Set up of IIS Express to accept Client Certificates working fine until moved to a new machine.
applicationhost.configI was building an application on a Navy machine that needed to retrieve client certificates from the user's CAC card.
I read the blog run by Jason R. Shaver a few months ago on how to set up IIS Express to accept Client Certificates. http://www.jasonrshaver.com/post/2011/09/28/WP7-Client-Certificates-Part-2-(Client-Certs-on-the-Browser).aspx
I did the following:
1.Changed Project properties to use IIS Express instead of VS Development Server.
2.Enabled SSL on Project
3.Established Virtual Directory in Project Properties.
4.Opened the IIS Express Applicationhost.config file.
5.Verified the Site configuration included a binding with a protocol of https.
6.Changed iisClientCertificateMappin
7.Uncommented access sslFlags="SslNegotiateCert
Since I only wanted the web app to view the certs on my CAC card I did not proceed any further. For months this worked exactly as I wanted it to, populating the server Variables with the Cert_Subject, which my app was then programmed to retrieve and read.
During the sequester I had to carry out work on a different Windows 7 machine owned by our company instead of the Navy. I carried out the same process and everything worked fine.
Then I had to move to a different Navy machine. I had to move my projects and databases to the new machine. I worked with things as they were for a while.
When I ran the the particular app I had set up to use ssl, I was only mindly surprised when the app did not request my client certificate. Then I tried to repeat the Jason Shaver set up on this new machine the same as I had done the other machines. The project settings were still the same although I had to click the "create virtual directory" again.
I opened the applicationhost.config file.
1.I was not surprised to find the web site had a binding with a protocol of "https".
2.I was very surprised to find that the "iisClientCertificateMappi
3.I was even more surprised to find that access sslFlags="SslNegotiateCert
4.Finally I was shocked to find with all of these settings correct, the browser still never requested my client certs when hitting this site.
I do not understand why this is happening on this machine and not on the other machine.
Then it gets even stranger. A day later I found that the SSL enable setting on that project had been changed to off all by itself, and the there was no longer a binding protocol shown for this web site on the applicationhost.config. So I once again changed the project to be SSL enabled. I changed the default local host to the https://localhost:44303/ and once again created a virtual directory for the site. I made sure that the server setting was "Local IIS Web Server" with the "Use IIS Express" box checked. I again checked the applicationhost.config and made sure there was a binding for protocol https and binding information of "*:44303:localhost". However now when it ran, it went straight to "Internet Explorer cannot display webpage" (despite the fact that I have "use friendly error messages" unchecked in IE).
I am truly at a lost.
See attached applicationhost.config file. The site name is "WorkingModel" with an id of 29.
Project "TestNewGLDLL" with id="11" also is showing Internet explorer cannot display web page. Again this was working great until I moved it to new machine.
I really ask anyone with any insight into this process to please advise me concerning this because until this codeing is in place, neither of these projects can even be deployed to a test server because the users will not be able to access them.
I read the blog run by Jason R. Shaver a few months ago on how to set up IIS Express to accept Client Certificates. http://www.jasonrshaver.com/post/2011/09/28/WP7-Client-Certificates-Part-2-(Client-Certs-on-the-Browser).aspx
I did the following:
1.Changed Project properties to use IIS Express instead of VS Development Server.
2.Enabled SSL on Project
3.Established Virtual Directory in Project Properties.
4.Opened the IIS Express Applicationhost.config file.
5.Verified the Site configuration included a binding with a protocol of https.
6.Changed iisClientCertificateMappin
7.Uncommented access sslFlags="SslNegotiateCert
Since I only wanted the web app to view the certs on my CAC card I did not proceed any further. For months this worked exactly as I wanted it to, populating the server Variables with the Cert_Subject, which my app was then programmed to retrieve and read.
During the sequester I had to carry out work on a different Windows 7 machine owned by our company instead of the Navy. I carried out the same process and everything worked fine.
Then I had to move to a different Navy machine. I had to move my projects and databases to the new machine. I worked with things as they were for a while.
When I ran the the particular app I had set up to use ssl, I was only mindly surprised when the app did not request my client certificate. Then I tried to repeat the Jason Shaver set up on this new machine the same as I had done the other machines. The project settings were still the same although I had to click the "create virtual directory" again.
I opened the applicationhost.config file.
1.I was not surprised to find the web site had a binding with a protocol of "https".
2.I was very surprised to find that the "iisClientCertificateMappi
3.I was even more surprised to find that access sslFlags="SslNegotiateCert
4.Finally I was shocked to find with all of these settings correct, the browser still never requested my client certs when hitting this site.
I do not understand why this is happening on this machine and not on the other machine.
Then it gets even stranger. A day later I found that the SSL enable setting on that project had been changed to off all by itself, and the there was no longer a binding protocol shown for this web site on the applicationhost.config. So I once again changed the project to be SSL enabled. I changed the default local host to the https://localhost:44303/ and once again created a virtual directory for the site. I made sure that the server setting was "Local IIS Web Server" with the "Use IIS Express" box checked. I again checked the applicationhost.config and made sure there was a binding for protocol https and binding information of "*:44303:localhost". However now when it ran, it went straight to "Internet Explorer cannot display webpage" (despite the fact that I have "use friendly error messages" unchecked in IE).
I am truly at a lost.
See attached applicationhost.config file. The site name is "WorkingModel" with an id of 29.
Project "TestNewGLDLL" with id="11" also is showing Internet explorer cannot display web page. Again this was working great until I moved it to new machine.
I really ask anyone with any insight into this process to please advise me concerning this because until this codeing is in place, neither of these projects can even be deployed to a test server because the users will not be able to access them.
ASKER
I hope so.
https requires a server certificate to initiate the https connection, the server and client work out the highest level of encryption that they both can accept.. Only then do we get tot the authentication phase where you want a client certificate for authentication.
Is it indeed getting past the initial https? to test create a simple website i.e. default.htm <html><head></head><body>i
Is it indeed getting past the initial https? to test create a simple website i.e. default.htm <html><head></head><body>i
ASKER
It does not. (Remember this is IIS Express. It generates its own server certificate as per the IIS Express web site.)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
This resolves the question of why but not how to fix it. Hopefully my other thread which identifies the source of the problem can get that now. No expert was able to discern this until I broke the working IIS Express by installing VS 2012 Update 4.
ASKER
As proof that I am not imagining this I copied the project to one of the other two machines, and configured it to use SSL. It worked absolutely correctly. So unless I can get an answer here I will have to end up developing my project on someone else's machine.