Quick question: is it possible to retrive a users certificate store i.e. list all of the client's Personal Certificates?
Just to be clear, I am talking about the certificates installed on the clients machine, not the servers. I have managed to list the server's certificates, but so far have been unsuccesful with the above.
I have created an x590 certificate that is in the file :
"C:UsersmartinAppDataRoamingMicrosoftSystemCertificatesMyCertificates"
I am trying to acces the public key to encrypt some plain text.
The system is throwing an "System.ArgumentOutOfRangeException" at the line
Dim certificate As X509Certificate2 = certificateCollection(0)
Can anyone tell me where I am going wrong or tell me another way to access the public key
.................................................
This is the complete code:
Imports System.Security
Imports System.Security.Cryptography.X509Certificates
Imports System.Security.Cryptography.X509Certificates.X509Certificate2
Imports System.Security.Cryptography.Pkcs
Partial Class encryptwithcertificare
Inherits System.Web.UI.Page
Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button1.Click
Dim encoding As UTF8Encoding = New UTF8Encoding
Dim cleartext As String = Textbox1.Text
Dim myStore As X509Store = New X509Store()
myStore.Open(OpenFlags.ReadOnly)
Dim certificateCollection As X509Certificate2Collection = myStore.Certificates.Find(X509FindType.FindBySubjectName, "bobby", True)
Dim certificate As X509Certificate2 = certificateCollection(0)
Dim code() As Byte = EncryptwithCertificate(cleartext, certificate)
Label1.Text = Convert.ToBase64String(code)
End Sub
Shared Function EncryptwithCertificate(ByVal cleartext As Byte, ByVal certificate As X509Certificate2) As Byte()
Dim encoding As UTF8Encoding = New UTF8Encoding
Dim cleartextsbyte() As Byte = encoding.GetBytes(cleartext)
Dim contentinfo As ContentInfo = New ContentInfo(cleartextsbyte)
Dim envelopedCms As EnvelopedCms = New EnvelopedCms(contentinfo)
Dim recipient As CmsRecipient = New CmsRecipient(certificate)
envelopedCms.Encrypt(recipient)
Return envelopedCms.Encode()
End Function
End Class
I have a rather strange situation that I am in.
I have to write a web-service that will (among other things) communicate with another web service. When we communicate with that remote web-service we are required to use a certificate that they provided.
I am having a really hard time trying to find any sample code that does this.
I have found code for installing certs when you want to use a browser to communicate, but none when you are using a web-service to web-service and you are required to HAVE the certificate, not requiring the OTHER end to have the certificate.
So far I cannot even find code to allow me to parse throught the cert store. Samples I found online show up as errors in Visual Studio 2005.
Note: This is running one Windows 2000, designed with Visual Studio 2005, asp.net 2.0
I'm working on a project for a large company that wants to create a crypto toolbox for cross-platform signing and encrypting and am constantly running into problems concerning the cryptographic abilities in the .Net framework. The blazing inferno that I need to put out this time is that SignedCms and EnvelopedCms don't seem to work with a Cryptographic Service Provider that doesn't store the private-key on the Windows machine. I'm working with a network HSM and certicates that have only a public key, that is, no private-key and no information in the store as to where that private-key resides or how you can access it (a RSA public/private key pair is created on the machine, using the HSM supplier's CSP, and a certificate signing request is generated and used to create a public-key certificate signed by the CA). Theoretically the private key gets picked up from the HSM (referenced actually) using the CspParameters given when instantiating the class, which specifies the CSP provided by the HSM supplier. Unfortunately, up to now this only works with CAPI, where can associate the cryptographic service provider with the signing certificate (usign CertSetCertificateContextProperty with CERT_KEY_PROV_HANDLE_PROP_ID). (We're using CAPI for PKCS#7 signing because the .Net framework only supports signatures up to SHA1 and we have a minimum of SHA256). Surprisingly enough CmsSigner accepts a CSP in it's constructor but it cannot get the key, it throws an exception during instantiation from method CreateDummyCertificate for some reason (with the message "Process completed." no less!??). I use the following CspParameters:
[Code]....
CmsSigner cmsSigner = new CmsSigner(cspParams);
This process works great with certificates and key pairs created by MakeCert. With MakeCert you can associate the CSP information with the Certificate upon creation (-sk, -sp, -sy). The private key still resides in the HSM but specifying the provider during the creation of the certificate seems to have persisted the CSP information somewhere, somehow. Exactly how that's done I don't know, but if could do that, my problem would be solved.
I dont have a lot of background with SSL and X509 configuration and support with my Asp.Net application, so I was wondering if someone can explain or point me in the right direction to MSDN or any other article or posting explaining if it's possible to do what I am looking to support in my environment.
I have IIS 6.0 with SSL (Verisign cert) as well as "Require client certificates" working against a local installation of Microsoft Certificate Services, https://<domain>/certsrv, where users can request and install client certs (both xp clients for basic
mode, and Vista/7 for advance mode).
Here's what I am up against:
I have a segment of users coming from a virtualized server environment where this environment does not store personal settings for more than 48 hours. It's not an internet cafe, but rather an actual business where their IT staff uses server images to reimage each virtual server in the farm every 48hrs. Thus losing all users data in the "Current Users" Certificate Stores.
The IT staff give users a network folder share to store any personal items (docs, spreadsheets, links, etc.). The servers consist of Windows Server 2003, and will be migrating to Windows Server 2008 in the next 6-9 months.
These users have rights in Internet Explorer to navigate to my certsrv site and use activex to to request and install certificates then clode and reopen the broser to navigate and render the asp.net app.
Problem:
It's a pain to ask the users to request and have issued a client certificate every 48 hours.
The IT staff of this company has asked if I can create some sort of certificate that they can load in the "local computer" certificate store, NOT the "Current User" store, that will be made part of their base image for all their servers, and that this certificate is then used to properly authenticate all users on these servers to my IIS with "require client certificates" selected.
Question:
Is this possible, and if so what can I do on my side to create the proper certificate to give to the IT staff at this business to put into their servers "local computer" certificate store? I assume either under the Personal->Certificates store, or under the "Trusted Root Certification Authorities"->Certificates store. Thus allowing any user of these servers in their thin client virtual environment to open I.E., navigate to my site and select a certificate from the "Choose a digital certificate" popup that allows them to render my Asp.Net application, or avoids this popup altogether.
If this is the wrong forum to post in, please advise and I will move. Probably due to vernacular on my part, I have been unable to find any resources on here, MSDN or Bing to help me solve this problem.
Am facing problem while consuming a java web service using WCF. below is the web.config and aspx.cs file details
Requirement
Service request and response will be encrypted with certificate. when i run this below code am getting the error "The private key is not present in the X.509 certificate."
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="TestClientCertificate">
<clientCredentials>
<clientCertificate storeLocation="CurrentUser" storeName="My"
findValue="certificatename" x509FindType="FindByIssuerName"/>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="TestHttpBinding" maxReceivedMessageSize="1048576" maxBufferSize="1048576" transferMode="Buffered">
<security mode="TransportWithMessageCredential">
<!--<transport clientCredentialType="Certificate"/>-->
<message clientCredentialType="Certificate"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint name="TestHttpPort" address="https://webserviceurl/webservice"
binding="basicHttpBinding" bindingConfiguration="TestHttpBinding"
behaviorConfiguration="TestClientCertificate"
contract="ServiceReference1.webService1">
</endpoint>
</client>
</system.serviceModel>
in page
protected void Page_Load(object sender, EventArgs e)
{
WebServiceClient abc = new WebServiceClient();
BindingElementCollection elements = abc.Endpoint.Binding.CreateBindingElements();
elements.Find<SecurityBindingElement>().IncludeTimestamp = true;
abc.Endpoint.Binding = new CustomBinding(elements);
WebServiceClientResponse xyz = abc.WebMethod("", "");
}
private static bool customXertificateValidation(object sender, X509Certificate cert, X509Chain chain, System.Net.Security.SslPolicyErrors error)
{
return true;
}
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="TestClientCertificate">
<clientCredentials>
<clientCertificate storeLocation="CurrentUser" storeName="My"
findValue="partnerservices" x509FindType="FindByIssuerName"/>
</clientCredentials>
<!--<serviceDebug includeExceptionDetailInFaults="true"/>-->
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="TestHttpBinding" maxReceivedMessageSize="1048576" maxBufferSize="1048576" transferMode="Buffered">
<security mode="TransportWithMessageCredential">
<!--<transport clientCredentialType="Certificate"/>-->
<message clientCredentialType="Certificate"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint name="TestHttpPort" address="https://webservicespprd.biworldwide.com/partnerservices/services/v1/AccountWebService.biws"
binding="basicHttpBinding" bindingConfiguration="TestHttpBinding"
behaviorConfiguration="TestClientCertificate"
contract="ServiceReference1.AccountWebService">
<!--<identity>
<certificate encodedValue="MIIB5zCCAVCgAwIBAgIQlerVslZ+4p1Of3evhNc3TDANBgkqhkiG9w0BAQQFADAP
MQ0wCwYDVQQDEwRTR0JJMB4XDTEwMTExNjA5MjYyOVoXDTM5MTIzMTIzNTk1OVow
DzENMAsGA1UEAxMEU0dCSTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5mYW
n4Qp/8uosJ56fXLqygOkTDuYTTX0KECRce7fkeCFH8SpqQeCltNMjFgNRzr+C4rk
6A7GFe6gMiVyogqYgQn/QyZGT5iTXJ4khkAYui/gLX4Cga3tBCoVckja/93bCUOS
G4rS7W86kgG2hV+BfceqmlRISnlaLWxN/Ys6TAsCAwEAAaNEMEIwQAYDVR0BBDkw
N4AQ7veQWUUKR17/SJxFCEHu56ERMA8xDTALBgNVBAMTBFNHQkmCEJXq1bJWfuKd
Tn93r4TXN0wwDQYJKoZIhvcNAQEEBQADgYEAPsTiaYcghQCtBRH8FupLZIzliSHx
h3rsr6mKQT68rA+I9qjs/lsPaN2ebajDb3xzJRmjlrz2+9Gjc9LUGDaHEgxsPHab
Dh/IOgkqyjVAJHufjroKFfkzTJwwB4/uWU2vOKPpqVXfLqRXJ8du25MI7iWcHVfg
oYS1eESNBuPCErQ="/>
</identity>-->
</endpoint>
</client>
</system.serviceModel>
I am trying to use the X509FindType.FindBySubjectDistinguishedName option and I am not sure where to find the value for the findValue property in my config.
http://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509findtype.aspx
I'm new to cryptography and I'm a bit stuck:
I'm trying to connect (from my development environment) to a web service using HTTPS. The web service requires a client certificate - which I think I've installed correctly.
They have supplied me with a .PFX file. In Windows 7, I double clicked the file to install it into my Current User - Personal certificate store.
I then exported a X509 Base-64 encoded .cer file from the certificate entry in the store. It didn't have a private key associate with it.
Then, in my app, I'm attempting to connect to the service like this:
var certificate = X509Certificate.CreateFromCertFile("xyz.cer"));
var serviceUrl = "https://xyz";
var request = (HttpWebRequest) WebRequest.Create(serviceUrl);
request.ClientCertificates.Add(certificate);
request.Method = WebRequestMethods.Http.Post;
request.ContentType = "application/x-www-form-urlencoded";
I get a 502 Connection failed when I connect.
Is there anything you can see wrong with this method? Our production environment seems to work with a similar configuration, but it's running Windows Server 2003.
I need to know to get current online user list. How can I achieve. I am using membership concepts that is asp login control.
View 1 RepliesI have been diligently learning all about the asp.net membership framework and have a test site running it all. However, during my testing, it became apparent that deleting users would be useful. I can delete users from the "aspnet_users" & "aspnet_Membership" tables simply by right-clicking on the table in server explorer, selecting "show table data", highlight the rows and press delete!!
However, this is a pain and I would much rather do this properly from code behind.
I have found out that the membership schema supplies a large number of "stored procedures" including "Delete_Users" however, when I execute this one manually, I have no idea what the last two parameters are (number of tables and something else from memory - the first two "application name" and "username" are easy to copy in to the dialog.
show me a sample set of VB code that I can use behind a "Delete User" button on my webform including how I supply the parameters. I have set up a drop down list box from teh "aspnet_users" table which displays the "UserName" and has as the SelectedValue "UserId".
this is the ecenario, we're developing a web application in vb.net using vwd 05, and everthing has been great so far, we've recevied a lot ideas from the guys on this great forum. now we're facing a problem relating with usernames and userids.Our web application has 5 different roles, and theres a funtionality needed on a dropdownlist related to the user roles.
we're trying to store users full name and other data, i've seen the tutorials about storing addtional information and everthing is very clear there, the problem now is this code we have already to fill a dropdownlist.
Dim techUsers As String() = Roles.GetUsersInRole("tech")
For Each usr As String In techUsers
DropDownList1.Items.Add(usr)
Next
So basically were looking at storing the user id of the user just created with the create new user wizard to our table where full name is gonna be stored.
table is like this:
userid
full name
and other data required here. etc
so basically, we're filling the dropdownlist with the usernames of the users in the tech rol with the coded i posted above, but we need to instead of showing the username(which is our case is just number) ,show the full name of that users belonging to the tech role, obviouly its just a query, but how to get the full names of users beloning to a specified role? thats the main question and problem we have right now.
I am writing a simple plugin for IE. I need to store a password and username setting for the user who uses the plugin. I know that I can store the username/password in the registry, I can manually encrypt it using the encription classes with .NET, or I can store it in a config file and encrypt the config file. I was wondering if there is a specific pattern/mechanism that I should use to store password and username.
View 1 RepliesI finally got membership and roles setup and seems to be working. I have setup a page to allow the creation of a user and editing of roles for a user. I would like to setup a page with a gridview that displays all users and what roles they are assigned. I remember running across someone else that was looking to do the same thing, but cant find it. Not sure if it was in this forum or online somewhere else.
But i found that i can use the aspnet_Membership_GetAllUsers procedure in my db to get all the users, but how can i add the roles to each person and possibly setup the gridview so that each role they have, is displayed on their row in the gridview So i would like to see something like this maybe more data displayed depending on the client request.
Username Email Last Login Roles
meofcourse me@hi.com 08/25/2010 X Admins X Approvers
themofcourse them@hi.com 05/25/2009 X Approvers
The X indicating a checkbox.. and have it setup so they can uncheck the role, that triggers the update and causes the list to refresh and display the new current roles for the individual users. The procedure listed about does not return the roles, so wasnt sure if i could use that procedure and union it with another to get the combined results im looking for.
how to store users Ip address while registration using asp.net 2.0 Registration control.
View 1 RepliesI am trying to decrypt using an X509 certificate private key. I am using the following function:
[Code]....
I am trying to use an X509Certificate within an ASP.NET web service within the Rackspace Cloud. I have a feeling the certificate stores on the cloud nodes maybe causing problems. I also have a question related to this with the exception that I am receiving at SslStream.AuthenticateAsClient Exception when using iPhone Apple Push Notification Provider (apns-sharp) C# Within the apns-sharp project I was using the following code:
certificate = new X509Certificate2(p12File)
However I received an exception and changing the code to the following resolved the X509Certificate2 exception. The new code is as follows:
certificate = new X509Certificate2(p12File, String.Empty, X509KeyStorageFlags.MachineKeySet);
I would like to know if I can use an X509Certificate2 within ASP.NET without using a certificate store? Would the certificate stores be causing problems with the Rackspace Cloud nodes?
Update #1 Rackspace tell me that access to the Local Machine Certificate store is not permitted. Is there any other way to bypass using the certificate store? Maybe using a third party library?
Is it possible to request an X509 certificate from a client without configuring the application to use Windows Authentication? The purpose would be to press an asp.net button and "digitially sign" a web-form's contents. I do not need any login information, just the X509 cert.
View 1 RepliesI have an ASP.NET application that accesses private key in a certificate in the certificates store. On Windows Server 2003 I was able to use winhttpcertcfg.exe to give private key access to the NETWORK SERVICE account. How do I give permissions to access a Private Key in a certificate in the certificate store (Local ComputerPersonal) on a Windows Server 2008 R2 in an IIS 7.5 website? I've tried giving Full Trust access to "Everyone", "IIS AppPoolDefaultAppPool", "IIS_IUSRS", and everyother security account I could find using the Certificates MMC (Server 2008 R2). However the below code demonstrates that the code does not have access to the Private Key of a certificate that was imported with the private key. The code instead throws and error everytime the private key property is accessed.
Default.aspx
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" Inherits="_Default" %>
<%@ Import Namespace="System.Security.Cryptography.X509Certificates" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "[URL]/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="[URL]/1999/xhtml">
<head runat="server">
<title></title>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:Repeater ID="repeater1" runat="server">.............
I have a doubt in creatig user through CreateUserWiward or ASP.NET Configuration. As we know by the way of this we can create user and login the same user into the system alltime. But my question is where the created user is from or where it is stored and how long the users are to be pereserced in that area.
Also Is there any possiblity to view the users other than though ASP.NEt configuration, One more doubt is there any way to interact the same with Database by using CreateUserWiard and Login Control.
We deployed our usercontrols (gridView, textboxes & button) on sharepoint 2010 site, & everything works fine.
Now testing team are able to alter the viewstate value of controls through Fiddler and changed it with some junk characters, now after submitting
the form to server, it throws Invalid JASON Primitive (server 500 error)
In web.config file, by default EnableViewStateMac is true.
Is it any way to restrict the users or any way to stop the postback if some one alters the viewstate.
I am trying to create a diary site which will allow users to enter rich texts (text, picture and video links...) and the outcome for each page will be an html file being saved under each users profile folder.If I create html files for every user entry, then these pages can be accessible if the path and file name is known for them... I am trying to have some secured html pages so that only the owner of those pages can have access to them after logging in.
View 7 RepliesI want to execute some logic if the Logged in User can view a page "~/MyPage.aspx". IF the logged in user should be elligible to view the page is determined by the role based security I configured in the web.config file. There are many methods to find out if the user is in role XXX or not. But I did not find any method to find out if the user can view a page or not ahead of transferring the user to that page. Maybe I will hide a link to a specific page to the logged in user if the user is not elligible to view that page if I know the technique i am asking here to know.
View 1 RepliesI have searched and could not find any article related to "How to implement Certificate Security in
production environment".
I could able to Create sample certificates for client and Server on my local machine and was able to authenticate my client app with the certificates . These certificates are test certificates.
How do I do this in Production. We have a domain certificate from GoDaddy which resides on the server. How do I create a Client Certificate off of that.
I want to store a X509 certificate to a user store in Novell viathe ".NET C# LDAP Library" that Novell has developed [URL]I can store different entries like givenName, commonName, mail, description etc. etc. Everythings works fine :)But I can't store a certificate correctly because the final encoding of the certificate will be failed.I've tried to send the entire certificate as HEX and Base64 in strings and bytes but the final encoding will still be failed.
[Code]....
So my question is:Anyone who knows how I should encode the certificate before sending it?
If I'm taking a password on a page, should that page be served via https and exactly how dangerous is it not to? I've tried googling this but every guide just says that ssl certificates "stop hackers seeing sensative data" with no real description of how they would do this or exactly how vulnerable your site is as a result of not having ssl.Could someone summarize how easy it is for someone to steal passwords on non-https pages? Should i even be considering doing a login page without one?
View 4 Replies