Solved

MSXML2 client certificate

Posted on 2004-08-03
7
1,014 Views
Last Modified: 2008-01-09
My asp.net app is using MSXML2 to send a XML document to a server. this server requires a client certificate for authentication.
So the piece of code to set this is:

objServHttp.setOption(MSXML2.SERVERXMLHTTP_OPTION.SXH_OPTION_SELECT_CLIENT_SSL_CERT,"LOCAL_MACHINE\\My\\<my cert name>");

My question is, what account is used to send the request? asp.net, iwam_machineName or what? I'm getting a security error:

System.Runtime.InteropServices.COMException (0x80072F8F): A security error occurred at MSXML2.ServerXMLHTTP40Class.send(Object varBody) at ASP.login_aspx.SendTestXML(Object sender, EventArgs e) in E:\Web_Sites\aespc\qbconn\login.aspx:line 88

any ideas
                  
0
Comment
Question by:vinny45
  • 3
  • 3
7 Comments
 
LVL 17

Expert Comment

by:AerosSaga
ID: 11707195
You should configure the cert in IIS, you don't send that in the request.  Heres what an XML Request via HTTP Post should look like and it shows you how to interprit the response:

Public Function DomesticShippingRate(ByVal OriginStateOrProvince As String, ByVal OriginPostalCode As String, ByVal DestinationStateOrProvinceCode As String, ByVal DestinationPostalCode As String, ByVal WeightInPounds As Single) As Single
        Dim myRequest As System.Net.HttpWebRequest = CType(myRequest.Create("https://gatewaybeta.fedex.com:443/GatewayDC"), System.Net.HttpWebRequest)
        myRequest.AllowAutoRedirect = False
        myRequest.Method = "POST"
        myRequest.ContentType = "application/x-www-form-urlencoded"
        myRequest.Accept = "True"
        myRequest.Timeout = 50000
        Dim xmlHTTPResponse As System.Net.HttpWebResponse
        Dim xmlResponse As New System.Xml.XmlDocument
        Dim strXMLAR As String = "<?xml version=""1.0"" encoding=""UTF-8"" ?>" & _
        "<FDXRateRequest xmlns:api=""http://www.fedex.com/fsmapi""" & _
        " xmlns:xsi=""http://www.w3.org/2001/XMLSchema-instance""" & _
        " xsi:noNamespaceSchemaLocation=""FDXRateRequest.xsd"">" & _
        "<RequestHeader>" & _
        "<AccountNumber>" & _AccountNumber & "</AccountNumber><MeterNumber>" & _MeterNumber & "</MeterNumber>" & _
        "<CarrierCode>FDXG</CarrierCode></RequestHeader>" & _
        "<DropoffType>REGULARPICKUP</DropoffType><Service>FEDEXGROUND</Service>" & _
        "<Packaging>YOURPACKAGING</Packaging><WeightUnits>LBS</WeightUnits>" & _
        "<Weight>" & WeightInPounds & "</Weight><OriginAddress><StateOrProvinceCode>" & _OriginStateOrProvinceCode & "</StateOrProvinceCode>" & _
        "<PostalCode>" & _OriginPostalCode & "</PostalCode><CountryCode>US</CountryCode></OriginAddress>" & _
        "<DestinationAddress><StateOrProvinceCode>" & DestinationStateOrProvinceCode & "</StateOrProvinceCode>" & _
        "<PostalCode>" & DestinationPostalCode & "</PostalCode><CountryCode>US</CountryCode></DestinationAddress>" & _
        "<Payment><PayorType>SENDER</PayorType></Payment><PackageCount>1</PackageCount>" & _
        "</FDXRateRequest>"
        Dim strFinal As String = strXMLAR
        Dim RequestStream As System.IO.Stream = myRequest.GetRequestStream()
        Dim strRequest As Byte() = System.Text.Encoding.UTF8.GetBytes(strFinal)
        RequestStream.Write(strRequest, 0, strRequest.Length)
        RequestStream.Close()
        Try
            Dim myResponse As System.Net.HttpWebResponse = CType(myRequest.GetResponse(), System.Net.HttpWebResponse)
            Dim ResponseStream As System.IO.Stream = myResponse.GetResponseStream
            xmlResponse.Load(ResponseStream)
            If xmlResponse.DocumentElement.InnerXml <> "" Then
                Return xmlResponse.SelectSingleNode("FDXRateReply/EstimatedCharges/DiscountedCharges/NetCharge").InnerXml
            Else
                Throw New FedExExceptions("The FedEx server returned the following error: " & _
                  xmlResponse.SelectSingleNode("FDXRateReply/ReplyHeader").InnerXml)
            End If
        Catch ex As Exception
            Throw ex
        Catch ex As Net.ProtocolViolationException
            Throw New FedExExceptions("A timeout occurred while contacting the FedEx server.")
        Catch ex As Net.WebException
            Throw New FedExExceptions("The FedEx server did not return any data. Please try again later.")
        End Try
    End Function

Regards,

Aeros
0
 

Author Comment

by:vinny45
ID: 11707402
Where is IIS do I configure the client cert.  My server does not require the client cert. the remote server my asp.net app is communicating with does.
0
 
LVL 17

Expert Comment

by:AerosSaga
ID: 11707468
Oh sorry I misunderstood Here you go:

http://support.microsoft.com/default.aspx?scid=kb;en-us;320602

Regards,

Aeros
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Comment

by:vinny45
ID: 11709222
Aeros,

well the article is interesting but, i'm not trying to sign an xml document, I need to be able to 'show' a client cert when my app sends information to a server requiring a client certificate. I'm using Certificate property of the HttpWebRequest class to do this but i don't think i have the cert properly installed. Because I'm getting an error from the server I'm trying to connect to saying:

No common name contained in certificate distinguished name -
Common name not found in distinguished name:

any ideas?
0
 
LVL 17

Accepted Solution

by:
AerosSaga earned 500 total points
ID: 11709353
Have you performed the following steps?

http://www.wilsonmar.com/1certs.htm
0
 

Author Comment

by:vinny45
ID: 11710776
thanks
0
 

Expert Comment

by:Alan_Mc
ID: 22139617
Bumping this old isse (I just happen to have the same now). That link in the accepted solution with "the following steps" is broken now, any chance of having it again?
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Just a quick little trick I learned recently.  Now that I'm using jQuery with abandon in my asp.net applications, I have grown tired of the following syntax:      (CODE) I suppose it just offends my sense of decency to put inline VBScript on a…
In this Article, I will provide a few tips in problem and solution manner. Opening an ASPX page in Visual studio 2003 is very slow. To make it fast, please do follow below steps:   Open the Solution/Project. Right click the ASPX file to b…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Need to grow your business through quality cloud solutions? With everything required to build a cloud platform and solution, you may feel like the distance between you and the cloud is quite long. Help is here. Spend some time learning about the Con…

943 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

5 Experts available now in Live!

Get 1:1 Help Now