Re: RPC_C_AUTHN_GSS_SCHANNEL
From: Gianluca Braccini (gbraccini_at_tiscalinet.it)
Date: 01/28/05
- Next message: Arkady Frenkel: "Re: FTP Client Program"
- Previous message: AliR: "Re: Pocket PC UDP and Multicast"
- In reply to: Gianluca Braccini: "RPC_C_AUTHN_GSS_SCHANNEL"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 28 Jan 2005 19:16:55 +0100
Now it works very fine, the problem was in the service name! But it's very
hard without any sample, or some good documentation!
But now i have another question: How can i authorize only those clients that
i want. Now i have found that a client with a certificate on board can
connect to the server! I would like to connect only those clients allowed,
maybe exporting their public key certificate and installing them in a
server's certificate store?
Gianluca
"Gianluca Braccini" <gbraccini@tiscalinet.it> ha scritto nel messaggio
news:uue4P7HBFHA.1564@TK2MSFTNGP09.phx.gbl...
> Hi, i'm trying to use rpcsecure and ssl. But when client try to connect to
> the server, this is not possibile because there is an access denied error.
> These are my steps:
>
> 1) Installing a certificate on the machine:
> makecert -r -pe -n "CN=prova" -b 01/01/2000 -e 01/01/2036 -eku
> 1.3.6.5.5.7.3.1 -ss root -sr localMachine -sky exchange -sp "Microsoft RSA
> Channel Crtographic Provider" -sy 12
>
> 2) Client side:
>
> SCHANNEL_CRED SchannelCred;
>
> PCCERT_CONTEXT pCertContext = NULL;
> LPSTR pszCertName="prova";
> HCERTSTORE hMyCertStore=NULL;
>
> ULONG lStore =CERT_SYSTEM_STORE_LOCAL_MACHINE ;
>
> hMyCertStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, X509_ASN_ENCODING |
> PKCS_7_ASN_ENCODING, 0, lStore, L"Root");
>
> if(!hMyCertStore)
> {
> MessageBox( NULL, "CertOpenStore", "errore", MB_OK );
> return 0 ;
> }
>
>
> pCertContext = CertFindCertificateInStore(hMyCertStore, X509_ASN_ENCODING,
> 0, CERT_FIND_SUBJECT_STR_A, pszCertName, NULL);
> if(pCertContext == NULL)
> {
> MessageBox( NULL, "CertFindCertificateInStore", "errore", MB_OK );
> return 0;
> }
>
>
> ZeroMemory(&SchannelCred, sizeof(SchannelCred));
>
> SchannelCred.dwVersion = SCHANNEL_CRED_VERSION;
>
> SchannelCred.cCreds = 1;
> SchannelCred.paCred = &pCertContext;
>
> //------------------
>
>
> RPC_STATUS x;x = RpcBindingSetAuthInfo( h_bind,
> (unsigned char *) "RRSNET",
> RPC_C_AUTHN_LEVEL_PKT,
> RPC_C_AUTHN_GSS_SCHANNEL,
> &SchannelCred ,
> 0
> );
> if( x != RPC_S_OK )
> {
> ...
>
> 3) On the same machine Server Side:
>
>
> SCHANNEL_CRED SchannelCred;
>
> PCCERT_CONTEXT pCertContext = NULL;
> LPSTR pszCertName="prova";
> HCERTSTORE hMyCertStore=NULL;
>
> ULONG lStore =CERT_SYSTEM_STORE_LOCAL_MACHINE ;
>
>
> hMyCertStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, X509_ASN_ENCODING |
> PKCS_7_ASN_ENCODING, 0, lStore, L"Root");
> if(!hMyCertStore)
> {
> MessageBox( NULL, "open", "errore", MB_OK );
> return ;
> }
>
>
> pCertContext = CertFindCertificateInStore(hMyCertStore, X509_ASN_ENCODING,
> 0, CERT_FIND_SUBJECT_STR_A, pszCertName, NULL);
> if(pCertContext == NULL)
> {
> MessageBox( NULL, "Find", "errore", MB_OK );
> return ;
> }
>
>
> ZeroMemory(&SchannelCred, sizeof(SchannelCred));
>
> SchannelCred.dwVersion = SCHANNEL_CRED_VERSION;
>
> SchannelCred.cCreds = 1;
> SchannelCred.paCred = &pCertContext;
>
>
> if ( RpcServerRegisterAuthInfo(NULL, RPC_C_AUTHN_GSS_SCHANNEL, NULL,
> &SchannelCred ) == RPC_S_OK )
> ....
>
> Have you some idea?
> Where can i find some documentation that explain how to setup the
> certificate in the store for enable client's connection?
>
> Many Thanks
>
> Gianluca
>
>
- Next message: Arkady Frenkel: "Re: FTP Client Program"
- Previous message: AliR: "Re: Pocket PC UDP and Multicast"
- In reply to: Gianluca Braccini: "RPC_C_AUTHN_GSS_SCHANNEL"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
