Last post Nov 13, 2013 03:49 PM by adinolffi
Feb 18, 2007 08:09 PM|kali.mist|LINK
Im calling an external web service via wse 3.0. I need to use an X509 cert. I have installed the cert under a user account. My application needs to be accessed anonymously, so Im using impersonation to load the cert from the impersonated users' store.
Problem is that now sometimes the users store is not loading. I need to be able to associate the cert with ASPNET, NETWORK SERVICE account.
Can anyone show me an example? I tried a few examples off MSDN but they would not work for me.
Feb 19, 2007 08:46 AM|Sohnee|LINK
Step 1 - if you don't already have it installed - get WinHttpCertCfg
Step 2 - if you already have the certificate installed on the maching and you just need to grant access to Network Services:
WinHttpCertCfg.exe -g -c LOCAL_MACHINE\MY -s "IssuedToName" -a "NetworkService"
If you're using Windows 2000 you don't need to grant access to Network Service but from Windows 2003 you do.
The full rundown on this tool can be found here:
Feb 19, 2007 10:19 AM|kali.mist|LINK
When I'm installing the cert, should store should I use so that NetworkService can access it?
Also what should I use for "IssuedToName"? Is the it just the name of the cert?
Feb 23, 2007 03:35 PM|Sohnee|LINK
I use the local machine store.
If you open the certificate (double click it in the store) and view the details, you should be able to see who the certificate is issued to. Usually it's a domain or email address.
Apr 18, 2007 02:12 PM|kali.mist|LINK
I use the local machine store.
can you show me a piece of code where you get look in the local machine store for the certificate?
Here is my existing code. Im having to use a specified account and impersonation. Its not good.
Dim store As X509Store
Dim certs As X509CertificateCollection
Dim cert As System.Security.Cryptography.X509Certificates.X509Certificate2
store = New X509Store(StoreName.My, _
For Each cert In store.Certificates
certlist += cert.SubjectName.ToString
certs = _
store.Certificates.Find(X509FindType.FindByIssuerName, "rogerlodger", True)
Apr 18, 2007 02:19 PM|kali.mist|LINK
Apr 18, 2007 04:20 PM|Sohnee|LINK
Apr 19, 2007 01:45 AM|kali.mist|LINK
Any chance you show me some code please? Im not at the exporting a base-64 encoded version of the public key level :)
Apr 19, 2007 03:38 PM|Sohnee|LINK
If you right-click on the certificate in the certificate store, you can choose "export", which presents a small number of options (save it as a .cer)
Then you can access the certificate like this:
X509Certificate2 cert1 = new X509Certificate2("cert.cer");
Nov 13, 2013 03:49 PM|adinolffi|LINK
look at this blog, here explca how to use the digital signature with X509 Certificate
You can do this:
public static getDataResponse queryingData(string name)
proxyBanvui.BanvuiWS.Banvuiws conexion = new proxyBanvui.BanvuiWS.Banvuiws();
//VALIDATION OF CONNECTION V3
X509Certificate2 elCert = new X509Certificate2(@"C:\portecle-1.5\12345.P12", "12345");
// Copy the certificate to the certificate store using ASPNET
// spent the path and password
X509Certificate2 certificate = new X509Certificate2(@"C:\portecle-1.5\12345.P12", "12345");
X509Store stores = new X509Store(StoreName.My, StoreLocation.CurrentUser);
String sto = X509CertificateStore.MyStore;
// Open the Certificates Stores
X509CertificateStore store = X509CertificateStore.CurrentUserStore(sto);
// We look for the certificate that we will use to perform the signature
String certname = "conticert";
Microsoft.Web.Services2.Security.X509.X509CertificateCollection certcoll = store.FindCertificateBySubjectString(certname);
if (certcoll.Count != 0)
Microsoft.Web.Services2.Security.X509.X509Certificate cert = certcoll;
SoapContext ctx = conexion.RequestSoapContext;
SecurityToken tok = new X509SecurityToken(cert);
ctx.Security.Timestamp.TtlInSeconds = 120;
// We signed the request
getDataResponse response = new getDataResponse();
response = conexion.getData(name);