RE: Using client certificates in ASP

From: Jason M. Murray (a-jamur_at_online.microsoft.com)
Date: 09/18/03


Date: Thu, 18 Sep 2003 14:07:03 GMT


302080 BUG: "Access is denied" Error Message When Making HTTPS Requests with
http://support.microsoft.com/?id=302080

This article discusses a bug in
 - Microsoft XML 3.0 (Version: 3.0)
 - Microsoft XML 3.0 SP1 (Version: 3.0 SP1)

     To make any SSL requests from the Web server, ServerXMLHTTP expects a
client digital certificate to be installed, even if the target Web server
does not require a client certificate.
     As a quick fix you can set the application protection to low in IIS
but you may want to look at http://support.microsoft.com/?id=301429

Best regards,
Jason M. Murray [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm.

--------------------
| From: languy <jn@online.stofanet.dk>
| Newsgroups: microsoft.public.inetserver.iis.security
| Subject: Using client certificates in ASP
| Date: Sun, 14 Sep 2003 15:51:39 +0200
| Message-ID: <qis8mv44np10t1ndqeomjdtchl9d12v9i7@4ax.com>
| X-Newsreader: Forte Agent 1.93/32.576 English (American) trialware
| MIME-Version: 1.0
| Content-Type: text/plain; charset=us-ascii
| Content-Transfer-Encoding: 7bit
| Lines: 42
| NNTP-Posting-Host: 62.107.0.27
| X-Trace: 1063547498 news.stofanet.dk 17056 62.107.0.27
| X-Complaints-To: Telia Stofa Abuse <abuse@stofa.dk>
| Path:
cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!news-out.cwix.com!newsfeed.cwix.co
m!skynet.be!skynet.be!130.227.3.83.MISMATCH!newsfeed1.uni2.dk!newsfeed101.te
lia.com!nf02.dk.telia.net!news104.dk.telia.net!not-for-mail
| Xref: cpmsftngxa06.phx.gbl microsoft.public.inetserver.iis.security:4796
| X-Tomcat-NG: microsoft.public.inetserver.iis.security
|
| Hi there,
|
| I have an ASP page, which have to connect to an SSL server that
| requires a
| client certificate, but I get the following error:
|
| Erroror Type:
| msxml3.dll (0x80072F0C)
| A certificate is required to complete client authentication
| /test/test.asp, line 34
|
| Here goes my code:
| const DQ = """"
| dim responseText
| dim strRequest
| dim objSrvHTTP
| dim objXMLDocument
| dim objXMLReponseDocument
| strRequest = "xxx test xxx"
| set objSrvHTTP = CreateObject("MSXML2.ServerXMLHTTP")
| set objXMLDocument = CreateObject("MSXML2.DOMDocument")
| set objXMLReponseDocument = CreateObject("MSXML2.DOMDocument")
| objXMLDocument.async = false
| objXMLDocument.loadXML(strRequest)
| 'objSrvHTTP.setOption(2) = SXH_OPTION_SELECT_CLIENT_SSL_CERT
| 'objSrvHTTP.setOption(3) = "Local_Machine\My\www.notourwebsite.com"
| objSrvHTTP.setOption 3, "cert_name"
| objSrvHTTP.open "POST", "https://host:8443", false
| objSrvHTTP.SetRequestHeader "content-Type","text/xml"
| objSrvHTTP.send objXMLDocument ' Line 34
| Response.Write objSrvHTTP.responseText
| Response.End
| <snip>
|
| Can someone please help me with this issue?
|
| Thanks in regards,
| Jess
|
| ---
| Jess Nielsen
| Systems Developer
|



Relevant Pages

  • Re: Getting 403 Forbidden error. Client Cert didnt sent
    ... and enabled the Client Authentication under Thawte Premium Server CA. ... What I tried to do is to attach a client certificate and post an XML ... Dim oWebRequest As Net.HttpWebRequest ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Getting 403 Forbidden error. Client Cert didnt sent
    ... if I look at the offical Thawte client cer property, ... >> What I tried to do is to attach a client certificate and post an XML ... >> Dim oWebRequest As Net.HttpWebRequest ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: LDAP and SASL
    ... Getting client certficates to work under ASP.NET is a bit of PITA because ... The private key needs to be ... What I would suggest doing would be to export the certificate and private ... >>> Dim searcherLdap As New DirectorySearcher ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Programmatic Certificate Validation in ASP.Net
    ... The certificate is not showing up in the Request object because it is not ... This will guarantee that client certificates are always sent. ... > Dim tmpStream As Stream ...
    (microsoft.public.dotnet.security)
  • Re: Checkpoint smart defance as IPS
    ... *any* SSL/TLS communication without tampering anything on the client ... website a client visits on-the-fly. ... don't have private key for the certificate on that website. ...
    (Security-Basics)