Hello Matt,
You are welcome. I am glad to be of assistance. :)
To answer your qeuestion, I think we need to start from the process of the Secure Sockets Layer (SSL) Handshake. The
Secure Sockets Layer (SSL) protocol uses a combination of public-key and symmetric-key encryption. An SSL session
always begins with an exchange of messages called the SSL handshake. The handshake allows the server to authenticate
itself to the client by using public-key techniques, and then allows the client and the server to cooperate in the creation of
symmetric keys used for rapid encryption, decryption, and tamper detection during the session that follows. Optionally, the
handshake also allows the client to authenticate itself to the server.
For details, I suggest you refer to KB article "Descriptio n of the Secure Sockets Layer (SSL) Handshake"
at
http://support.microsoft.com/default...b;EN-US;257591
Also, For additional information, refer to the following articles in the Microsoft Knowledge Base:
Description of the Client Authentication Process During the SSL Handshake
http://support.microsoft.com/default...b;EN-US;257586
Description of the Server Authentication Process During the SSL Handshake
http://support.microsoft.com/default...b;EN-US;257587
Hope it helps.
Best regards,
Yanhong Huang
Microsoft Online Partner Support
Get Secure! -
www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
!From: "Matt Sollars" <ma**@hypersite .net>
!References: <Ox************ *@TK2MSFTNGP12. phx.gbl> <lK************ **@cpmsftngxa06 .phx.gbl>
!Subject: Re: HttpWebRequest over SSL
!Date: Thu, 14 Aug 2003 09:14:34 -0400
!Lines: 66
!Organization: Hypersite
!X-Priority: 3
!X-MSMail-Priority: Normal
!X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
!X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
!Message-ID: <uH************ **@TK2MSFTNGP10 .phx.gbl>
!Newsgroups: microsoft.publi c.dotnet.framew ork.aspnet
!NNTP-Posting-Host: 207.204.29.22
!Path: cpmsftngxa06.ph x.gbl!TK2MSFTNG P08.phx.gbl!TK2 MSFTNGP10.phx.g bl
!Xref: cpmsftngxa06.ph x.gbl microsoft.publi c.dotnet.framew ork.aspnet:1678 47
!X-Tomcat-NG: microsoft.publi c.dotnet.framew ork.aspnet
!
!Thank you, Yanhong.
!
!Your suggestion worked, but I do not understand. I am not sending a
!certificate to the remote server. Nor have I installed a certificate on my
!local machine. The console application worked under an account with
!Administrator privileges but it works under ANY account with those
!privileges. I changed my local machine.config file's processModel userName
!attribute to "system" and it worked as a web application.
!
!Maybe my understanding of SSL is a bit elementary. Am I to understand that
!to communicate with a server via SSL, some certificate is needed (trusted or
!not)? And my browser handles that for me when I enter a https address? If
!so, how does my browser pull it off if I am logged on as a very restricted
!user? What certificate is used; trusted, self-signed? Can I get around
!changing my machine.config file to use a system user by creating a
!self-signed certificate and installing it under a special account that has
!the same rights as the default machine user (ASPNET)?
!
!I understand that this all may be off-topic for this area and may consume
!too much of your time. On that note, if you would please refer me to one or
!more resources regarding these questions, I would greatly appreciate it.
!
!Thank you again for your time, Yanhong.
!
!Regards,
!
!--
!Matt Sollars
!ma**@hypersite .net
! -------------------
!The Hypersite Network
!2002 N. Salisbury Blvd.
!Suite C
!Salisbury, Maryland 21801
!T: 410.749.2000
!F: 410.219.3400
!
http://www.hypersite.net
!
!
!
!"Yan-Hong Huang[MSFT]" <yh*****@online .microsoft.com> wrote in message
!news:lK******* *******@cpmsftn gxa06.phx.gbl.. .
!Hello Matt,
!
!The error is often caused by mismatched certificate. Generally spekaing, a
!certificate is associated with the user ID of the user who installed the
!certificate (this is the certificate user); therefore, the certificate is
!available only when that user profile is loaded.
!
!ASP.NET is running under machinename/aspnet account. Since you could run
!the code successfully in console app and console app use your logged on
!user account, I suggest you change asp.net application running account in
!machinel.confi g. You could check processmodel part in machine.config.
!
http://msdn.microsoft.com/library/en...cessmodelsecti
!on.asp?frame=t rue
!
!Hope it helps.
!
!Best regards,
!Yanhong Huang
!Microsoft Online Partner Support
!
!Get Secure! ¨C
www.microsoft.com/security
!This posting is provided "AS IS" with no warranties, and confers no rights.
!
!
!