EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Cannot populate system certificates under IIS 7.5

Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.
#23561
Posted: 02/20/2013 03:40:39
by Eugene Mayevski (EldoS Corp.)

Did you consider using PKCS#11 interface instead of CryptoAPI? It's more flexible when working with the smartcard.


Sincerely yours
Eugene Mayevski
#23562
Posted: 02/20/2013 04:01:14
by Nime Cloud (Basic support level)
Joined: 02/12/2013
Posts: 20

I'm not very experienced at certificates & cryptology and examined the Tiny Pdf Signer example of EldoS.
#23564
Posted: 02/20/2013 04:12:49
by Ken Ivanov (EldoS Corp.)

There's a TinySignerPKCS11 sample also available that illustrates the use of certificates via PKCS#11 - yoy might wish to check it out. You will need to know the location of your smartcard's driver DLL to do PKCS#11 signing.
#23566
Posted: 02/20/2013 04:27:41
by Nime Cloud (Basic support level)
Joined: 02/12/2013
Posts: 20

I just checked it, it also uses the same method -RefreshSystemCertificateList()- as TinySigner, I'll stuck at same place. Am I wrong?
#23567
Posted: 02/20/2013 04:33:53
by Ken Ivanov (EldoS Corp.)

Windows system certificate store functionality is implemented in parallel to PKCS#11 functions in the sample. Please see the OpenPKCS11Storage() method and use the relevant TElPKCS11CertStorage object to access the certificate(s).
#23569
Posted: 02/20/2013 05:52:29
by Nime Cloud (Basic support level)
Joined: 02/12/2013
Posts: 20

Should I use SecureBlackbox_PKCS11Proxy.dll or another 3rd party dll?

I tried SecureBlackbox_PKCS11Proxy.dll (32/64) and PKCS11CertStorage.Open() thrown an error:

DLL 'SecureBlackbox_PKCS11Proxy' cannot loaded: Module not found. (HRESULT : 0x8007007E)
#23570
Posted: 02/20/2013 05:58:32
by Vsevolod Ievgiienko (EldoS Corp.)

Hello.

SecureBlackbox_PKCS11Proxy.dll is a proxy library and should be put beside your compiled executable file. You should choose 3rd party smartcard's driver DLL. Its name and location can be mentioned in smartcard's documentation or simply *googled*.
#23571
Posted: 02/20/2013 06:09:51
by Nime Cloud (Basic support level)
Joined: 02/12/2013
Posts: 20

I also tried another dll from the vendor but it has failed too.

I found ASP.NET Impersonation:
http://msdn.microsoft.com/en-us/library/xh507fc5(v=vs.100).aspx


This configuration change worked:
Code
<configuration>
  <system.web>
    <identity impersonate="true" userName="contoso\Jane" password="********" />
  </system.web>
</configuration>


P.S: System.Security.Principal.WindowsIdentity.GetCurrent().Name gets the user name.
#23573
Posted: 02/20/2013 06:21:41
by Ken Ivanov (EldoS Corp.)

So does impersonation do the job for you or it doesn't?
#23574
Posted: 02/20/2013 06:39:16
by Nime Cloud (Basic support level)
Joined: 02/12/2013
Posts: 20

Yes it solves the problem and I can run the code (and smartcard) under IIS/ASP.NET.
Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.

Reply

Statistics

Topic viewed 4063 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!