| Dart Home | PowerTCP Sockets for .NET | Custom Development | Reply | PowerTCP Sockets for .NET (Secure and Standard) Topics | Forums |
| Author | Forum: PowerTCP Sockets for .NET (Secure and Standard) Topic: Certificate Stores inaccessible from ASP.NET?? |
| cbenard From: USA Posts: 21 Member Since: 04/20/07 |
posted November 16, 2007 5:52 PM In all instances of ASP.NET, except for my local machine, when I look at: new CertificateStore(CertificateStoreLocation.LocalMachine, CertificateStoreName.My).Count it returns 0 (zero). Yet, when I wrote a sample program and ran it under an administrator context on the machine, it returns 2 (the correct number). Additionally, looking in the LocalMachine Root store produces 0 (zero), yet the CurrentUser Root store has 106 (the correct number). I have also used Microsoft's WinHTTPCertCfg utility to add \Everyone, \ASPNET, \LocalService, and \NetworkService access to the certificate. It made no difference. Why can I not access anything in the LocalMachine location under the ASP.NET context? |
| cbenard From: USA Posts: 21 Member Since: 04/20/07 |
posted November 19, 2007 10:29 AM I have an update to this problem which might help diagnose it. I had been suspecting this was a permissions issue, but it may be a problem with the CertificateStore class in the Dart PowerTCP Sockets control. I installed Microsoft's WSE2 library (http://tinyurl.com/26mngx) on the server and referenced it, since it has a X509CertificateStore that I could use to read certificates from the local machine store. When I use this code, I am able to see the correct number of certificates: Microsoft.Web.Services2.Security.X509.X509CertificateStore xStore = Microsoft.Web.Services2.Security.X509.X509CertificateStore.LocalMachineStore("My"); xStore.Open(); int number = xStore.Certificates.Count; string firstCertName = xStore.Certificates[0].FriendlyDisplayName; xStore.Close(); In that example, number contains the correct number of certificates in the LocalMachine Personal/My store. The firstCertName contains the issued to name. Additionally, xStore.Certificates[0].Handle returns an IntPtr, which I used in the constructor for the Dart Certificate class, i.e. (new Certificate(xStore.Certificates[0].Handle)) and it created a valid Dart Certificate class. So Dart can access it, but only if it knows the IntPtr for the certificate. The Dart CertificateStore class seems to be broken, where the Microsoft WSE2 X509CertificateStore functions properly, both in the same exact ASP.NET application, 2 lines from each other. |
| Arjun From: Rome, NY, USA Posts: 137 Member Since: 09/17/07 |
posted November 19, 2007 5:32 PM Hello, With regards to the query I would request you to please provide me with the following so that I can test the issue further: 1. The account type of the user with which you are facing issues. 2. OS Have a great day. Regards, Arjun |
| cbenard From: USA Posts: 21 Member Since: 04/20/07 |
posted November 19, 2007 5:55 PM The account type is the ASP.NET user. The service runs as LocalService, and the ASP.NET obviously impersonates the IUSR_HOSTNAME account, and possibly the ASPNET account. This shouldn't matter, since I've explicitly granted access to all these accounts and it is the LocalMachine My/Personal store. The OSs I've tested are XP and Windows 2003 Server R2. |
| Arjun From: Rome, NY, USA Posts: 137 Member Since: 09/17/07 |
posted November 20, 2007 12:22 PM Hello, I would request you to please try the following and share your observations: 1. Export the certificate to a pfx file on disk. 2. Load the pfx using CertificateStore constructor. PFX without a password: CertificateStore Constructor (String) certFileName The full filepath of a pfx file on disk. PFX with a password: CertificateStore Constructor (String, String) certFileName The full filepath of a pfx file on disk. password If the pfx file is password protected, specifies the password to use to open the file. For more information on the same I would request you to please refer the help file. Have a great day. Regards, Arjun |
| cbenard From: USA Posts: 21 Member Since: 04/20/07 |
posted November 20, 2007 12:26 PM Arjun, That works; I've already tried it. I need to know why the CertificateStore class doesn't show the certificates in the actual stores. Using the new CertificateStore(string, string) constructor works fine with a pfx file, but that is not what I need. Thanks, Chris |
| Arjun From: Rome, NY, USA Posts: 137 Member Since: 09/17/07 |
posted November 21, 2007 3:57 PM Hello Chris, I tried in vain to replicate the issue as mentioned with the account type is the ASP.NET, IUSR_Hostname user account and I was able to access the certificate store. The following is the code I tried and it returned me the correct count: Dim store As CertificateStore = New CertificateStore(CertificateStoreLocation.LocalMachine, CertificateStoreName.Root) Response.Write(store.Count.ToString) Dim store1 As CertificateStore = New CertificateStore(CertificateStoreLocation.LocalMachine, CertificateStoreName.My) Response.Write(store1.Count.ToString) To take the issue further I would request you to please contact jamie.powell@dart.com to discuss more advanced support options. Have a great day. Regards, Arjun ------ |
| cbenard From: USA Posts: 21 Member Since: 04/20/07 |
posted November 21, 2007 5:02 PM Please let me know on what OSs you tried this. I want to know specifically if you tried this on Windows 2003 Server R2. |
| Arjun From: Rome, NY, USA Posts: 137 Member Since: 09/17/07 |
posted November 22, 2007 4:28 PM Hello Chris, Unfortunately I do not have a Windows 2003 Server R2 machine. However I have tested with Windows 2003 server SP1 and SP2. I have tried to access the certificate store on both the machines and I was successful in doing so and it returned me the correct count. Have a great day. Regards, Arjun ------ |
| Reply | PowerTCP Sockets for .NET (Secure and Standard) Topics | Forums |
This site is powered by
PowerTCP WebServer for ActiveX
|