EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Cannot populate system certificates under IIS 7.5

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
Posted: 02/20/2013 03:40:39
by Eugene Mayevski (Team)

Did you consider using PKCS#11 interface instead of CryptoAPI? It's more flexible when working with the smartcard.

Sincerely yours
Eugene Mayevski
Posted: 02/20/2013 04:01:14
by Nime Cloud (Basic support level)
Joined: 02/12/2013
Posts: 20

I'm not very experienced at certificates & cryptology and examined the Tiny Pdf Signer example of EldoS.
Posted: 02/20/2013 04:12:49
by Ken Ivanov (Team)

There's a TinySignerPKCS11 sample also available that illustrates the use of certificates via PKCS#11 - yoy might wish to check it out. You will need to know the location of your smartcard's driver DLL to do PKCS#11 signing.
Posted: 02/20/2013 04:27:41
by Nime Cloud (Basic support level)
Joined: 02/12/2013
Posts: 20

I just checked it, it also uses the same method -RefreshSystemCertificateList()- as TinySigner, I'll stuck at same place. Am I wrong?
Posted: 02/20/2013 04:33:53
by Ken Ivanov (Team)

Windows system certificate store functionality is implemented in parallel to PKCS#11 functions in the sample. Please see the OpenPKCS11Storage() method and use the relevant TElPKCS11CertStorage object to access the certificate(s).
Posted: 02/20/2013 05:52:29
by Nime Cloud (Basic support level)
Joined: 02/12/2013
Posts: 20

Should I use SecureBlackbox_PKCS11Proxy.dll or another 3rd party dll?

I tried SecureBlackbox_PKCS11Proxy.dll (32/64) and PKCS11CertStorage.Open() thrown an error:

DLL 'SecureBlackbox_PKCS11Proxy' cannot loaded: Module not found. (HRESULT : 0x8007007E)
Posted: 02/20/2013 05:58:32
by Vsevolod Ievgiienko (Team)


SecureBlackbox_PKCS11Proxy.dll is a proxy library and should be put beside your compiled executable file. You should choose 3rd party smartcard's driver DLL. Its name and location can be mentioned in smartcard's documentation or simply *googled*.
Posted: 02/20/2013 06:09:51
by Nime Cloud (Basic support level)
Joined: 02/12/2013
Posts: 20

I also tried another dll from the vendor but it has failed too.

I found ASP.NET Impersonation:

This configuration change worked:
    <identity impersonate="true" userName="contoso\Jane" password="********" />

P.S: System.Security.Principal.WindowsIdentity.GetCurrent().Name gets the user name.
Posted: 02/20/2013 06:21:41
by Ken Ivanov (Team)

So does impersonation do the job for you or it doesn't?
Posted: 02/20/2013 06:39:16
by Nime Cloud (Basic support level)
Joined: 02/12/2013
Posts: 20

Yes it solves the problem and I can run the code (and smartcard) under IIS/ASP.NET.
Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.



Topic viewed 5783 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!