Client Certificate Authentication With HTTS POST (.NET 2.0)

[DerekJMiller1]

We are having an issue with using a client certificate for authentication on
an HTTPS POST using WebClient related classes.

We are getting the certificate from the protected certificate store. This
seems to work OK, but the certificate is not presented as a valid certificate
to IIS at the other end (it doesn't get past IIS's certificate checks - using
Require Client Certificate).

If we turn off require client certificate, it gets to our code, but no
certificate is in the request.

It appears that somewhere in the guts of HTTPRequest, the certificate is not
transmitted over the wire (correctly?).

Note that even when using SOAP web services, we still have this issue.


If anybody can point us to some sample code demonstrating how to use a
client certificate for an HTTP post or any other assistance, it would be
appreciated.


Thanks

 

[Dominick Baier]

Hi,

maybe this helps:

http://go.microsoft.com/?linkid=5151512

 

[DerekJMiller1]

Dominick,

Thanks but you're client was a windows app not an asp.net app. The problem
is when trying to access another asp.net application from an asp.net
application that must provide a client certificate. This scenario does not
seem to work.

Do you have a sample using a client cert from an asp.net client?

 

[DerekJMiller1]

Dominick,

Sorry my fault . I did not make it clear that the only scenario we have the
issue with is when the client is an asp.net application (works from windows
app).

Thanks.

 

[Joe Kaplan]

The mechanics of it are all the same. The key is to make sure that the
identity that is executing the ASP.NET app has access to the private key for
the client certificate.

Often times, you can figure out what the problem is (likely permissions) by
running filemon on the server while the client certificate it trying to be
accessed and looking for the access denied messages that are reported.
Then, you can change the ACLs on the files or directories that are causing
the failures and will be all set.

It is probably a good idea to make sure the client cert is installed in the
machine store instead of a particular user's store, as the latter requires
access to that user's profile, and that won't be available in ASP.NET.

Best of luck!

Joe K.

 

[Guest]

The problem is theat the default ASP.NET account can't see your certificate.
This explains what you need to do I think.

http://msdn2.microsoft.com/en-us/library/aa302408.aspx

Alternatively, I have done this in the past by making the call from a
serviced component instead.

Regards,


Andy Kendall.