Solved

MSXML2 client certificate

Posted on 2004-08-03
7
1,017 Views
Last Modified: 2008-01-09
My asp.net app is using MSXML2 to send a XML document to a server. this server requires a client certificate for authentication.
So the piece of code to set this is:

objServHttp.setOption(MSXML2.SERVERXMLHTTP_OPTION.SXH_OPTION_SELECT_CLIENT_SSL_CERT,"LOCAL_MACHINE\\My\\<my cert name>");

My question is, what account is used to send the request? asp.net, iwam_machineName or what? I'm getting a security error:

System.Runtime.InteropServices.COMException (0x80072F8F): A security error occurred at MSXML2.ServerXMLHTTP40Class.send(Object varBody) at ASP.login_aspx.SendTestXML(Object sender, EventArgs e) in E:\Web_Sites\aespc\qbconn\login.aspx:line 88

any ideas
                  
0
Comment
Question by:vinny45
  • 3
  • 3
7 Comments
 
LVL 17

Expert Comment

by:AerosSaga
ID: 11707195
You should configure the cert in IIS, you don't send that in the request.  Heres what an XML Request via HTTP Post should look like and it shows you how to interprit the response:

Public Function DomesticShippingRate(ByVal OriginStateOrProvince As String, ByVal OriginPostalCode As String, ByVal DestinationStateOrProvinceCode As String, ByVal DestinationPostalCode As String, ByVal WeightInPounds As Single) As Single
        Dim myRequest As System.Net.HttpWebRequest = CType(myRequest.Create("https://gatewaybeta.fedex.com:443/GatewayDC"), System.Net.HttpWebRequest)
        myRequest.AllowAutoRedirect = False
        myRequest.Method = "POST"
        myRequest.ContentType = "application/x-www-form-urlencoded"
        myRequest.Accept = "True"
        myRequest.Timeout = 50000
        Dim xmlHTTPResponse As System.Net.HttpWebResponse
        Dim xmlResponse As New System.Xml.XmlDocument
        Dim strXMLAR As String = "<?xml version=""1.0"" encoding=""UTF-8"" ?>" & _
        "<FDXRateRequest xmlns:api=""http://www.fedex.com/fsmapi""" & _
        " xmlns:xsi=""http://www.w3.org/2001/XMLSchema-instance""" & _
        " xsi:noNamespaceSchemaLocation=""FDXRateRequest.xsd"">" & _
        "<RequestHeader>" & _
        "<AccountNumber>" & _AccountNumber & "</AccountNumber><MeterNumber>" & _MeterNumber & "</MeterNumber>" & _
        "<CarrierCode>FDXG</CarrierCode></RequestHeader>" & _
        "<DropoffType>REGULARPICKUP</DropoffType><Service>FEDEXGROUND</Service>" & _
        "<Packaging>YOURPACKAGING</Packaging><WeightUnits>LBS</WeightUnits>" & _
        "<Weight>" & WeightInPounds & "</Weight><OriginAddress><StateOrProvinceCode>" & _OriginStateOrProvinceCode & "</StateOrProvinceCode>" & _
        "<PostalCode>" & _OriginPostalCode & "</PostalCode><CountryCode>US</CountryCode></OriginAddress>" & _
        "<DestinationAddress><StateOrProvinceCode>" & DestinationStateOrProvinceCode & "</StateOrProvinceCode>" & _
        "<PostalCode>" & DestinationPostalCode & "</PostalCode><CountryCode>US</CountryCode></DestinationAddress>" & _
        "<Payment><PayorType>SENDER</PayorType></Payment><PackageCount>1</PackageCount>" & _
        "</FDXRateRequest>"
        Dim strFinal As String = strXMLAR
        Dim RequestStream As System.IO.Stream = myRequest.GetRequestStream()
        Dim strRequest As Byte() = System.Text.Encoding.UTF8.GetBytes(strFinal)
        RequestStream.Write(strRequest, 0, strRequest.Length)
        RequestStream.Close()
        Try
            Dim myResponse As System.Net.HttpWebResponse = CType(myRequest.GetResponse(), System.Net.HttpWebResponse)
            Dim ResponseStream As System.IO.Stream = myResponse.GetResponseStream
            xmlResponse.Load(ResponseStream)
            If xmlResponse.DocumentElement.InnerXml <> "" Then
                Return xmlResponse.SelectSingleNode("FDXRateReply/EstimatedCharges/DiscountedCharges/NetCharge").InnerXml
            Else
                Throw New FedExExceptions("The FedEx server returned the following error: " & _
                  xmlResponse.SelectSingleNode("FDXRateReply/ReplyHeader").InnerXml)
            End If
        Catch ex As Exception
            Throw ex
        Catch ex As Net.ProtocolViolationException
            Throw New FedExExceptions("A timeout occurred while contacting the FedEx server.")
        Catch ex As Net.WebException
            Throw New FedExExceptions("The FedEx server did not return any data. Please try again later.")
        End Try
    End Function

Regards,

Aeros
0
 

Author Comment

by:vinny45
ID: 11707402
Where is IIS do I configure the client cert.  My server does not require the client cert. the remote server my asp.net app is communicating with does.
0
 
LVL 17

Expert Comment

by:AerosSaga
ID: 11707468
Oh sorry I misunderstood Here you go:

http://support.microsoft.com/default.aspx?scid=kb;en-us;320602

Regards,

Aeros
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:vinny45
ID: 11709222
Aeros,

well the article is interesting but, i'm not trying to sign an xml document, I need to be able to 'show' a client cert when my app sends information to a server requiring a client certificate. I'm using Certificate property of the HttpWebRequest class to do this but i don't think i have the cert properly installed. Because I'm getting an error from the server I'm trying to connect to saying:

No common name contained in certificate distinguished name -
Common name not found in distinguished name:

any ideas?
0
 
LVL 17

Accepted Solution

by:
AerosSaga earned 500 total points
ID: 11709353
Have you performed the following steps?

http://www.wilsonmar.com/1certs.htm
0
 

Author Comment

by:vinny45
ID: 11710776
thanks
0
 

Expert Comment

by:Alan_Mc
ID: 22139617
Bumping this old isse (I just happen to have the same now). That link in the accepted solution with "the following steps" is broken now, any chance of having it again?
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses the ASP.NET AJAX ModalPopupExtender control. In this article we will show how to use the ModalPopupExtender control, how to display/show/call the ASP.NET AJAX ModalPopupExtender control from javascript, how to show/display/cal…
IntroductionWhile developing web applications, a single page might contain many regions and each region might contain many number of controls with the capability to perform  postback. Many times you might need to perform some action on an ASP.NET po…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question