tags:

views:

239

answers:

2
Q: 

Multiple users accessing certificate file at a time.

This is kind of not a question, but need a clarification. Here is the code. All this code is doing is sending sending a cer file to server in httpwebrequest which is placed on a local drive. My question is, what happens if multiple users try to access the application at a time. I mean 5-10 requests reading the same cer at a time. will it break saying that the cer file is locked by some other thread to read/or will it not break because it's just read only?

//You must change the path to point to your .cer file location. 
X509Certificate Cert = X509Certificate.CreateFromCertFile("C:\\mycert.cer");
// Handle any certificate errors on the certificate from the server.
ServicePointManager.CertificatePolicy = new CertPolicy();
// You must change the URL to point to your Web server.
HttpWebRequest Request = (HttpWebRequest)WebRequest.Create("https://YourServer/sample.asp");
Request.ClientCertificates.Add(Cert);
Request.UserAgent = "Client Cert Sample";
Request.Method = "GET";
HttpWebResponse Response = (HttpWebResponse)Request.GetResponse();
// Print the repsonse headers.
Console.WriteLine("{0}",Response.Headers);
Console.WriteLine();
// Get the certificate data.
StreamReader sr = new StreamReader(Response.GetResponseStream(), Encoding.Default);
int count;
char [] ReadBuf = new char[1024];
do
{
 count = sr.Read(ReadBuf, 0, 1024);
 if (0 != count)
 {
  Console.WriteLine(new string(ReadBuf));
 }

}while(count > 0);
+1  A: 

Reads don't lock files in Windows....

Stobor  2009-07-22 00:45:50
That is a very bold statement. I would just claim that files opened in shared mode can be also open by other processes that request shared mode. http://msdn.microsoft.com/en-us/library/system.io.fileshare.aspx
Remus Rusanu  2009-07-22 07:06:12
@Remus Rusanu: I agree; with the additional point that File.OpenRead defaults to Read-shared mode.
Stobor  2009-07-23 00:41:41
A: 

Why not send the certificate from the user store instead of file and eliminate the concern, as in the second method described in How to send a client certificate by using the HttpWebRequest. You need to load the private key into the key store anyway, so I really don't see any point in using the certificate from a .cer file.

Remus Rusanu  2009-07-22 07:02:19
yeah, I know that link that's where I got this code from. But you know I have tried it and it's a pain to get it working. Also the reason I went for this implementation because our code is hosted on a App server. So I really don't have to worry about security. 2nd. I don't need to load the private key from cert store. I can give access to the user account that is going to read cert private key using "winhttpcertcfg.exe" - It works.
Broken Link  2009-07-22 15:23:13
That winhttpcertcfg.exe run that's what is doing, loads the private key into the user cert store. How else do you explain that your code does not specify the location of the private key, nor a password to access it?. Anyway, loading it from a .cer file works OK. There is no threat in someone reading the .cer file (since is *public* anyway). Also replacing the .cer file is not a real threat either, a different private key is needed too and if it has access to a private key, then isn't really an attack. Only serious concern is operational, an accidental delete or move of the .cer file.
Remus Rusanu  2009-07-22 15:30:56
YES, I don't specify private key or password in my code. There is a trick that you need to do. 1. Grant private key access to the .p12 file for the account that's going to read (typically ASPNET)2. Then export that p12 file to Cert store to "local computer" account 3. Now export that cert from cert store to your local drive. That's it. you don't have to use private key/password in your code. And the account will get access to private key. HTH.
Broken Link  2009-07-22 21:50:35
I will vote your answer for the time you took and replied :) Thanks!
Broken Link  2009-07-22 21:51:29

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?