.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
david stephan
Gaurav Pal
Post New Web Links

Give assembly strong name using certificate store certificate

Posted By:      Posted Date: October 01, 2010    Points: 0   Category :.NET Framework
My company has provided me with a code signing certificate on a smart card whose private key is protected with a pin and is not exportable.  I can use "signtool" to sign the assembly with the smart card cert and I can "Sign the ClickOnce manifests" with the smart card cert as well.  In both cases, there is a straightforward option to choose a store certificate (the smart card cert is loaded into my personal store upon card insertion).  I am prompted for my pin when performing either action and the signing completes successfully.

Creating a strong name using the smart card cert seems to be a different story.  I can use

     sn -c [my smart card CSP]

which I know is effective because the key container name (blank in my case...is that a problem?) and the unique key container (a GUID) can be used as such

     sn -pc "[GUID or blank]" mytest.pub

and the error is "Failed to extract public key from key pair -- Key does not exist."

I said "effective" above because if I switch to my smart card CSP and then pass "sn -pc" something besides empty quotes or the correct GUID, I get the error "Failed to extract public key from key pair -- Keyset does not exist."  Notice the difference is "Key does not exist" vs. "Keyset<

View Complete Post

More Related Resource Links

WCF Service Unable to Access Personal Certificate Store Unless Service Account is Logged In

I created a WCF service that has a method which makes a call to a SOAP web service over the internet. In order to make a call to the SOAP web service, it requires that an X.509 certificate be sent with the HttpWebRequest. The X.509 certificates are loaded in the Personal and Trusted Certificate store of the account which the service is running under. When the service account is logged into the server, everything works just fine. However, when the service account is not physically logged onto the server, it has problems loading up the X.509 certificate and fails authentication when trying to make the HttpWebRequest. I am new to WCF services so I don't even know where to start looking. Can anyone please help? Thanks in advance.

Why doesn't the SharePoint 2010 STS use the Windows Certificate Store?


I've come across a few issues recently where I've needed to import certificates in to SharePoint 2010's certificate store AKA Manage Trusts in Central Admin. I’ve had to import trusted root certificates for Claims , Cross-Farm Service Applications , the User Profile Service Application, and I've noticed it's also a requirement for

How to use localmachine certificate store?




I'm trying to read the LocalMachine certificate store in my c# program. When I read the user cert tore it reads successfully the store however when I try to read the LocalMachine store it gets no result. It seems a permission problem but I don't get any error messages just got no result. Anyway I don't get a null value but the "Mycert.count" equals 0.

I tryed the following code:

X509Store myStore = new X509Store(StoreName.My, StoreLocation.LocalMachine);

Could somebody help me how can I read the local machine certificate store without giving the service user administrator permission?



I'm not a development! I'm an infrastructure engineer! Please be patient on the development forums! :)

Automatic certificate enrollment for local system failed to download certificates for ROOT store fro



I am getting below from certification which we installed for HTTPS:// site

“Automatic certificate enrollment for local system failed to download certificates for ROOT store from ldap:///CN=Certification Authorities,CN=Public Key Services,CN=Services,CN=Configuration,DC=XX,DC=XX,DC=XX?cACertificate?one?objectCategory=certificationAuthority (0x8007006e). The system cannot open the device or file specified.”

Now we are no need of accessing this HTTPS:// site so pls let me knwo how i can remove the previously installed certificate from my sharepoint server.



In what certificate store should we put server's certificates?



Assume system S owns a certificate C . The following quote suggests that if C is to be used by S's service apps to authenticate themselves to clients, then C should be stored in LCS . But if C is to be used by S's client apps to authenticate themselves to a service, then C should be stored inside CUS :



" • The local computer store (LCS). This contains the certificates accessed by machine processes, such as ASP.NET. Use this location to store certificates that authenticate the server to clients.

• The current user store (CUS). Interactive applications typically pl

Store a certificate in a local path


hi.. I have Installed a self signed certificate for a device in the device itself. When i tried to access the device using HTTPs Request , that installed a certificate in my local machine.. I know that has installed in Personal certificates location or in the trusted root authorities location. But I need the Exact physical path (disk location) of the certificate what i have installed. Is there a  way to find out the answer?



Certificate API question - Private Key.

I am trying to follow http://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509certificate2.aspx but I am finding that the Private Key property of the certificate is always null. I created the certificate with makecert -pe -n "CN=BuySeasonsThirdParty" -r -b 08/26/2010 -e 08/26/2011 -sky exchange Amazon.cer. Then installing it on the local user store using: X509Store store = new X509Store(storeName, StoreLocation.CurrentUser); and using the same API to get the certificate from the store. The certificate that I retrieve from the store is non-null it is just the PrivateKey is null. So I can encrypt using something like: ((RSACryptoServiceProvider)cert.PublicKey.Key).Encrypt(Encoding.Unicode.GetBytes(text), true)   But since the Private Key property is NULL I cannot decrypt. Any ideas? Kevin

sslstream client certificate validation error

Hi,I have taken server and client program from MSDN2 for sslstream. in that code client certifiacte authetication is made false  i want to enable that and do the code i have done some modification to the code but is giving error "RemoteCertificateNotAvailable" and i think that its not getting the client certificate at server side.So please can any one help me to do client server program using sslstream in which client certificate also needs to be validated.I am attaching my modified code of MSDN2Server sideusing System;using System.Collections;using System.Net;using System.Net.Sockets;using System.Net.Security;using System.Security.Authentication;using System.Text;using System.Security.Cryptography.X509Certificates;using System.IO;namespace Examples.System.Net{    public sealed class SslTcpServer     {        static X509Certificate serverCertificate = null;        // The certificate parameter specifies the name of the file         // containing the machine certificate.        // The following method is invoked by the RemoteCertificateValidationDelegate.        public static bool ValidateClientCertificate(              object sender,              X509Certificate certificate,              X509Chain chain,              SslPolicyErrors sslPolicyErrors)        {            SslPolicyErrors errors = sslPolicyErrors;            if (errors != SslPolicyErrors.None)            {

Certificate Signing Request Tool

Hi All, Currently there is a requirement in our application for creating a SSL Certificate Signing Request (CSR) message. Is it possible to develop one on .Net Framework 3.5 Some of the websites lilke Verisign do not mention any such procedure where they say that a custom tool is available apart from OpenSSL but they basically have provided a list all the webservers where their Digital Certificates are compatible and the instructions which say how the CSR's can be generated on these web servers.  I understand that the CSR contain the Web Server's public key, organization information and a unique match for server's private key. The certificates issued by the Certifying Authority  is used for Cient/Server authentication over TCP/IP. Look forward for some replies Thanks

SSL Using Server Created Certificate

We need to secure a SQL server using an SSL certificate and I understand there are a couple of ways of doing it.  One of which is having SQL Server generate a self-signed certificate which exposes the man-in-the-middle attack vulernability.  Thus we want to avoid this approach.  My question is, can we just allow the Windows Server 2003 we are running to be configured to be a Ceriifcate Authority and ust it create an SSL certificate.  Is that just a secure as getting an SSL certificate from a third party company such as Verisign?  If it is better to go with a third party company, how do you get a certificate from them when it is not going to be used for a website? Thanks NickNick's Programming Tips

connect client certificate to an account in a membership database

Hello I have created a web service that authenticates with username and password, works fine.Basically this one, http://msdn.microsoft.com/en-us/library/ff649647.aspxNow I also want to connect to this web service using client certificates, works finehttp://msdn.microsoft.com/en-us/library/cc948997.aspx But I would like to when authenticated via client certificates, connect that certificate to a user in the membership database.So that I can use Roles.IsUserInRole(...) and such.I thought that, well if I implement a Custom certificate Validatorhttp://msdn.microsoft.com/en-us/library/ms733806.aspxthen I could check for example subject and map that against a created username in the membership database.But in the class X509CertificateValidatorpublic override void Validate(X509Certificate2 certificate)I don't have the same ability as when the user is authenticatedlike  void OnAuthenticateRequest(object source, EventArgs eventArgs)HttpApplication app = (HttpApplication)source;Basically how can I do this app.Context.User = new GenericPrincipal(new GenericIdentity(username, "Membership Provider"),roles);withinpublic override void Validate(X509Certificate2 certificate)and if that is not possible, can this be solved differently?Bottom line, how do I connect a client certificate to a user account in the membership database. Is there a MSDN article

RSACryptoServiceProvider + smart card with X509 certificate = Bad Key.

Hello! I'm trying the interop with Java. The task: create  SHA1withRSA signature of the document hash with .NET CLR. The singer key is an X509 certificate from external CA, and this signer certificate is on the smart card. 1. First solution: the .NET CLR SignedCms class passes the document hash to the Windows CryptoApi (and to the smart card), and the result is a PKCS#7 message with the signature. This solution works well with smart card, but the requirement is only the "SHA1withRSA" signature of document hash, the PKCS#7  message will be created at Java side. 2. Second attempt, create only "SHA1withRSA" signature:             // choosing certificate from smart card             X509Certificate2 card = GetCertificate();             // this fails when certificate is on the smart card:             RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)card.PrivateKey;             // only the signed hash needed             byte[] signedHashValue1 = rsa.SignData(documentHash, new SHA1Managed()); The problem: the car

Getting client information from X.509 certificate in C# code

I have a WCF service which accepts X.509 certificate signed incoming messages. As per my understanding the client will send the message with signature encrypted using his private key and web services will decrypt the signature with client's public key. This ensures that the sender of the message is holder of the private key and that he is certified by the server trusted CA as "He is what he claims to be". It's being a highly secure application I need to give access to only certain clients regardless of whether they are trusted or not. (This is to take care of good turned bad scenario :-)) How do I achieve this? Is there any way to get the client information as subject name etc from his certificate in C# code? Is there any example of this usage? Thanks in advance,Jeet.    

WPF Security + Certificate HELP - xbap

Hello everyone,   I got a problem with my current XBAP application. Everyone had no problem running my application until on person had the following error: <!-- [if gte mso 10]> <mce:style> * An exception occurred while determining trust. Following failure messages were detected:                         + User has refused to grant required permissions to the application.   Then I researched and found out I needed to set up a certificate and have them put it IE. However now the people that once had no problem need to install the certificate.   I was wondering how to revert the project so EVERYONE can run my application WithOut a certificate.   *This application requires full trust.   Can anyone please help me?  

Reading Certificate information in Windows Service

Hi, I have created windows service application, While starting the service i try to get the user certificate information using follwoing code. It is return nothing. but when i try to call the same set of code using windows application it returns the certificate. Can you provide any suggestion on why Windows service call not returning the certificate information. How we can get the certificate information in windows service application.     Dim matchedCertificate As X509Certificate2 = Nothing     Dim store As New X509Store(searchConfig.StoreName, searchConfig.StoreLocationEnumValue) store.Open(   OpenFlags.ReadOnly Or OpenFlags.OpenExistingOnly)     Dim matchedCertificates As X509Certificate2Collection = CType(store.Certificates, X509Certificate2Collection)     Dim findValue As Object     ' Apply all search criterias     For Each searchCriteria As SearchCriteria In searchConfig.SearchCriteria     ' Resolve tokens in findValue findValue = ResolveTokens(searchCriteria.FindValue) matchedCertificates =   DirectCast(matchedCertificates.Find(searchCriteria.FindTypeEnumValue, findValue, False), X509Certificate2Collection)       Trace.WriteLine(String.Format("Found {0} certs with search criteria {1}={2}", matchedCertificates.Count, s

C# Client App connecting to WSS3.0 with X.509 certificate

I have been unable to find much information on using smart cards and X.509 certificates when connecting to WSS 3.0.  I am able to build a Web Service Reference in VS 2010 just fine.  I get prompted for my cert, I select it, enter my pin and all is well.  But I am failing to handle it properly in my app.  I created a test method that creates the new WSS List object.  I assign System.Net.Credentials.DefaultCredentials to the Credentials. I then call GetListCollection.  I am never prompted for my cert, and I get a 500 error back from the server.  Everything works fine in IE and adding the reference so I think I missed a step, but I cannot figure out what that would be. I running the app with an account that has no relationship to the authentication domain WSS is part of, so I expected to be prompted for the cert when I tried to connect. Does anyone know how to do this, or offer up some guidance.  Thanks, LD

Authentication: Is UserNamePassword authentication possible without X.509 certificate?

Hi ever body I want to authenticate my client at my WCF service with username/password credentials. Is it possible to do this without a X.509 certificate (without any certificate at all)? Thanks  
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend