By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
444,136 Members | 2,135 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 444,136 IT Pros & Developers. It's quick & easy.

Automatically add trusted publisher to client store

P: n/a

I want to download pfx from my asp.net server, add the pfx to client's
X509Store as
a trusted publisher, Is it possible? my func in aspx is like this:

void InstallCertification()
{
try{
WebClient web = new WebClient();
string url = "http:/myaspserver/mydir/mykey_2008.pfx";
byte [] b = web.DownloadData(url);
X509Certificate2 cert = new X509Certificate2(b, "password");
X509Store store = new X509Store(StoreName.AuthRoot,
StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadWrite);
store.Add(cert);
store.Close();
store = new X509Store(StoreName.TrustedPublisher,
StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadWrite);
store.Add(cert);
store.Close();
msg.Text = "Certification installed";
}
catch(Exception e)
{
//MessageBox( e.ToString());
msg.Text = e.ToString();
}

but the page will load pretty much longer time and show the error of
System.net.webexception that unable to connect to remote server
(Actually myaspserver is working, the aspx and the pfx url is correct).

Best Regards
Steven
--
=======================
Steven Tang
SYWWUYU)
**:)
Nov 10 '08 #1
Share this Question
Share on Google+
9 Replies


P: n/a
where is this code running? if its in the codebehind, then the server is
downloading a cert from itself, and trying to install it to itself. if this
is what you are trying to do, then try localhost, so thats it a loopback, as
it common to have outgoing port 80 blocked on a webserver.
-- bruce (sqlwork.com)
"Steven Tang" wrote:
>
I want to download pfx from my asp.net server, add the pfx to client's
X509Store as
a trusted publisher, Is it possible? my func in aspx is like this:

void InstallCertification()
{
try{
WebClient web = new WebClient();
string url = "http:/myaspserver/mydir/mykey_2008.pfx";
byte [] b = web.DownloadData(url);
X509Certificate2 cert = new X509Certificate2(b, "password");
X509Store store = new X509Store(StoreName.AuthRoot,
StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadWrite);
store.Add(cert);
store.Close();
store = new X509Store(StoreName.TrustedPublisher,
StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadWrite);
store.Add(cert);
store.Close();
msg.Text = "Certification installed";
}
catch(Exception e)
{
//MessageBox( e.ToString());
msg.Text = e.ToString();
}

but the page will load pretty much longer time and show the error of
System.net.webexception that unable to connect to remote server
(Actually myaspserver is working, the aspx and the pfx url is correct).

Best Regards
Steven
--
=======================
Steven Tang
SYWWUYU)
**:)
Nov 11 '08 #2

P: n/a
Thank you for response, actually this piece of code suppose to run @ client
computer and I'm trying to install the trust certification to the client
computer
who visit our aspx page which contains this piece of this code.

Best Regards

=======================
Steven Tang
SYWWUYU)
**:)
"bruce barker" wrote:
where is this code running? if its in the codebehind, then the server is
downloading a cert from itself, and trying to install it to itself. if this
is what you are trying to do, then try localhost, so thats it a loopback, as
it common to have outgoing port 80 blocked on a webserver.
-- bruce (sqlwork.com)
"Steven Tang" wrote:

I want to download pfx from my asp.net server, add the pfx to client's
X509Store as
a trusted publisher, Is it possible? my func in aspx is like this:

void InstallCertification()
{
try{
WebClient web = new WebClient();
string url = "http:/myaspserver/mydir/mykey_2008.pfx";
byte [] b = web.DownloadData(url);
X509Certificate2 cert = new X509Certificate2(b, "password");
X509Store store = new X509Store(StoreName.AuthRoot,
StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadWrite);
store.Add(cert);
store.Close();
store = new X509Store(StoreName.TrustedPublisher,
StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadWrite);
store.Add(cert);
store.Close();
msg.Text = "Certification installed";
}
catch(Exception e)
{
//MessageBox( e.ToString());
msg.Text = e.ToString();
}

but the page will load pretty much longer time and show the error of
System.net.webexception that unable to connect to remote server
(Actually myaspserver is working, the aspx and the pfx url is correct).

Best Regards
Steven
--
=======================
Steven Tang
SYWWUYU)
**:)
Nov 11 '08 #3

P: n/a
Hi Steven,

If you put a txt file in the same virtual directory where the pfx file
locates and access it in the browser via http://myaspserver/mydir/test.txt
can you see the content of the file? If you can, can you download it via
the following code?

WebClient web = new WebClient();
string url = "http://myaspserver/mydir/test.txt";
byte[] b = web.DownloadData(url);

If you can from your description the following code does not work? (Please
confirm it)

WebClient web = new WebClient();
string url = "http://myaspserver/mydir/ mykey_2008.pfx";
byte[] b = web.DownloadData(url);

Please test it and tell me the result. It can help to narrow down this
issue. BTW, does your client machine need a proxy to access network
resources? In addition please check the Firewall settings on both server
side and client side as Bruce mentioned.

Regards,
Allen Chen
Microsoft Online Support

Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
ms****@microsoft.com.

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/en-us/subs...#notifications.

Note: MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 2 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions. Issues of this
nature are best handled working with a dedicated Microsoft Support Engineer
by contacting Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/en-us/subs.../aa948874.aspx
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| Thread-Topic: Automatically add trusted publisher to client store
| thread-index: AclEKSJkghW7rZuGRE2zq6l2ncbgow==
| X-WBNR-Posting-Host: 207.46.193.207
| From: =?Utf-8?B?U3RldmVuIFRhbmc=?= <st********@community.nospam>
| References: <BD**********************************@microsoft.co m>
<EE**********************************@microsoft.co m>
| Subject: RE: Automatically add trusted publisher to client store
| Date: Tue, 11 Nov 2008 10:13:01 -0800
| Lines: 67
| Message-ID: <5E**********************************@microsoft.co m>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.3168
| Newsgroups: microsoft.public.dotnet.framework.aspnet
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.dotnet.framework.aspnet:79668
| NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
|
| Thank you for response, actually this piece of code suppose to run @
client
| computer and I'm trying to install the trust certification to the client
| computer
| who visit our aspx page which contains this piece of this code.
|
| Best Regards
|
| =======================
| Steven Tang
| SYWWUYU)
| **:)
|
|
| "bruce barker" wrote:
|
| where is this code running? if its in the codebehind, then the server
is
| downloading a cert from itself, and trying to install it to itself. if
this
| is what you are trying to do, then try localhost, so thats it a
loopback, as
| it common to have outgoing port 80 blocked on a webserver.
| >
| >
| -- bruce (sqlwork.com)
| >
| >
| "Steven Tang" wrote:
| >
|
| I want to download pfx from my asp.net server, add the pfx to
client's
| X509Store as
| a trusted publisher, Is it possible? my func in aspx is like this:
|
| void InstallCertification()
| {
| try{
| WebClient web = new WebClient();
| string url = "http:/myaspserver/mydir/mykey_2008.pfx";
| byte [] b = web.DownloadData(url);
| X509Certificate2 cert = new X509Certificate2(b, "password");
| X509Store store = new X509Store(StoreName.AuthRoot,
| StoreLocation.LocalMachine);
| store.Open(OpenFlags.ReadWrite);
| store.Add(cert);
| store.Close();
| store = new X509Store(StoreName.TrustedPublisher,
| StoreLocation.LocalMachine);
| store.Open(OpenFlags.ReadWrite);
| store.Add(cert);
| store.Close();
| msg.Text = "Certification installed";
| }
| catch(Exception e)
| {
| //MessageBox( e.ToString());
| msg.Text = e.ToString();
| }
|
| but the page will load pretty much longer time and show the error of
| System.net.webexception that unable to connect to remote server
| (Actually myaspserver is working, the aspx and the pfx url is
correct).
|
| Best Regards
| Steven
| --
| =======================
| Steven Tang
| SYWWUYU)
| **:)
|

Nov 12 '08 #4

P: n/a
Hello Allen,
I created a simple WPF app tested follow. see embedded content>

"Allen Chen [MSFT]" wrote:
Hi Steven,

If you put a txt file in the same virtual directory where the pfx file
locates and access it in the browser via http://myaspserver/mydir/test.txt
Yes, the browser will show the content.
can you see the content of the file? If you can, can you download it via
the following code?

WebClient web = new WebClient();
string url = "http://myaspserver/mydir/test.txt";
byte[] b = web.DownloadData(url);
Yes, it is downloadable.
If you can from your description the following code does not work? (Please
confirm it)

WebClient web = new WebClient();
string url = "http://myaspserver/mydir/ mykey_2008.pfx";
byte[] b = web.DownloadData(url);
This is also download able in the wpf test app.
Please test it and tell me the result. It can help to narrow down this
issue. BTW, does your client machine need a proxy to access network
resources? In addition please check the Firewall settings on both server
side and client side as Bruce mentioned.

Regards,
Allen Chen
Microsoft Online Support
If WPF testapp work, in general aspx shall work, both of them call .net
am I right? but it seems that the aspx would not work.

Best Regards
Steven
Nov 12 '08 #5

P: n/a
Hi Steven,

I remember the proxy detection of ASP.NET applications is different from
that of desktop applications. Could you try to explicitly specify the proxy
to see if it works?
WebClient web = new WebClient();
web.Proxy = WebProxy.GetDefaultProxy();
string url = "http://myaspserver/mydir/ mykey_2008.pfx";
byte[] b = web.DownloadData(url);

Regards,
Allen Chen
Microsoft Online Community Support
--------------------
| Thread-Topic: Automatically add trusted publisher to client store
| thread-index: AclElYnLcw0IzIw4SM6enZmHKgN7FQ==
| From: =?Utf-8?B?U3RldmVuIFRhbmc=?= <st********@community.nospam>
| References: <BD**********************************@microsoft.co m>
<EE**********************************@microsoft.co m>
<5E**********************************@microsoft.co m>
<RH**************@TK2MSFTNGHUB02.phx.gbl>
| Subject: RE: Automatically add trusted publisher to client store
| Date: Tue, 11 Nov 2008 23:09:00 -0800
| Lines: 47
| Message-ID: <0C**********************************@microsoft.co m>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.3168
| Newsgroups: microsoft.public.dotnet.framework.aspnet
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.dotnet.framework.aspnet:79710
| NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
|
| Hello Allen,
| I created a simple WPF app tested follow. see embedded content>
|
| "Allen Chen [MSFT]" wrote:
|
| Hi Steven,
| >
| If you put a txt file in the same virtual directory where the pfx file
| locates and access it in the browser via
http://myaspserver/mydir/test.txt
|
| Yes, the browser will show the content.
|
| can you see the content of the file? If you can, can you download it
via
| the following code?
| >
| WebClient web = new WebClient();
| string url = "http://myaspserver/mydir/test.txt";
| byte[] b = web.DownloadData(url);
| >
|
| Yes, it is downloadable.
|
| If you can from your description the following code does not work?
(Please
| confirm it)
| >
| WebClient web = new WebClient();
| string url = "http://myaspserver/mydir/ mykey_2008.pfx";
| byte[] b = web.DownloadData(url);
| >
|
| This is also download able in the wpf test app.
|
| Please test it and tell me the result. It can help to narrow down this
| issue. BTW, does your client machine need a proxy to access network
| resources? In addition please check the Firewall settings on both
server
| side and client side as Bruce mentioned.
| >
| Regards,
| Allen Chen
| Microsoft Online Support
| >
|
| If WPF testapp work, in general aspx shall work, both of them call .net
| am I right? but it seems that the aspx would not work.
|
| Best Regards
| Steven
|

Nov 13 '08 #6

P: n/a
Hi Allen,
Sorry that I didn't response this due to busy on other stuff. I tried
updated the
aspx page and added Proxy = WebProxy.GetDefaultProxy(), when I visit this
page
from client side (I called the InstallCertification in the Page_Load), the
browser says that:
System.Net.WebException: Unable to connect to the remote server --->
System.Net.Sockets.SocketException: No connection could be made because the
target machine actively refused it 127.0.0.1:8080 at
System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress
socketAddress) at System.Net.Sockets.Socket.InternalConnect(EndPoint
remoteEP) at System.Net.ServicePoint.ConnectSocketInternal(Bool ean
connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address,
ConnectSocketState state, IAsyncResult asyncResult, Int32 timeout, Exception&
exception) --- End of inner exception stack trace --- at
System.Net.WebClient.DownloadDataInternal(Uri address, WebRequest& request)
at System.Net.WebClient.DownloadData(Uri address) at
System.Net.WebClient.DownloadData(String address) at
ASP.xweb_index_aspx.InstallCertification()

All the best
--
=======================
Steven Tang
SYWWUYU)
**:)
"Allen Chen [MSFT]" wrote:
Hi Steven,

I remember the proxy detection of ASP.NET applications is different from
that of desktop applications. Could you try to explicitly specify the proxy
to see if it works?
WebClient web = new WebClient();
web.Proxy = WebProxy.GetDefaultProxy();
string url = "http://myaspserver/mydir/ mykey_2008.pfx";
byte[] b = web.DownloadData(url);

Regards,
Allen Chen
Nov 16 '08 #7

P: n/a
Hi Steven,

Thanks for your update.

Are you accessing the 80 port or the 8080 port? From the code you provided
previously you're accessing the 80 port. See below:

WebClient web = new WebClient();
string url = "http://myaspserver/mydir/test.txt";
byte[] b = web.DownloadData(url);

However, from the exception it seems you're using this url:
string url = "http://myaspserver:8080/mydir/test.txt";

Could you clarify which url you're using? If it is 8080 please check if the
TCP port of this site has been set as 8080 in IIS.
http://support.microsoft.com/kb/149605

For further investigation please also provide the IIS version and the
operating system you're using.

Regards,
Allen Chen
Microsoft Online Support

--------------------
| Thread-Topic: Automatically add trusted publisher to client store
| thread-index: AclILeI2tNdcfObdRf+REkafcpvKkQ==
| X-WBNR-Posting-Host: 207.46.193.207
| From: =?Utf-8?B?U3RldmVuIFRhbmc=?= <st********@community.nospam>
| References: <BD**********************************@microsoft.co m>
<EE**********************************@microsoft.co m>
<5E**********************************@microsoft.co m>
<RH**************@TK2MSFTNGHUB02.phx.gbl>
<0C**********************************@microsoft.co m>
<Ue**************@TK2MSFTNGHUB02.phx.gbl>
| Subject: RE: Automatically add trusted publisher to client store
| Date: Sun, 16 Nov 2008 12:57:06 -0800
| Lines: 46
| Message-ID: <0B**********************************@microsoft.co m>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.3168
| Newsgroups: microsoft.public.dotnet.framework.aspnet
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.dotnet.framework.aspnet:79977
| NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
|
| Hi Allen,
| Sorry that I didn't response this due to busy on other stuff. I tried
| updated the
| aspx page and added Proxy = WebProxy.GetDefaultProxy(), when I visit
this
| page
| from client side (I called the InstallCertification in the Page_Load),
the
| browser says that:
| System.Net.WebException: Unable to connect to the remote server --->
| System.Net.Sockets.SocketException: No connection could be made because
the
| target machine actively refused it 127.0.0.1:8080 at
| System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot,
SocketAddress
| socketAddress) at System.Net.Sockets.Socket.InternalConnect(EndPoint
| remoteEP) at System.Net.ServicePoint.ConnectSocketInternal(Bool ean
| connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address,
| ConnectSocketState state, IAsyncResult asyncResult, Int32 timeout,
Exception&
| exception) --- End of inner exception stack trace --- at
| System.Net.WebClient.DownloadDataInternal(Uri address, WebRequest&
request)
| at System.Net.WebClient.DownloadData(Uri address) at
| System.Net.WebClient.DownloadData(String address) at
| ASP.xweb_index_aspx.InstallCertification()
|
| All the best
| --
| =======================
| Steven Tang
| SYWWUYU)
| **:)
|
|
| "Allen Chen [MSFT]" wrote:
|
| Hi Steven,
| >
| I remember the proxy detection of ASP.NET applications is different
from
| that of desktop applications. Could you try to explicitly specify the
proxy
| to see if it works?
| >
| >
| WebClient web = new WebClient();
| web.Proxy = WebProxy.GetDefaultProxy();
| string url = "http://myaspserver/mydir/ mykey_2008.pfx";
| byte[] b = web.DownloadData(url);
| >
| Regards,
| Allen Chen
|
|

Nov 17 '08 #8

P: n/a
Hello Allen,
I tried to update the path and no file download issue anymore, but the
trust
will not be added to the client computer and it shows that X509 cannot be
applied.
It looks like the code download the prx file from itself and then try to add
the trust
to the server computer, not the client computer.
You know the aspx is the server side code, Is there any way to modify
the
code let:
When client computer visit this aspx page,
this aspx page download the prx to the client system and install it into
the client computer?

Best Regards
Steven

--
=======================
Steven Tang
SYWWUYU)
**:)
"Allen Chen [MSFT]" wrote:
Hi Steven,

Thanks for your update.

Are you accessing the 80 port or the 8080 port? From the code you provided
previously you're accessing the 80 port. See below:

WebClient web = new WebClient();
string url = "http://myaspserver/mydir/test.txt";
byte[] b = web.DownloadData(url);

However, from the exception it seems you're using this url:
string url = "http://myaspserver:8080/mydir/test.txt";

Could you clarify which url you're using? If it is 8080 please check if the
TCP port of this site has been set as 8080 in IIS.
http://support.microsoft.com/kb/149605

For further investigation please also provide the IIS version and the
operating system you're using.

Regards,
Allen Chen
Microsoft Online Support
Nov 19 '08 #9

P: n/a
Hi Steven,

Firstly, for the security reason, automatically downloading and adding the
pfx to the X509Store is not recommended.

If we have to do so we need to use ActiveX. However, we cannot ensure if
the clients have enabled ActiveX. If they don't we cannot achieve the
requirement.

Following article demonstrates how to create an MFC ActiveX control:

http://www.codeproject.com/KB/COM/CompleteActiveX.aspx

Another option is to let your customer download a console application and
run it. You can put your code in the console application. Then add a
download link on the page to notify your customers. Though it's not an
ideal means I think it's a more secure way for your customers.

Please let me know if you need further assistance.

Regards,
Allen Chen
Microsoft Online Community Support

Nov 20 '08 #10

This discussion thread is closed

Replies have been disabled for this discussion.