views:

653

answers:

3

I have got wierd problem going on. I am trying to connect to Apple server via TCP/SSL. I am using a Client certificate provided by Apple for push notifications. I installed the certificate on my server (Win2k3) in both Local Trusted Root certificates and Local Personal Certificates folder.

Now I have a class library that deals with that connection, when i call this class library from a console application running from the server it works absolutely fine, but when i call that class library from an asp.net page or asmx web service I get the following exception.

A call to SSPI failed, see inner exception. The message received was unexpected or badly formatted.

This is my code:

X509Certificate cert = new X509Certificate(certificateLocation, certificatePassword);                       
X509CertificateCollection certCollection = new X509CertificateCollection(new X509Certificate[1] { cert });
// OPEN the new SSL Stream
SslStream ssl = new SslStream(client.GetStream(), false, new RemoteCertificateValidationCallback(ValidateServerCertificate), null);                       
ssl.AuthenticateAsClient(ipAddress, certCollection, SslProtocols.Default, false);

ssl.AuthenticateAsClient is where the error gets thrown.

This is driving me nuts. If the console application can connect fine, there must be some problem with asp.net network layer security that is failing the authentication... not sure, perhaps need to add something or some sort of security policy in the web.config. Also just to point out that i can connect fine on my local development machine both with console and website.

Anyone has got any ideas?

A: 

Sorted.... The Aspnet runs under a different account so you have to use WinHttpCertCfg.exe tool to allow the following account to access the certificate which you should install in Local Computer Personal/Trusted folders..

ASPNET Network Service Authenticated Users

e.g.

winhttpcertcfg -g -c LOCAL_MACHINE\MY -s "CertificateName" -a "ASPNET"

where certificate name is the friendly name of your certificate.

You can get the tool and information from the link below:

http://msdn.microsoft.com/en-us/library/aa384088%28VS.85%29.aspx#%5Fusing

Noms
A: 

I have tried with this command

winhttpcertcfg -g -c LOCAL_MACHINE\MY -s "CertificateName" -a "ASPNET"

on command window after installing winhttpcertcfg(downloaded from above link).

But i am getting the error "Unable to find or obtain a context for request certificate"

Can you please suggest me, how to solve this error?

Kanan
A: 

Have you installed the certificate on your system? If you are running windows it should be in Local Computer/Personal or Trusted Folders under Management Console (Run -> mmc).

Noms