EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Cannot populate system certificates under IIS 7.5

Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.
Posted: 02/20/2013 03:40:39
by Eugene Mayevski (EldoS Corp.)

Did you consider using PKCS#11 interface instead of CryptoAPI? It's more flexible when working with the smartcard.

Sincerely yours
Eugene Mayevski
Posted: 02/20/2013 04:01:14
by Nime Cloud (Basic support level)
Joined: 02/12/2013
Posts: 20

I'm not very experienced at certificates & cryptology and examined the Tiny Pdf Signer example of EldoS.
Posted: 02/20/2013 04:12:49
by Ken Ivanov (EldoS Corp.)

There's a TinySignerPKCS11 sample also available that illustrates the use of certificates via PKCS#11 - yoy might wish to check it out. You will need to know the location of your smartcard's driver DLL to do PKCS#11 signing.
Posted: 02/20/2013 04:27:41
by Nime Cloud (Basic support level)
Joined: 02/12/2013
Posts: 20

I just checked it, it also uses the same method -RefreshSystemCertificateList()- as TinySigner, I'll stuck at same place. Am I wrong?
Posted: 02/20/2013 04:33:53
by Ken Ivanov (EldoS Corp.)

Windows system certificate store functionality is implemented in parallel to PKCS#11 functions in the sample. Please see the OpenPKCS11Storage() method and use the relevant TElPKCS11CertStorage object to access the certificate(s).
Posted: 02/20/2013 05:52:29
by Nime Cloud (Basic support level)
Joined: 02/12/2013
Posts: 20

Should I use SecureBlackbox_PKCS11Proxy.dll or another 3rd party dll?

I tried SecureBlackbox_PKCS11Proxy.dll (32/64) and PKCS11CertStorage.Open() thrown an error:

DLL 'SecureBlackbox_PKCS11Proxy' cannot loaded: Module not found. (HRESULT : 0x8007007E)
Posted: 02/20/2013 05:58:32
by Vsevolod Ievgiienko (EldoS Corp.)


SecureBlackbox_PKCS11Proxy.dll is a proxy library and should be put beside your compiled executable file. You should choose 3rd party smartcard's driver DLL. Its name and location can be mentioned in smartcard's documentation or simply *googled*.
Posted: 02/20/2013 06:09:51
by Nime Cloud (Basic support level)
Joined: 02/12/2013
Posts: 20

I also tried another dll from the vendor but it has failed too.

I found ASP.NET Impersonation:

This configuration change worked:
    <identity impersonate="true" userName="contoso\Jane" password="********" />

P.S: System.Security.Principal.WindowsIdentity.GetCurrent().Name gets the user name.
Posted: 02/20/2013 06:21:41
by Ken Ivanov (EldoS Corp.)

So does impersonation do the job for you or it doesn't?
Posted: 02/20/2013 06:39:16
by Nime Cloud (Basic support level)
Joined: 02/12/2013
Posts: 20

Yes it solves the problem and I can run the code (and smartcard) under IIS/ASP.NET.
Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.



Topic viewed 5203 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!