.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
david stephan
Gaurav Pal
Post New Web Links

x509 - Client Certificate infrastructure for Asp.Net question

Posted By:      Posted Date: September 10, 2010    Points: 0   Category :ASP.Net
I dont have a lot of background with SSL and X509 configuration and support with my Asp.Net application, so I was wondering if someone can explain or point me in the right direction to MSDN or any other article or posting explaining if it's possible to do what I am looking to support in my environment.I have IIS 6.0 with SSL (Verisign cert) as well as "Require client certificates" working against a local installation of Microsoft Certificate Services, https://<domain>/certsrv, where users can request and install client certs (both xp clients for basic mode, and Vista/7 for advance mode).Here's what I am up against:I have a segment of users coming from a virtualized server environment where this environment does not store personal settings for more than 48 hours. It's not an internet cafe, but rather an actual business where their IT staff uses server images to reimage each virtual server in the farm every 48hrs. Thus losing all users data in the "Current Users" Certificate Stores.The IT staff give users a network folder share to store any personal items (docs, spreadsheets, links, etc.). The servers consist of Windows Server 2003, and will be migrating to Windows Server 2008 in the next 6-9 months.These users have rights in Internet Explorer to navigate to my certsrv site and use activex to to request and install certificates then clode and

View Complete Post

More Related Resource Links

Client ID basic question


Hi guys,

Is there any problem to use MANUALLY, within a Javascript, the client ID code?

Like that  ctl00_ContentPlaceHolderConteudo_pgtoiframe


I have one iFrame that need to access div style located in the parent page. So I've done that using manually the clientID code. The code works perfectly and It's still working fine right now.

Will I get errors or problems in the future using it in that manner????

Thank you


Certificate API question - Private Key.

I am trying to follow http://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509certificate2.aspx but I am finding that the Private Key property of the certificate is always null. I created the certificate with makecert -pe -n "CN=BuySeasonsThirdParty" -r -b 08/26/2010 -e 08/26/2011 -sky exchange Amazon.cer. Then installing it on the local user store using: X509Store store = new X509Store(storeName, StoreLocation.CurrentUser); and using the same API to get the certificate from the store. The certificate that I retrieve from the store is non-null it is just the PrivateKey is null. So I can encrypt using something like: ((RSACryptoServiceProvider)cert.PublicKey.Key).Encrypt(Encoding.Unicode.GetBytes(text), true)   But since the Private Key property is NULL I cannot decrypt. Any ideas? Kevin

Educational question: How server objects are accessed from multiple client threads?

I will appreciate it if someone can help me to undestand how the following scenario works:   There is remoting server that is registered as WellKnownObjectMode.Singleton. Server implementation: It instantiates a class TestServer that implements interface IFoo interface IFoo { IHelper GetHelper() }   interface IHelper { void StoreString(); }   Implementation of TestServer: internal sealed class TestServer: System.MarshalByRefObject, IFoo { private IHelper> helper = new Helper(); public IHelper GetHelper(string helper){return helper;} }   Implementation of Helper: internal sealed class Helper : System.MarshalByRefObject, IHelper { public void StoreString (string val) {}; }   Implementation of a client (simplified; shown to illustrate the question only): static class Program { public static IFoo TestService; public static IHelper Helper; public TestThreads testmultiplecalls; [STAThread] static void Main() { TestService = (IFoo)Activator.GetObject(typeof(IFoo),"ipc://Channel"); Helper = TestService.GetHelper(); testmultiplecalls.Start(); } }   internal class TestThreads { public Start() { for (int i = 0; i < 20; i++) ThreadPool.QueueUserWorkItem((new TestCall(i.ToString())).DoWork); } }     internal class TestCall { private string m_str; public TestCall (string str) {m_str = str;} public void DoWork() { Program.Helper.StoreString(m_str); } }     Que

sslstream client certificate validation error

Hi,I have taken server and client program from MSDN2 for sslstream. in that code client certifiacte authetication is made false  i want to enable that and do the code i have done some modification to the code but is giving error "RemoteCertificateNotAvailable" and i think that its not getting the client certificate at server side.So please can any one help me to do client server program using sslstream in which client certificate also needs to be validated.I am attaching my modified code of MSDN2Server sideusing System;using System.Collections;using System.Net;using System.Net.Sockets;using System.Net.Security;using System.Security.Authentication;using System.Text;using System.Security.Cryptography.X509Certificates;using System.IO;namespace Examples.System.Net{    public sealed class SslTcpServer     {        static X509Certificate serverCertificate = null;        // The certificate parameter specifies the name of the file         // containing the machine certificate.        // The following method is invoked by the RemoteCertificateValidationDelegate.        public static bool ValidateClientCertificate(              object sender,              X509Certificate certificate,              X509Chain chain,              SslPolicyErrors sslPolicyErrors)        {            SslPolicyErrors errors = sslPolicyErrors;            if (errors != SslPolicyErrors.None)            {

connect client certificate to an account in a membership database

Hello I have created a web service that authenticates with username and password, works fine.Basically this one, http://msdn.microsoft.com/en-us/library/ff649647.aspxNow I also want to connect to this web service using client certificates, works finehttp://msdn.microsoft.com/en-us/library/cc948997.aspx But I would like to when authenticated via client certificates, connect that certificate to a user in the membership database.So that I can use Roles.IsUserInRole(...) and such.I thought that, well if I implement a Custom certificate Validatorhttp://msdn.microsoft.com/en-us/library/ms733806.aspxthen I could check for example subject and map that against a created username in the membership database.But in the class X509CertificateValidatorpublic override void Validate(X509Certificate2 certificate)I don't have the same ability as when the user is authenticatedlike  void OnAuthenticateRequest(object source, EventArgs eventArgs)HttpApplication app = (HttpApplication)source;Basically how can I do this app.Context.User = new GenericPrincipal(new GenericIdentity(username, "Membership Provider"),roles);withinpublic override void Validate(X509Certificate2 certificate)and if that is not possible, can this be solved differently?Bottom line, how do I connect a client certificate to a user account in the membership database. Is there a MSDN article

RSACryptoServiceProvider + smart card with X509 certificate = Bad Key.

Hello! I'm trying the interop with Java. The task: create  SHA1withRSA signature of the document hash with .NET CLR. The singer key is an X509 certificate from external CA, and this signer certificate is on the smart card. 1. First solution: the .NET CLR SignedCms class passes the document hash to the Windows CryptoApi (and to the smart card), and the result is a PKCS#7 message with the signature. This solution works well with smart card, but the requirement is only the "SHA1withRSA" signature of document hash, the PKCS#7  message will be created at Java side. 2. Second attempt, create only "SHA1withRSA" signature:             // choosing certificate from smart card             X509Certificate2 card = GetCertificate();             // this fails when certificate is on the smart card:             RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)card.PrivateKey;             // only the signed hash needed             byte[] signedHashValue1 = rsa.SignData(documentHash, new SHA1Managed()); The problem: the car

Getting client information from X.509 certificate in C# code

I have a WCF service which accepts X.509 certificate signed incoming messages. As per my understanding the client will send the message with signature encrypted using his private key and web services will decrypt the signature with client's public key. This ensures that the sender of the message is holder of the private key and that he is certified by the server trusted CA as "He is what he claims to be". It's being a highly secure application I need to give access to only certain clients regardless of whether they are trusted or not. (This is to take care of good turned bad scenario :-)) How do I achieve this? Is there any way to get the client information as subject name etc from his certificate in C# code? Is there any example of this usage? Thanks in advance,Jeet.    

C# Client App connecting to WSS3.0 with X.509 certificate

I have been unable to find much information on using smart cards and X.509 certificates when connecting to WSS 3.0.  I am able to build a Web Service Reference in VS 2010 just fine.  I get prompted for my cert, I select it, enter my pin and all is well.  But I am failing to handle it properly in my app.  I created a test method that creates the new WSS List object.  I assign System.Net.Credentials.DefaultCredentials to the Credentials. I then call GetListCollection.  I am never prompted for my cert, and I get a 500 error back from the server.  Everything works fine in IE and adding the reference so I think I missed a step, but I cannot figure out what that would be. I running the app with an account that has no relationship to the authentication domain WSS is part of, so I expected to be prompted for the cert when I tried to connect. Does anyone know how to do this, or offer up some guidance.  Thanks, LD

SharePoint - Report Server - Client Certificate authentication

Hi,I have a SharePoint site collection which requires client certificates. On the server I have configured Reporting Services in integration mode.I can call reports on other site collections which don't require client certificates but not on the site which does. On the site which requires client certificates the pages fail with the following error message:'An unexpected error occurred while connecting to the report server. Verify that the report server is available and configured for SharePoint integrated mode. --> The request failed with HTTP status 403: forbidden'The error message indicates that SharePoint doesn't call the web service with a client certificate. Does anyone know how I can configure SharePoint to use a client certificate?Any help is greatly appreciated.Adam

WCF with wsHttpBinding and x509 Certificate - can I use VB/C# to connect with PHP?

We connect to a web service hosted by another company.  We send a customer's basic info to the service, and replies with rates/prices for that customer. I am a PHP guy -- started out playing with basic HTML, then delved into PHP about 8 years ago, and my entire web app is PHP with javascrtipt/ajax mixed in as needed.  I'm a learn-as-I-go guy. For the last two years, the service has been an aspx web service, which was easy -- just connect with PHP's SoapClient.  Now, the company hosting the service has changed it to WCF, and the binding is wsHttpBinding, and authentication is done via x509 certification. I've determined that PHP's SoapClient can't handle wsHttpBinding.  So my first roadblack - how the heck do I connect to this service?  I went as far as to install MS Visual Web Developer 2010 Express, and then I used svcutil.exe to create .config and .cs files for the service.  But understand, I've never written anything in C# or VB.  I've done a few little VBScripts in the past, and I can handle javascript... but I'm looking at these .config and .cs files and thinking, now what the heck do I do with these?? Basically, I just want to connect to this service using PHP and javascript.  But since it seems that's impossible (correct?), is there a way I can invoke a VB/C# operation from within my PHP script?  For ins

WCF and certificates : "The client certificate is not provided."

Hi,I'm having a hard time to get certificates working with my WCF application and I keep getting the error: "The client certificate is not provided. Specify a client certificate in ClientCredentials."I am using a free trial certificate by Verisign and I have done the following things on a local XP Pro machine:VeriSign Trial Secure Server CA - G2 certificate is installed in the Personal => CerficatesVeriSign Trial Secure Server Root CA - G2 certificate is installed in the Trusted Root Certification Authorities => CertificatesI am using the following kind of binding configuration settings: *** Client web.config ******<binding name="CertificateBinding" maxReceivedMessageSize="4194304">          <security mode="Message">            <message clientCredentialType="Certificate" />          </security>        </binding><endpoint address="http://localhost/MyWcfApplication/Service1.svc"        binding="wsHttpBinding" bindingConfiguration="CertificateBinding"        contract="ServiceReference1.IService1" name=&qu

One-To-One Client Certificate Mapping in Exchange Server 2010 WCF Configuration

Hi.I am having a java client which has proxy classes generated with jax-ws to use the exchange web services (exchange server 2010). This proxy only supports SOAP11.What I need is to configure exchange servers with CAS role to (additionally to the default authentication) map one certificate to one windows accout. Until now I: imported the servers certificate and enabled it (import-ExchangeCertificate -fileData ([Byte[]]$(get-content -path <certpath> -encoding byte -readCount 0)) -password:<security-string pwd> | enable-ExchangeCertificate -services IIS) created a client certificate mapping in IIS 7 and here is where I got stuck What do I have to change in the "...\V14\ClientAccess\exchweb\ews\web.config" to get this scenario work?The web.config file looks like this: <services> <service behaviorConfiguration="EWSServiceBehavior" name="Microsoft.Exchange.Services.Wcf.EWSService"> <endpoint address="" binding="customBinding" bindingConfiguration="EWSHttpsBinding" contract="Microsoft.Exchange.Services.Wcf.IEWSContract"> <endpoint address="wssecurity" binding="customBinding" bindingConfiguration="EWSWSSecurityBinding" contract="Microsoft.Exchange.Services.Wcf.IEWSContract"

How to sign a message using 2 client's X509 certificates?

Hi,   We have a requirement to sign each WCF message using two X509 certficiates: - company certificate - user certificate I have found out that I could achieve this using Supporting Credentials, but I am not sure how to set the certificates on the client's side. All examples that I found were using different types of credentials and were using these properties: - proxy.ClientCredentials.ClientCertificate - proxy.ClientCredentials.UserName.UserName   Any insight would be greatly appreciated.

How to setup WCF with wsHttpBinding, Transport Security with x509 certificate behind a load balancer


I'm having a difficult time setting up this WCF Service with wsHttpBinding, Transport Security, x509 and, the key part, the Load Balancer (F5). This all works without a problem in our Dev environment but as soon as I put it behind the F5 it fails giving me this message:

System.ServiceModel.Security.SecurityNegotiationException: Could not establish trust relationship for the SSL/TLS secure channel with authority 'servicechannelcert'. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

Is there any additional setup I need to do in IIS or the Load Balancer to handle these requests?

configuration files:

<binding name="wsHttpTransport">
 <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647"
  maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
 <security mode="Transport&

using a x509 certificate to sign XML using SignedXml class


Hi All,

I am trying to sign an XML file. The code is basically exactly the same as the MSDN sample: http://msdn.microsoft.com/en-us/library/ms229745.aspx

I set the XmlResolver to null:

var settings = new XmlReaderSettings()
          ValidationType = ValidationType.None,
          ProhibitDtd = false,
          IgnoreWhitespace = true,
          XmlResolver = null

This exception is thrown when i call: signedXml.ComputeSignature();

when I do, I receive the following exception:

-  $exception {"An error has occurred while opening external DTD 'http://www.apple.com/DTDs/PropertyList-1.0.dtd': Request for the permi

troubleshooting client certificate authentication issues



i am using self created certs for client authentication. for one of the cert it works fine but ith another cert it does work. i get an error, can't rer connect to server.

is there any way/tool to troubleshoot cert issue?



Receive Client Certificate in Web Service


I'm trying to receive a Client Certificate in a Web Service and having some problems.


Dim cert As X509Certificate = X509Certificate.CreateFromCertFile("C:\cert.cer")
Dim hw As String = _ws.HelloWorld

The certificate seems to be correclty loading and added to the client.

The client connects to the server with HTTPS.


 <WebMethod()> _
    Public Function HelloWorld() As String
        Dim cert As HttpClientCertificate = Me.Context.Request.ClientCertificate
        Return "Hello World"
    End Function

cert.IsPresent is false and all certificate fields are empty.

IIS is configured to Accept Client Certificates.

Reproduced in two environments:

- Windows 7 x64, IIS 7, VS 2008, .NET 3.5

- XP x86, IIS 5, VS 2008, .NET 3.5

Always in the Web Service the Client Certificate is not proesent. I haven't been able to find any other configuration I should do. Can anyone help?



ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend