EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Difference to ver 11 and ver 12

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
#30134
Posted: 07/23/2014 15:19:26
by Isaac Gomez (Basic support level)
Joined: 07/21/2014
Posts: 10

I downloaded the latest version of the demo to sign pdf documents remotely using the ActiveX control.

When I pick the certificate from my card, when the process is almost complete I receive the error shown in the attached picture.

Can you help me to solve this problem?


#30139
Posted: 07/24/2014 05:28:32
by Alexander Ionov (EldoS Corp.)

Could you please show html-source of the page with the activex control?
It must contain the following html-tag:
Code
        <object id="signer" classid="clsid:208CE54E-F15E-4DCB-823A-9DA0DFD1B2E1" codebase="SBDCSigner.ocx#version=1,1,0,0" width=500 height=240>
            <param id="paramData" name="Data" value="..."></param>
            <param id="paramID" name="SessionID" value="b1szgtmlvbku3pzuqlfmedbd"></param>
            <param name="Color" value="#FFFFFF" />
            <param name="DataURL" value="../Result.aspx" />
            <param name="GoURL" value="../Result.aspx" />
            <param name="PKCS11Registry" value="\Software\EldoS\SecureBlackbox\DC" />
        </object>


--
Best regards,
Alexander Ionov
#30141
Posted: 07/24/2014 08:21:58
by Isaac Gomez (Basic support level)
Joined: 07/21/2014
Posts: 10

SessionID value is supposed to be filled on runtime by the webpage.
I tried to hardcode it but didn't work either.

This is my current configuration in the HTML section:

Code
<object id="signer" classid="clsid:208CE54E-F15E-4DCB-823A-9DA0DFD1B2E1" codebase="SBDCSigner.ocx#version=1,1,0,0" width="500" height="240">
            <param id="paramData" runat="server" name="Data" enableviewstate="false"/>
            <param id="paramID" runat="server" name="SessionID" enableviewstate="true"/>
            <param name="Color" value="#FFFFFF" />
            <param name="DataURL" value="../Result.aspx" />
            <param name="GoURL" value="../Result.aspx" />
            <!--<param name="PKCS11Registry" value="\Software\EldoS\SecureBlackbox\DC" />-->
            <!--<param name="PKCS11Registry" value="Software\CardOS\Teclado\DC PKCS11\1" />-->
            <param name="PKCS11Libraries" value="cardos11.dll" />
            <param name="AllowTokenStorage" value="yes" />
            <param name="AllowWindowsStorage" value="no" />
            <param name="AllowFileStorage" value="no" />
        </object>

As you can see, I have commented out default lines, I'm using libraries supplied by our organization SmartCard reader. It does display both certificates installed on my card, but when it tries to sign the document, the given error is shown (attached picture in my previous email).

If I use the parameters you stated, I can't even recognize the Smart Card because the given Smart Card drivers are not configured in the Registry Key specified. (Attached pictureA.jpg).

I'm requesting support because I need to present a demo to my organization in order to be able to make an order.

I was checking the ActiveX control and I found it was created by using Delphi. Is there a chance to have the source code for this control in another language like VB.NET or C#?

I only need to be able to recognize certificates on a Smart Card reader, I don't need to display other sections because it is not what we need to do with your component.
#30143
Posted: 07/24/2014 08:51:31
by Alexander Ionov (EldoS Corp.)

Quote
Isaac Gomez wrote:
SessionID value is supposed to be filled on runtime by the webpage.

Yes, it is. But we need to be sure that SessionID was actually added into web page. So please, open the web page in your browser and then copy its html-source with parameter values filled in and post them here.

Quote
Isaac Gomez wrote:
I tried to hardcode it but didn't work either.

That's right. Because this must be a valid session id value on the web server. It's used later to indentify which session posts back its signing results. If there is an empty or invalid session id specified, the web server cannot find the pdf/xml-file which signature it has to complete.

Quote
Isaac Gomez wrote:
If I use the parameters you stated, I can't even recognize the Smart Card because the given Smart Card drivers are not configured in the Registry Key specified. (Attached pictureA.jpg).

Sorry I can't see any jpg attached to your message. But in order to let the ActiveX control to use the PKCS11Registry parameter, the registry must be firstly filled in accordingly to the description in the ReadMe.txt file wich you can find in the folder that contains the ocx file.


--
Best regards,
Alexander Ionov
#30144
Posted: 07/24/2014 09:12:37
by Isaac Gomez (Basic support level)
Joined: 07/21/2014
Posts: 10

Ok, this is the resulting HTML when the page is run:

Code
<object id="signer" classid="clsid:208CE54E-F15E-4DCB-823A-9DA0DFD1B2E1" codebase="SBDCSigner.ocx#version=1,1,0,0" width="500" height="240">
            <param id="paramData" name="Data" value="77u/PD94...0b3I+U2Vj...5cGU+TWVzc2FnZS5CYXRjaDwvTWVzc2FnZVR5cGU+PE1l...hcnM+PEJhdGNoRWxlbWVudD48TWVzc2FnZVR5cGU+TWVz...lSUQ+PE5hbWU+TWFpbk9wZXJhdGlvbjwvTmFtZT48UGFycz48L1BhcnM+PE9w...yY2U+OTc4...0aG0+PElu...lbnQ+PE1lc3NhZ2VUeXBlPk1lc3NhZ2UuQmFzZTwvTWVzc2FnZVR5cGU+PE1l...hbWU+PFBhcnM+PFBh...QYXI+PFBh...iNCI+MzIzNjM4PC9QYXI+PC9QYXJzPjwvQmF0Y2hFbGVtZW50PjwvUm9vdE1lc3NhZ2U+PC9TZWN1cmVCbGFja2JveEFzeW5jU3RhdGU+"></param>
            <param id="paramID" value="yvb21sqwekri45gsmquwr34w" name="SessionID"></param>
            <param name="Color" value="#FFFFFF" />
            <param name="DataURL" value="../Result.aspx" />
            <param name="GoURL" value="../Result.aspx" />
            <!--<param name="PKCS11Registry" value="\Software\EldoS\SecureBlackbox\DC" />-->
            <!--<param name="PKCS11Registry" value="Software\CardOS\Teclado\DC PKCS11\1" />-->
            <param name="PKCS11Libraries" value="cardos11.dll" />
            <param name="AllowTokenStorage" value="yes" />
            <param name="AllowWindowsStorage" value="no" />
            <param name="AllowFileStorage" value="no" />
        </object>


Regarding the ReadMe.txt, it states that you can reference the Smart Card driver by setting a Registry Key (the option you said), but also you can reference directly to the driver DLL (the option I used). It works the same, If I use PKCS11Registry to reference the DLL or if I use PKCS11Libraries, same error is shown.

The driver is not the problem, because if the driver were bad referenced, the ActiveX control will never find my card inserted on the slot.

Ok, I'm inserting another picture, this time I'm adding several pictures into a single one.


#30145
Posted: 07/24/2014 09:24:00
by Isaac Gomez (Basic support level)
Joined: 07/21/2014
Posts: 10

Now I tried to run it using Visual Studio Development Server and I received a Bad Request Error.

Initially used IIS hosting.

Is there anything special I need to configure to make it work?

Regarding the ActiveX source code, do you have it available in another platform??
#30146
Posted: 07/24/2014 10:10:49
by Alexander Ionov (EldoS Corp.)

Thank you, now I'm sure that session id was successfully inserted into the web page. So the problem should be in the ActiveX control - something with composing the URL which is used to post back the signing results.

Could you please place a brakepoint in the Results.aspx.cs file on the following line of code
Code
String sessionId = Request.QueryString["sessionid"];

and check what value it gets for sessionId variable? If it's empty, it would very useful to take a look at the query string from that URL. I suppose that this URL is broken and ASP.NET engine cannot get session id from it.

Quote
Isaac Gomez wrote:
Now I tried to run it using Visual Studio Development Server and I received a Bad Request Error.

Initially used IIS hosting.

We use IIS for development and testing because this server is used on the Web and on corporate servers. So we cannot guarantee that this example will work on any other server.

Quote
Isaac Gomez wrote:
Regarding the ActiveX source code, do you have it available in another platform??


What another platform do you need it in?
Actually this ActiveX control was designed only as an example which shows how to use our DC classes and was not intended to be used as is in production.


--
Best regards,
Alexander Ionov
#30147
Posted: 07/24/2014 10:28:44
by Isaac Gomez (Basic support level)
Joined: 07/21/2014
Posts: 10

I think we finally found the problem to this issue.
Looks like the URL as you previously stated is malformed.

I'm attaching a new picture with the possible issue remarked.
Looks like it is adding an extra question mark(?) to resulting URL and I think that this is the cause of the problem.

Regarding the ActiveX control.
We need to display only certificates within Smart Card readers, the ActiveX control was almost the perfect fit for our needs, but in order to make it easier for our users, it will be great to have the same functionality in an administrable source code. We use .NET for our production systems.


#30148
Posted: 07/24/2014 10:31:35
by Isaac Gomez (Basic support level)
Joined: 07/21/2014
Posts: 10

Effectively, that was the problem. I changed the line:
Code
String sessionId = Request.QueryString["sessionid"];

to
Code
String sessionId = Request.QueryString["?sessionid"];

and it is working like a charm.

EDIT: It works on Visual Studio Development Server also :D
#30149
Posted: 07/24/2014 10:52:19
by Alexander Ionov (EldoS Corp.)

Thank you very much for facing this.
It seems we have a bug in the ActiveX control inspired by changes in SecureBlackbox 12 routines.

In the meanwhile you can use something like the following:
Code
String sessionId = Request.QueryString["sessionid"];
if (String.IsNullOrEmpty(sessionId))
  sessionId = Request.QueryString["?sessionid"];

This will work even after we fix the bug.


--
Best regards,
Alexander Ionov
Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.

Reply

Statistics

Topic viewed 3748 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!