ASPNET To Web Service using SSL w/Client Certs
From: Tim Burris (tburris_at_colletonprep.org)
Date: 04/27/04
- Next message: Rak: "RE: Upload a XML file"
- Previous message: Prodip Saha: "Re: ASP.NET Network Security"
- Next in thread: Cowboy \(Gregory A. Beamer\): "Re: ASPNET To Web Service using SSL w/Client Certs"
- Reply: Cowboy \(Gregory A. Beamer\): "Re: ASPNET To Web Service using SSL w/Client Certs"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 27 Apr 2004 07:31:02 -0700
At the top here i will put a quick description of my problem followed by the long description. This way you want get bored reading! :)
short version:
what is the best/recommended way for ASPNET apps to call web services that REQUIRE Client Certificates via SSL?
long version:
our company has new requirements, all servers must REQUIRE SSL and Server/client certificates.
i have setup a test Win2003 server to issue certs so i have a full test environment on my machine. I have gen'd the server cert and applied it to my IIS secure site. I have issued 2 client certs, one for web browser one advanced and issued a "localmachine" cert. all this is done using http://myserver/certsvr tool. one to a seperate machine which as installed my test server's root authority chain and the client cert. if i hit a webpage or webservice using that machine and user i am prompted for my Certificate, i choose the one i gen'd and it works great. i can see webpages and get webservice data.
The other Cert that I gen'd is installed in the localmachine section of my 2003 server in the hope that my ASPNet code could use that client certificate to call the webservice that reside on the same machine. I added a reference to microsoft.web.services and used the x509 certificate objects from that dll to get the local machine store and find my certificate. that works great. I put the certificate in my webservice object's clientcertificate collection and call the webservice but i still get a 403 access forbidden error. I use the certificate plugin in MMC to see that the cert installed in Local machine DOES have a private key associated with it. I THINK that the problem is that somehow my ASPNET account cannot access the private key to property send my cert to the webservice. i've, reluctantly, given ASPNET full access to the \app data\Microsoft\Crypto\RSA folder. Ideas? suggestions?
this is extremely urgent as NONE of our 20+ servers can run any of our .NET applications now that they have made this SSL certificate changes
- Next message: Rak: "RE: Upload a XML file"
- Previous message: Prodip Saha: "Re: ASP.NET Network Security"
- Next in thread: Cowboy \(Gregory A. Beamer\): "Re: ASPNET To Web Service using SSL w/Client Certs"
- Reply: Cowboy \(Gregory A. Beamer\): "Re: ASPNET To Web Service using SSL w/Client Certs"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
