R
Roman Pereyaslavsky
I had the same problem about a year ago. I currently don't
have a link to the article, but there's one on MSDN (I
think it's part of a book "Implementing Secure ASP.Net
Applications" or something like that). It has even a
source code example in C# how to do it. In short - you'll
need to create a COM+ component that will do the actual
connection. That COM+ component will run under specific
user profile. You have to load a valid Client Certificate
into that user Personal Certificate store and than extract
a public key out of it. You'll be using this public key to
access the Client Certificate in that user's personal
store. At run time COM+ component loads the user profile
and at that point it can access this user's personal
certificate store. Than you need to use the Cryptography
libraries from .NET to add X509Certificate to your
HTTPWebRequest object before connecting. You also might
need to send your public key to the server for it to be
installed if the server want to allow only certain
certificates to access it.
have a link to the article, but there's one on MSDN (I
think it's part of a book "Implementing Secure ASP.Net
Applications" or something like that). It has even a
source code example in C# how to do it. In short - you'll
need to create a COM+ component that will do the actual
connection. That COM+ component will run under specific
user profile. You have to load a valid Client Certificate
into that user Personal Certificate store and than extract
a public key out of it. You'll be using this public key to
access the Client Certificate in that user's personal
store. At run time COM+ component loads the user profile
and at that point it can access this user's personal
certificate store. Than you need to use the Cryptography
libraries from .NET to add X509Certificate to your
HTTPWebRequest object before connecting. You also might
need to send your public key to the server for it to be
installed if the server want to allow only certain
certificates to access it.