Thanks for your followup Will,
So it is still a security issue. Have you tried the IE host log to see
whether it provide any further info on the security exception?
Steven Cheng
Microsoft Online Support
Get Secure!
www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
--------------------
| Thread-Topic: Security Exception in TslStream.EndRead
| thread-index: AcXaJ3LjPOy6O0tGSLqHx87cNlnYGw==
| X-WBNR-Posting-Host: 217.35.83.223
| From: "=?Utf-8?B?V2lsbCBIb2xsZXk=?=" <
[email protected]>
| References: <
[email protected]>
<
[email protected]>
<
[email protected]>
<
[email protected]>
| Subject: RE: Security Exception in TslStream.EndRead
| Date: Wed, 26 Oct 2005 05:19:01 -0700
| Lines: 168
| Message-ID: <
[email protected]>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.dotnet.framework.aspnet.webservices
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.dotnet.framework.aspnet.webservices:8170
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.webservices
|
| Steven,
|
| Ignore the last post - it was a config issure in IIS. I now have the code
| working perfectly with caspol off but turning on caspol gives me the
| securitypermission exception again.
|
| Will
|
| "Will Holley" wrote:
|
| > Steven,
| >
| > Thanks for the reply - I have been away for the last 10 days so havent
had a
| > chance to look into this issue again until now.
| >
| > After turning off caspol I now get a 401 unauthorized exception. I am
sure
| > the certificate is correct (as it is the only one in the store and
works for
| > the same uri when i try to access it from IE6).
| >
| > Will
| >
| > "Steven Cheng[MSFT]" wrote:
| >
| > > Hi Willholley,
| > >
| > > How are you doing on this issue, does the suggestion in my last reply
helps
| > > you a little or have you got any progress?
| > > if there're any thing else we can help, please feel free to post here.
| > >
| > > Thanks,
| > >
| > > Steven Cheng
| > > Microsoft Online Support
| > >
| > > Get Secure!
www.microsoft.com/security
| > > (This posting is provided "AS IS", with no warranties, and confers no
| > > rights.)
| > > --------------------
| > > | X-Tomcat-ID: 87316100
| > > | References: <
[email protected]>
| > > | MIME-Version: 1.0
| > > | Content-Type: text/plain
| > > | Content-Transfer-Encoding: 7bit
| > > | From: (e-mail address removed) (Steven Cheng[MSFT])
| > > | Organization: Microsoft
| > > | Date: Thu, 13 Oct 2005 05:19:01 GMT
| > > | Subject: RE: Security Exception in TslStream.EndRead
| > > | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.webservices
| > > | Message-ID: <
[email protected]>
| > > | Newsgroups: microsoft.public.dotnet.framework.aspnet.webservices
| > > | Lines: 105
| > > | Path: TK2MSFTNGXA01.phx.gbl
| > > | Xref: TK2MSFTNGXA01.phx.gbl
| > > microsoft.public.dotnet.framework.aspnet.webservices:8038
| > > | NNTP-Posting-Host: tomcatimport2.phx.gbl 10.201.218.182
| > > |
| > > | Hi Willholley,
| > > |
| > > | Welcome to ASPNET newsgroup.
| > > | From your description ,you're developed a winform user control
which use
| > > | WebRequest component to request a SSL protected remote services.
However,
| > > | when executing in client page in IE browser, you're getting some
| > > exception
| > > | at the end of the request, yes?
| > > |
| > > | From the exception information, it seems a secuirty permission
issue. I'd
| > > | suggest you first try turn off the .net CodeAccess Security on the
client
| > > | machine (or grant the control assembly full trust) and run the page
again
| > > | to see whether the control can work correctly. Thus, we can confirm
| > > whether
| > > | this is a security issue.
| > > |
| > > | Also, for IE hosted winform control developing, you can turn on the
IE
| > > host
| > > | log to see whether you can get any more detailed clues from it.
| > > |
| > > | #HOW TO: Use the IEHost Log to Debug .NET Object Hosting in
Internet
| > > | Explorer
| > > |
http://support.microsoft.com/default.aspx?scid=kb;en-us;313892
| > > |
| > > | Thanks,
| > > |
| > > | Steven Cheng
| > > | Microsoft Online Support
| > > |
| > > | Get Secure!
www.microsoft.com/security
| > > | (This posting is provided "AS IS", with no warranties, and confers
no
| > > | rights.)
| > > |
| > > | --------------------
| > > | | Thread-Topic: Security Exception in TslStream.EndRead
| > > | | thread-index: AcXPMF4iLUtCMjomQcyKkU0/iP9WSw==
| > > | | X-WBNR-Posting-Host: 217.35.83.223
| > > | | From: "=?Utf-8?B?V2lsbCBIb2xsZXk=?=" <
[email protected]>
| > > | | Subject: Security Exception in TslStream.EndRead
| > > | | Date: Wed, 12 Oct 2005 06:25:09 -0700
| > > | | Lines: 43
| > > | | Message-ID: <
[email protected]>
| > > | | MIME-Version: 1.0
| > > | | Content-Type: text/plain;
| > > | | charset="Utf-8"
| > > | | Content-Transfer-Encoding: 7bit
| > > | | X-Newsreader: Microsoft CDO for Windows 2000
| > > | | Content-Class: urn:content-classes:message
| > > | | Importance: normal
| > > | | Priority: normal
| > > | | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| > > | | Newsgroups: microsoft.public.dotnet.framework.aspnet.webservices
| > > | | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| > > | | Path:
TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| > > | | Xref: TK2MSFTNGXA02.phx.gbl
| > > | microsoft.public.dotnet.framework.aspnet.webservices:30587
| > > | | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.webservices
| > > | |
| > > | | We are hosting a .net winforms usercontrol within IE6 which makes
POST
| > > | and
| > > | | GET calls to a webserver using httpwebrequest. This was working
fine
| > > | until
| > > | | we changed our authentication mechanism in IIS to require client
| > > | | certificates. I can fetch the certificate in the user control ok
and
| > > this
| > > | is
| > > | | being attached to the request. i.e.:
| > > | |
| > > | | ServicePointManager.CertificatePolicy = new
TrustAllCertificatePolicy();
| > > | |
| > > | | HttpWebRequest request = WebRequest.Create(remoteUri) as
HttpWebRequest;
| > > | | request.Headers = new WebHeaderCollection();
| > > | | request.KeepAlive = false;
| > > | | request.ProtocolVersion = HttpVersion.Version10;
| > > | | request.Proxy = WebProxy.GetDefaultProxy();
| > > | | request.AllowAutoRedirect = true;
| > > | | request.MaximumAutomaticRedirections = 10;
| > > | | request.Timeout = (int) new TimeSpan(0, 0, 60).TotalMilliseconds;
| > > | |
| > > | | CertificateStore store = new CertificateStore();
| > > | |
| > > | | X509Certificate cert = store.GetValidApplicationCertificate();
| > > | | request.ClientCertificates.Add(cert);
| > > | |
| > > | | request.Method = "GET";
| > > | |
| > > | | WebResponse response = request.GetResponse();
| > > | |
| > > | | When this last line is called, I get an error:
| > > | |
| > > | | Could not establish secure channel for SSL/TLS. --->
| > > | | System.Security.SecurityException: Request for the permission of
type
| > > | | System.Security.Permissions.SecurityPermission, mscorlib,
| > > | | Version=1.0.5000.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089
| > > | failed.
| > > | | at System.Net.TlsStream.EndRead(IAsyncResult asyncResult)
| > > | | at System.Net.Connection.ReadCallback(IAsyncResult asyncResult)
| > > | | --- End of inner exception stack trace ---
| > > | | at System.Net.HttpWebRequest.CheckFinalStatus()
| > > | | at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult
asyncResult)
| > > | | at System.Net.HttpWebRequest.GetResponse()
| > > | |
| > > | | This looks like the error described in KB823177 but installing
all the
| > > | | latest patches does not help.
| > > | |
| > > | | Does anybody have any suggestions as to how we might fix this as
I'm
| > > | stumped!
| > > | |
| > > |
| > > |
| > >
| > >
|