: 0 : [5276] Exiting
HttpWebRequest#34767408::GetRequestStream() -> ConnectStream#53442317
System.Net Verbose: 0 : [5276] ConnectStream#53442317::Write()
System.Net Verbose: 0 : [5276] Data from ConnectStream#53442317::Write
System.Net Verbose: 0 : [5276] 00000000 : 3C 3F 78 6D 6C 20 76 65-72 73 69
6F 6E 3D 22 31 : <?xml version="1
System.Net Verbose: 0 : [5276] 00000010 : 2E 30 22 20 65 6E 63 6F-64 69 6E
67 3D 22 75 74 : .0" encoding="ut
System.Net Verbose: 0 : [5276] 00000020 : 66 2D 38 22 3F 3E 3C 73-6F 61 70
3A 45 6E 76 65 : f-8"?><soap:Enve
System.Net Verbose: 0 : [5276] 00000030 : 6C 6F 70 65 20 78 6D 6C-6E 73 3A
73 6F 61 70 3D : lope xmlns:soap=
System.Net Verbose: 0 : [5276] 00000040 : 22 68 74 74 70 3A 2F 2F-73 63 68
65 6D 61 73 2E : "http://schemas.
System.Net Verbose: 0 : [5276] 00000050 : 78 6D 6C 73 6F 61 70 2E-6F 72 67
2F 73 6F 61 70 : xmlsoap.org/soap
System.Net Verbose: 0 : [5276] 00000060 : 2F 65 6E 76 65 6C 6F 70-65 2F 22
20 78 6D 6C 6E : /envelope/" xmln
System.Net Verbose: 0 : [5276] 00000070 : 73 3A 78 73 69 3D 22 68-74 74 70
3A 2F 2F 77 77 : s:xsi="http://ww
System.Net Verbose: 0 : [5276] 00000080 : 77 2E 77 33 2E 6F 72 67-2F 32 30
30 31 2F 58 4D : w.w3.org/2001/XM
System.Net Verbose: 0 : [5276] 00000090 : 4C 53 63 68 65 6D 61 2D-69 6E 73
74 61 6E 63 65 : LSchema-instance
System.Net Verbose: 0 : [5276] 000000A0 : 22 20 78 6D 6C 6E 73 3A-78 73 64
3D 22 68 74 74 : " xmlns:xsd="htt
System.Net Verbose: 0 : [5276] 000000B0 : 70 3A 2F 2F 77 77 77 2E-77 33 2E
6F 72 67 2F 32 : p://www.w3.org/2
System.Net Verbose: 0 : [5276] 000000C0 : 30 30 31 2F 58 4D 4C 53-63 68 65
6D 61 22 3E 3C : 001/XMLSchema"><
System.Net Verbose: 0 : [5276] 000000D0 : 73 6F 61 70 3A 42 6F 64-79 3E 3C
43 72 65 64 69 : soap:Body><Credi
...
System.Net Verbose: 0 : [5276] 000001D0 : 3C 2F 43 72 65 64 69 74-3E
: </Credit>
System.Net Verbose: 0 : [5276] Exiting ConnectStream#53442317::Write()
System.Net Verbose: 0 : [5276] ConnectStream#53442317::Write()
System.Net Verbose: 0 : [5276] Data from ConnectStream#53442317::Write
System.Net Verbose: 0 : [5276] 00000000 : 3C 2F 73 6F 61 70 3A 42-6F 64 79
3E 3C 2F 73 6F : </soap:Body></so
System.Net Verbose: 0 : [5276] 00000010 : 61 70 3A 45 6E 76 65 6C-6F 70 65
3E : ap:Envelope>
System.Net Verbose: 0 : [5276] Exiting ConnectStream#53442317::Write()
System.Net Verbose: 0 : [5276] ConnectStream#53442317::Close()
System.Net Verbose: 0 : [5276] Exiting ConnectStream#53442317::Close()
System.Net Verbose: 0 : [5276] HttpWebRequest#34767408::GetResponse()
System.Net Information: 0 : [5276] HttpWebRequest#34767408 - Request: POST
/ws/ext2/emcard.asmx HTTP/1.1
System.Net Information: 0 : [5276]
SecureChannel#11218807::.ctor(hostname=www.everywheremoney.com,
#clientCertificates=1)
System.Net Information: 0 : [5276] Räknar upp säkerhetspaket:
System.Net Information: 0 : [5276] Negotiate
System.Net Information: 0 : [5276] Kerberos
System.Net Information: 0 : [5276] NTLM
System.Net Information: 0 : [5276] Microsoft Unified Security Protocol
Provider
System.Net Information: 0 : [5276] Schannel
System.Net Information: 0 : [5276] WDigest
System.Net Information: 0 : [5276] DPA
System.Net Information: 0 : [5276] Digest
System.Net Information: 0 : [5276] MSN
System.Net Information: 0 : [5276] SecureChannel#11218807 - Försöker starta
om sessionen med certifikat från användaren: [Version]
V3
[Subject]
E=support@xxxxxxxxxxxxxxxxxx, CN=Payment Service, OU=Digital ID Class 1 -
Microsoft Full Service, OU=Persona Not Validated,
OU="www.verisign.com/repository/RPA Incorp. by Ref.,LIAB.LTD(c)98",
OU=VeriSign Trust Network, O="VeriSign, Inc."
Simple Name: Payment Service
Email Name: support@xxxxxxxxxxxxxxxxxx
DNS Name: Payment Service
System.Net Information: 0 : [5276] SecureChannel#11218807 - Har 1
klientcertifikat kvar att välja bland.
System.Net Information: 0 : [5276] SecureChannel#11218807 - Försöker hitta
ett matchande certifikat i certifikatlagret.
System.Net Information: 0 : [5276] SecureChannel#11218807 - Söker efter
privat nyckel för certifikat: [Version]
V3
[Subject]
E=support@xxxxxxxxxxxxxxxxxx, CN=Payment Service, OU=Digital ID Class 1 -
Microsoft Full Service, OU=Persona Not Validated,
OU="www.verisign.com/repository/RPA Incorp. by Ref.,LIAB.LTD(c)98",
OU=VeriSign Trust Network, O="VeriSign, Inc."
Simple Name: Payment Service
Email Name: support@xxxxxxxxxxxxxxxxxx
DNS Name: Payment Service
System.Net Information: 0 : [5276] SecureChannel#11218807 - Certifikatet är
av typ X509Certificate2 och innehåller den privata nyckeln.
System.Net Information: 0 : [5276] AcquireCredentialsHandle(package =
Microsoft Unified Security Protocol Provider, intent = Outbound, scc =
System.Net.SecureCredential)
System.Net Information: 0 : [5276] InitializeSecurityContext(credential =
System.Net.SafeFreeCredential_SECURITY, context = (null), targetName =
www.everywheremoney.com, inFlags = ReplayDetect, SequenceDetect,
Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [5276] InitializeSecurityContext(In-Buffer
längd=0, Out-Buffer längd=70, returkod=ContinueNeeded).
System.Net.Sockets Verbose: 0 : [5276] Socket#45399024::Send()
System.Net.Sockets Verbose: 0 : [5276] Data from Socket#45399024::Send
System.Net.Sockets Verbose: 0 : [5276] Exiting Socket#45399024::Send() ->
70#70
System.Net.Sockets Verbose: 0 : [5276] Socket#45399024::Receive()
System.Net.Sockets Verbose: 0 : [5276] Data from Socket#45399024::Receive
System.Net.Sockets Verbose: 0 : [5276] 00000000 : 16 03 01 08 D8
: .....
System.Net.Sockets Verbose: 0 : [5276] Exiting Socket#45399024::Receive()
-> 5#5
System.Net.Sockets Verbose: 0 : [5276] Socket#45399024::Receive()
System.Net.Sockets Verbose: 0 : [5276] Data from Socket#45399024::Receive
System.Net.Sockets Verbose: 0 : [5276] (printing 1024 out of 2264)
System.Net.Sockets Verbose: 0 : [5276] Exiting Socket#45399024::Receive()
-> 2264#2264
System.Net Information: 0 : [5276] InitializeSecurityContext(credential =
System.Net.SafeFreeCredential_SECURITY, context = 4317aa8:1135b8, targetName
= www.everywheremoney.com, inFlags = ReplayDetect, SequenceDetect,
Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [5276] InitializeSecurityContext(In-Buffer
antal=2, Out-Buffer antal=182, returkod=ContinueNeeded).
System.Net.Sockets Verbose: 0 : [5276] Socket#45399024::Send()
System.Net.Sockets Verbose: 0 : [5276] Data from Socket#45399024::Send
System.Net.Sockets Verbose: 0 : [5276] Exiting Socket#45399024::Send() ->
182#182
System.Net.Sockets Verbose: 0 : [5276] Socket#45399024::Receive()
System.Net.Sockets Verbose: 0 : [5276] Data from Socket#45399024::Receive
System.Net.Sockets Verbose: 0 : [5276] 00000000 : 14 03 01 00 01
: .....
System.Net.Sockets Verbose: 0 : [5276] Exiting Socket#45399024::Receive()
-> 5#5
System.Net.Sockets Verbose: 0 : [5276] Socket#45399024::Receive()
System.Net.Sockets Verbose: 0 : [5276] Data from Socket#45399024::Receive
System.Net.Sockets Verbose: 0 : [5276] 00000005 : 01
: .
System.Net.Sockets Verbose: 0 : [5276] Exiting Socket#45399024::Receive()
-> 1#1
System.Net Information: 0 : [5276] InitializeSecurityContext(credential =
System.Net.SafeFreeCredential_SECURITY, context = 4317aa8:1135b8, targetName
= www.everywheremoney.com, inFlags = ReplayDetect, SequenceDetect,
Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [5276] InitializeSecurityContext(In-Buffer
antal=2, Out-Buffer antal=0, returkod=ContinueNeeded).
System.Net.Sockets Verbose: 0 : [5276] Socket#45399024::Receive()
System.Net.Sockets Verbose: 0 : [5276] Data from Socket#45399024::Receive
System.Net.Sockets Verbose: 0 : [5276] 00000000 : 16 03 01 00 20
: ....
System.Net.Sockets Verbose: 0 : [5276] Exiting Socket#45399024::Receive()
-> 5#5
System.Net.Sockets Verbose: 0 : [5276] Socket#45399024::Receive()
System.Net.Sockets Verbose: 0 : [5276] Data from Socket#45399024::Receive
System.Net.Sockets Verbose: 0 : [5276] 00000005 : 5D 3B 0C C1 66 9E 5F EE-A8
47 40 28 F9 9D 5B 0B : ];..f._..G@(..[.
System.Net.Sockets Verbose: 0 : [5276] 00000015 : 2A 6E 49 15 C9 AE FA A6-52
C1 92 A9 07 12 F3 BE : *nI.....R.......
System.Net.Sockets Verbose: 0 : [5276] Exiting Socket#45399024::Receive()
-> 32#32
System.Net Information: 0 : [5276] InitializeSecurityContext(credential =
System.Net.SafeFreeCredential_SECURITY, context = 4317aa8:1135b8, targetName
= www.everywheremoney.com, inFlags = ReplayDetect, SequenceDetect,
Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [5276] InitializeSecurityContext(In-Buffer
antal=2, Out-Buffer antal=0, returkod=OK).
System.Net Information: 0 : [5276] Fjärrcertifikat: [Version]
V3
[Subject]
CN=www.everywheremoney.com, OU="Member, VeriSign Trust Network",
OU=Authenticated by PinkRoccade, OU=Terms of use at pki.pinkroccade.com/rpa
(c) 02, OU=Luxembourg, O=Banque Invik, L=Luxembourg, S=Luxembourg, C=LU
Simple Name: www.everywheremoney.com
DNS Name: www.everywheremoney.com
System.Net Information: 0 : [5276] SecureChannel#11218807 -
Fjärrcertifikatet verifierades av användaren.
System.Net.Sockets Verbose: 0 : [5276] Socket#45399024::Send()
System.Net.Sockets Verbose: 0 : [5276] Data from Socket#45399024::Send
System.Net.Sockets Verbose: 0 : [5276] Exiting Socket#45399024::Send() ->
461#461
System.Net Information: 0 : [5276] ConnectStream#53442317 - Skickar huvuden
{
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client
Protocol 2.0.50727.832)
VsDebuggerCausalityData:
uIDPo++eYJXfRyZIiCvouqcb44cAAAAAS4cnijerl0KYWCX8FesUNv98aKhmXgtAokZSg2TxRMAACAAA
Content-Type: text/xml; charset=utf-8
SOAPAction: "http://everywheremoney.com/wsext2/EmCard/Credit";
Host: www.everywheremoney.com
Content-Length: 501
Expect: 100-continue
Connection: Keep-Alive
}.
System.Net.Sockets Verbose: 0 : [5276] Socket#45399024::Receive()
System.Net.Sockets Verbose: 0 : [5276] Data from Socket#45399024::Receive
System.Net.Sockets Verbose: 0 : [5276] 00000000 : 17 03 01 00 29
: ....)
System.Net.Sockets Verbose: 0 : [5276] Exiting Socket#45399024::Receive()
-> 5#5
System.Net.Sockets Verbose: 0 : [5276] Socket#45399024::Receive()
System.Net.Sockets Verbose: 0 : [5276] Data from Socket#45399024::Receive
System.Net.Sockets Verbose: 0 : [5276] 00000005 : F1 2E 1A 37 69 72 2F AD-EA
71 83 9A F8 6A B6 62 : ...7ir/..q...j.b
System.Net.Sockets Verbose: 0 : [5276] 00000015 : 7A CA CF B4 6A AF 62 4E-AF
C5 63 04 AA 2D 41 32 : z...j.bN..c..-A2
System.Net.Sockets Verbose: 0 : [5276] 00000025 : 87 BF 6B 29 A8 62 27 5A-AC
: ..k).b'Z.
System.Net.Sockets Verbose: 0 : [5276] Exiting Socket#45399024::Receive()
-> 41#41
System.Net Information: 0 : [5276] Connection#64696659 - Mottagen statusrad:
Version=1.1, StatusCode=100, StatusDescription=Continue.
System.Net Information: 0 : [5276] Connection#64696659 - Mottagna huvuden
{
}.
System.Net.Sockets Verbose: 0 : [5276] Socket#45399024::MultipleSend()
System.Net.Sockets Verbose: 0 : [5276] Exiting
Socket#45399024::MultipleSend()
System.Net Verbose: 0 : [5276] Data from ConnectStream#53442317::ResubmitWrite
System.Net Verbose: 0 : [5276] 00000000 : 3C 3F 78 6D 6C 20 76 65-72 73 69
6F 6E 3D 22 31 : <?xml version="1
System.Net Verbose: 0 : [5276] 00000010 : 2E 30 22 20 65 6E 63 6F-64 69 6E
67 3D 22 75 74 : .0" encoding="ut
System.Net Verbose: 0 : [5276] 00000020 : 66 2D 38 22 3F 3E 3C 73-6F 61 70
3A 45 6E 76 65 : f-8"?><soap:Enve
System.Net Verbose: 0 : [5276] 00000030 : 6C 6F 70 65 20 78 6D 6C-6E 73 3A
73 6F 61 70 3D : lope xmlns:soap=
System.Net Verbose: 0 : [5276] 00000040 : 22 68 74 74 70 3A 2F 2F-73 63 68
65 6D 61 73 2E : "http://schemas.
System.Net Verbose: 0 : [5276] 00000050 : 78 6D 6C 73 6F 61 70 2E-6F 72 67
2F 73 6F 61 70 : xmlsoap.org/soap
System.Net Verbose: 0 : [5276] 00000060 : 2F 65 6E 76 65 6C 6F 70-65 2F 22
20 78 6D 6C 6E : /envelope/" xmln
System.Net Verbose: 0 : [5276] 00000070 : 73 3A 78 73 69 3D 22 68-74 74 70
3A 2F 2F 77 77 : s:xsi="http://ww
System.Net Verbose: 0 : [5276] 00000080 : 77 2E 77 33 2E 6F 72 67-2F 32 30
30 31 2F 58 4D : w.w3.org/2001/XM
...
System.Net Verbose: 0 : [5276] 000001E0 : 42 6F 64 79 3E 3C 2F 73-6F 61 70
3A 45 6E 76 65 : Body></soap:Enve
System.Net Verbose: 0 : [5276] 000001F0 : 6C 6F 70 65 3E
: lope>
System.Net.Sockets Verbose: 0 : [5276] Socket#45399024::Receive()
System.Net.Sockets Verbose: 0 : [5276] Data from Socket#45399024::Receive
System.Net.Sockets Verbose: 0 : [5276] 00000000 : 16 03 01 00 14
: .....
System.Net.Sockets Verbose: 0 : [5276] Exiting Socket#45399024::Receive()
-> 5#5
System.Net.Sockets Verbose: 0 : [5276] Socket#45399024::Receive()
System.Net.Sockets Verbose: 0 : [5276] Data from Socket#45399024::Receive
System.Net.Sockets Verbose: 0 : [5276] 00000005 : 2D F4 F8 AB E9 ED 11 CF-8F
F2 A5 15 97 D4 79 C8 : -.............y.
System.Net.Sockets Verbose: 0 : [5276] 00000015 : 50 1D AD E3
: P...
System.Net.Sockets Verbose: 0 : [5276] Exiting Socket#45399024::Receive()
-> 20#20
System.Net Error: 0 : [5276] Decrypt returnerade SEC_I_RENEGOTIATE.
System.Net Information: 0 : [5276] InitializeSecurityContext(credential =
System.Net.SafeFreeCredential_SECURITY, context = 4317aa8:1135b8, targetName
= www.everywheremoney.com, inFlags = ReplayDetect, SequenceDetect,
Confidentiality, AllocateMemory, InitManualCredValidation)
- Prev by Date: Re: Access denied 403.7 client certificate
- Next by Date: Re: Using WindowsTokenRoleProvider with Forms Authentication ...
- Previous by thread: Re: Access denied 403.7 client certificate
- Index(es):
Relevant Pages
|
