 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / .NET Framework / Security / November 2007httpwebrequest failure with .net service
running Hi, I have a .net 2.0 service that periodically needs to access a web site on the same 2003 server machine that is configured to use https . The only way I can get this working is to run the service with the administrator login , no other account (system, local service, or account that is a member of the administrators group ). the failure is 2148074254 - No credentials are available in the security package and the message is The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel any ideas on how to proceed ? thanks, chaz Do you know if SSL client certificate authentication is being performed? It may be the case that the server is requesting client cert auth and only the admin account on your box has permissions to access the private key for the client cert that is being used (which may actually be the server's own SSL cert since it is the same box). Joe K.  SignatureJoe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- > running Hi, > I have a .net 2.0 service that periodically needs to access a web site on [quoted text clipped - 13 lines] > thanks, > chaz Hell, if the root certificate of your SSL certificate is not in the trusted root certificate store, you get this error. The best way to deal with this is to add it to that store.If you can't do this for whatever reason, you can disable the check using this line of code, which you should rould once during the start of your program: ServicePointManager.ServerCertificateValidationCallback = delegate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { return true; }; Kind regards, Henning > running Hi, > I have a .net 2.0 service that periodically needs to access a web site on [quoted text clipped - 13 lines] > thanks, > chaz Hi, Thanks to you both of you for the valuble feedback. I've implemented your work-around Henning and this works well with "ignore certificates" or "accept certificates" . Eventualy I will want to figure out the issue but for now I can move on to the next issue which is - "require certificates" . Joe started me thinking that this may just work if the windows service could use the web-sites server certificate as a client certificate when making the HTTPS request . Do either of you have suggestions regarding this issue . Are client certificates for services/processes ( or machines for that matter) routinely generated ? If so how would one map theses ? Any pointers , ideas would be appreciated . thanks, chaz > Hell, > [quoted text clipped - 29 lines] > > thanks, > > chaz So, it sounds like you ARE trying to do client certificate authentication if you are planning to require client certificates. As such, the key to this is to make sure you have an appropriate client certificate available for your client and make sure the identity that is running your code has permissions to access the private key for that certificate. I think that was the original problem you were having, as the admin account had access to the private key for the cert you were using but no other account did (which is normal). Joe K. SignatureJoe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- > Hi, > Thanks to you both of you for the valuble feedback. [quoted text clipped - 53 lines] >> > thanks, >> > chaz Joe, The original problem was/is with the web-server certificate verification on the client . The web site was not requiring client certificate nor was there any client certificates installed anywhere . This is still an open issue I'm investigating meanwhile using the work around . Thanks for the pointers on using client certificates however as I will need the service to use different logons such as local service or network service. -chaz > So, it sounds like you ARE trying to do client certificate authentication if > you are planning to require client certificates. As such, the key to this [quoted text clipped - 64 lines] > >> > thanks, > >> > chaz Hi! Chaz: I am also having same problem. My problems is: I am using SQL Server 2005 reporting services. Reporting services website is using SSL. I could only open reporting services webservice using admin logon. If I try to open reports with any other account, I get: "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS Secure Channel." error. Did you find any workaround for this problem? If so, please help. Regards SSR Hi! Chaz: I am also having same problem. My problems is: I am using SQL Server 2005 reporting services. Reporting services website is using SSL. I could only open reporting services webservice using admin logon. If I try to open reports with any other account, I get: "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS Secure Channel." error. Did you find any workaround for this problem? If so, please help. Regards SSR Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.