function call from unmanaged code returns empty string - HELP!!!!

Discussion in 'ASP .Net Security' started by Joe, Feb 17, 2009.

  1. Joe

    Joe Guest

    HI ng,

    I am attempting to call a function in a managed .NET DLL from an asp page
    that signs an xml doc and returns the string to the calling asp page.

    I have this code working in my windows test app with no prob, but cannot
    seem to make the same call from my classic asp page.

    When I view the asp page my object gets created no problem, my function gets
    called, but seems to fail around the point where I create a
    RSACryptoServiceProvider object.

    To me this says it is a permissions issue, but I do not know what permission
    and where.

    thx for help!
    Joe, Feb 17, 2009
    1. Advertisements

  2. Joe

    Joe Kaplan Guest

    It sounds like a probable permissions problem on the private key associated
    with the certificate. By default, only admin and system have permissions to
    read a private key. The ASP app will run under an app pool identity but ASP
    also always impersonates the authenticated user (or the anonymous user if
    anonymous auth is used), so it would need permissions to read the private
    key. The key would also need to be stored in the Machine store and not in
    the local user store.

    If you don't want to give permissions to the private key to the
    authenticated user, you might need to consider putting your COM component
    under COM+ and running it as a fixed identity that is granted the necessary

    Tools like process monitor from MS/SysInternals can help with finding these
    types of permissions issues on files and registry keys.
    Joe Kaplan, Feb 18, 2009
    1. Advertisements

  3. Joe

    Joe Van Meer Guest

    Thx Joe!

    I appreciate your information, your tip about "The key would also need to be
    stored in the Machine store and not in
    cheers & thanks mate, joe :)
    Joe Van Meer, Feb 19, 2009
  4. Joe

    Joe Kaplan Guest

    Glad that was easy. These issues frequently are not. :)
    Joe Kaplan, Feb 19, 2009
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.