Re: Web Service Call Using Digital Certificates

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: bs (bens_at_no-spam-please.esd.nec.com.au)
Date: 06/04/04 

Date: Fri, 04 Jun 2004 01:01:34 GMT

I found the solution to this problem after escalating it to the Microsoft
Support Division. The problem was solved when I granted the ASPNET user
(Windows 2000) security privileges to the <drive>:\Documents and
Settings\ApplicationData\Microsoft\Crypto\RSA folder. I also discovered
that the certificate needs to be installed in the "Certificates (Local
Machine)\Personal\Certificates" store. You can access this store through
mmc, choose Console --> Add\Remove Snap-in --> Add --> Certificates -->
Computer Account --> Local Computer.

"Durgaprasad Gorti[MSFT]" <dgorti@online.microsoft.com> wrote in message
news:eOVnhDQREHA.3300@tk2msftngp13.phx.gbl...
> If you are using 1.0 Version, there is a hotfix you could obtain through
the
> support services. Please see the following URL
> http://support.microsoft.com/default.aspx?scid=kb;en-us;817854
> After applying the fix the system then looks for the certificate in
> the machine store in addition to the ASP.NET User account certificate
store.
> One thing to make sure is that the ASP.NET account has access to the
> machine certificate store.
>
>
>
>
>
>
> "bs" <bens@no-spam-please.esd.nec.com.au> wrote in message
> news:1085718892.231756@proxy.nec.com.au...
> > Hi,
> > I tried posting this to the microsoft.public.dotnet.framework.aspnet
group
> > however I thought it might be more appropriate in this group.
> >
> > I am currently having a problem calling a web service that is secured
> using
> > a digital certificate. I set up a Windows application to make a call to
> the
> > service and it works fine. However when I make a call from my ASP.NET
> page
> > it fails with "System.Net.WebException: The request failed with HTTP
> status
> > 403: Forbidden". The code that I am using to make the call in both
> > instances is:
> > MyWebService myService = new MyWebService();
> >
> >
>
myService.ClientCertificates.Add(X509Certificate.CreateFromCertFile(@"C:\myC
> > ert.cer"));
> >
> > myService.HelloWorld();
> >
> > I think the problem may be related to permissions. The Windows
> application
> > runs using my account so I changed IIS to run as me as well. I have set
> > <identity impersonate="true"> in the web.config and I have checked using
> my
> > ASP.NET application that I am running under this account.
> >
> > The Root CA certificate is installed under the "Current User" and the
> "Local
> > Computer" certificate stores and the client certificate is installed in
> both
> > these stores as well.
> >
> > If anyone could help me solve this problem it would be great.
> >
> > Ben
> >
> >
> >
>
>

Relevant Pages

  • Re: Web Service Call Using Digital Certificates
    ... I attempted access the web service again however I still get the same error. ... is installed in the "Certificates" store. ... this is what you mean by the "machine certificate store". ... > the machine store in addition to the ASP.NET User account certificate ...
    (microsoft.public.dotnet.framework.aspnet.webservices)
  • Re: ipsec with certificate authentication issue
    ... much less logging than Windows 2003. ... certificate from the computer store. ... The cert was obtained via ms cert ...
    (microsoft.public.win2000.security)
  • RE: How to store/ use encoded private key at windows certificate store
    ... Please note that Windows protects the MY store with the user's credential ... > When I do certificate creation I ask for Password, ... > this password to encrypt my private key. ...
    (microsoft.public.platformsdk.security)
  • Windows 2003 + Certificate Store + AcquireCredentialsHandle + SEC_E_UNKNOWN_CREDENTIALS
    ... accesses a certificate from the "Services/Personal" store. ... CertOpenStore API with the CERT_STORE_READONLY_FLAG value in the dwFlags ... This code works fine on Windows 2000 Servers. ...
    (microsoft.public.platformsdk.security)
  • Re: User Accounts and folders
    ... > Xp had already been registered to the store. ... This will open a folder window. ... you'll find that your account data is currently stored in the "Store" ... MS-MVP ~ Windows Shell/User ...
    (microsoft.public.windowsxp.help_and_support)