T
Thibaut Blanchin
Does anybody know how to launch correctly signtool.exe inside a Web Service ?
I'm having headache trying....
For security and authentication reasons I use Impersonation. (configured in
web.config file). I've create a WS that uses process.start to launch signtool.
I'm getting error : "SignTool Error: CoCreateInstance returned error:
0x80040150 Could not read key from registry"
After some search I've found that processes are lauched under the IIS
Application Pool instead of Impersonated user. So, I've create a new
application pool running under a domain account (CertExe) which is having
administrator rights on the web server and change my application to run
inside this pool.
This implies to create a SPN or to change authentication on IIS from
kerberos to NTLM. I've tried both, the process is actually running under
CertExe account but I still have the error. To verify, I logged on the web
server with CertExe account, then I retreived the command line generated by
the Web Service and launched it in cmd.exe, it worked perfectly.
I've also found a thread here:
http://groups.google.fr/group/micro...115518ec324/270b82cb52a28853#270b82cb52a28853
He suggests to call kernel32.dll to launch the process but the problem is
that it doesn't work (I mean it is actually working but signtool doesn't do
the job) and I can't get access to standard and error output to see what
happens...
Finally I've use sysinternals filemon and process monitor to have a look on
what is accessed by signtool.
Unfortunatly, signtool is opening a huge amount of keys in the registry but
always successfully.... It seems that the error "could not read key from
registry" is not appropriate. Something else is going wrong but I don't know
what...
If somebody is having an idea, I would appreciate a lot since I'm a bit lost
now !
I'm having headache trying....
For security and authentication reasons I use Impersonation. (configured in
web.config file). I've create a WS that uses process.start to launch signtool.
I'm getting error : "SignTool Error: CoCreateInstance returned error:
0x80040150 Could not read key from registry"
After some search I've found that processes are lauched under the IIS
Application Pool instead of Impersonated user. So, I've create a new
application pool running under a domain account (CertExe) which is having
administrator rights on the web server and change my application to run
inside this pool.
This implies to create a SPN or to change authentication on IIS from
kerberos to NTLM. I've tried both, the process is actually running under
CertExe account but I still have the error. To verify, I logged on the web
server with CertExe account, then I retreived the command line generated by
the Web Service and launched it in cmd.exe, it worked perfectly.
I've also found a thread here:
http://groups.google.fr/group/micro...115518ec324/270b82cb52a28853#270b82cb52a28853
He suggests to call kernel32.dll to launch the process but the problem is
that it doesn't work (I mean it is actually working but signtool doesn't do
the job) and I can't get access to standard and error output to see what
happens...
Finally I've use sysinternals filemon and process monitor to have a look on
what is accessed by signtool.
Unfortunatly, signtool is opening a huge amount of keys in the registry but
always successfully.... It seems that the error "could not read key from
registry" is not appropriate. Something else is going wrong but I don't know
what...
If somebody is having an idea, I would appreciate a lot since I'm a bit lost
now !