EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Cannot populate system certificates under IIS 7.5

#23561
Posted: 02/20/2013 03:40:39
by Eugene Mayevski (Team)

Did you consider using PKCS#11 interface instead of CryptoAPI? It's more flexible when working with the smartcard.


Sincerely yours
Eugene Mayevski
#23562
Posted: 02/20/2013 04:01:14
by Nime Cloud (Basic support level)
Joined: 02/12/2013
Posts: 20

I'm not very experienced at certificates & cryptology and examined the Tiny Pdf Signer example of EldoS.
#23564
Posted: 02/20/2013 04:12:49
by Ken Ivanov (Team)

There's a TinySignerPKCS11 sample also available that illustrates the use of certificates via PKCS#11 - yoy might wish to check it out. You will need to know the location of your smartcard's driver DLL to do PKCS#11 signing.
#23566
Posted: 02/20/2013 04:27:41
by Nime Cloud (Basic support level)
Joined: 02/12/2013
Posts: 20

I just checked it, it also uses the same method -RefreshSystemCertificateList()- as TinySigner, I'll stuck at same place. Am I wrong?
#23567
Posted: 02/20/2013 04:33:53
by Ken Ivanov (Team)

Windows system certificate store functionality is implemented in parallel to PKCS#11 functions in the sample. Please see the OpenPKCS11Storage() method and use the relevant TElPKCS11CertStorage object to access the certificate(s).
#23569
Posted: 02/20/2013 05:52:29
by Nime Cloud (Basic support level)
Joined: 02/12/2013
Posts: 20

Should I use SecureBlackbox_PKCS11Proxy.dll or another 3rd party dll?

I tried SecureBlackbox_PKCS11Proxy.dll (32/64) and PKCS11CertStorage.Open() thrown an error:

DLL 'SecureBlackbox_PKCS11Proxy' cannot loaded: Module not found. (HRESULT : 0x8007007E)
#23570
Posted: 02/20/2013 05:58:32
by Vsevolod Ievgiienko (Team)

Hello.

SecureBlackbox_PKCS11Proxy.dll is a proxy library and should be put beside your compiled executable file. You should choose 3rd party smartcard's driver DLL. Its name and location can be mentioned in smartcard's documentation or simply *googled*.
#23571
Posted: 02/20/2013 06:09:51
by Nime Cloud (Basic support level)
Joined: 02/12/2013
Posts: 20

I also tried another dll from the vendor but it has failed too.

I found ASP.NET Impersonation:
http://msdn.microsoft.com/en-us/library/xh507fc5(v=vs.100).aspx


This configuration change worked:
Code
<configuration>
  <system.web>
    <identity impersonate="true" userName="contoso\Jane" password="********" />
  </system.web>
</configuration>


P.S: System.Security.Principal.WindowsIdentity.GetCurrent().Name gets the user name.
#23573
Posted: 02/20/2013 06:21:41
by Ken Ivanov (Team)

So does impersonation do the job for you or it doesn't?
#23574
Posted: 02/20/2013 06:39:16
by Nime Cloud (Basic support level)
Joined: 02/12/2013
Posts: 20

Yes it solves the problem and I can run the code (and smartcard) under IIS/ASP.NET.

Reply

Statistics

Topic viewed 6253 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!