Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / Web Services / October 2005

Tip: Looking for answers? Try searching our database.

Exception : Server unavailable, please try later

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Yogesh S - 06 Oct 2005 03:04 GMT
System.Web.Services.Protocols.SoapHeaderException:
System.Web.Services.Protocols.SoapHeaderException: Server unavailable, please
try later ---> System.Security.Cryptography.CryptographicException:
Cryptography_CSP_NoPrivateKey\n   at
Microsoft.Web.Services2.Security.Cryptography.RSACryptoServiceProvider.SignHash(Byte[]
rgbHash, String oidHash)\n   at
Microsoft.Web.Services2.Security.Cryptography.RSASHA1SignatureFormatter.SignHash(Byte[]
rgbHash)\n   at
Microsoft.Web.Services2.Security.Cryptography.RSASHA1SignatureFormatter.Sign(Stream
data)\n   at
Microsoft.Web.Services2.Security.MessageSignature.ComputeAsymmetricSignature(AsymmetricKeyAlgorithm
key)\n   at
Microsoft.Web.Services2.Security.MessageSignature.ComputeSignature()\n   at
Microsoft.Web.Services2.Security.Security.SerializeXml(SoapEnvelope
document)\n   at
Microsoft.Web.Services2.Security.SecurityOutputFilter.ProcessHeader(Security
security, SoapEnvelope envelope)\n   at
Microsoft.Web.Services2.Security.SecurityOutputFilter.ProcessMessage(SoapEnvelope
envelope)\n   at
Microsoft.Web.Services2.Pipeline.ProcessOutputMessage(SoapEnvelope
envelope)\n   at
Microsoft.Web.Services2.WebServicesExtension.AfterSerializeServer(SoapServerMessage
message)\n   --- End of inner exception stack trace ---\r\n   at
System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage
message, WebResponse response, Stream responseStream, Boolean asyncCall)\r\n  
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String
methodName, Object[] parameters)\r\n   at

This exception is driving me crazy.  I have installed WSE 2.0 SP3 and the
below is the code snippet that retrieves certificate from certificate store,
according to documentation i have assigned rights to ASPNET account using
WSECertificateTool.  I can see the values of certificate being written to
disk but the cryptic error message doesn't lead to any source making it
extremely difficult to debug. Would appreciate if any one can shed light on
the code . Thx for your help

    public class PostTradeService : System.Web.Services.WebService
    {
        public PostTradeService()
        {
        }

        [WebMethod]
        public int SubmitContractNote(ContractNoteInfo contractNote)
        {
            SoapContext respCtx = ResponseSoapContext.Current;
            string identifier = "GWYsQ6VRJyw6w5fgxOMgje5E92A=";
            X509CertificateStore localStore =
X509CertificateStore.LocalMachineStore(X509CertificateStore.MyStore);
            localStore.OpenRead();
            //X509CertificateCollection certCollection =
localStore.FindCertificateBySubjectString("Consumer A");
            X509CertificateCollection certCollection =
localStore.FindCertificateByKeyIdentifier(Convert.FromBase64String(identifier));
                X509Certificate provCert = certCollection[0];
                StreamWriter writer = new StreamWriter(@"C:\log.txt",false);
                writer.WriteLine(provCert.SupportsDigitalSignature);
                writer.WriteLine(provCert.SupportsDataEncryption);
                X509SecurityToken token = new X509SecurityToken(provCert);
                respCtx.Security.Tokens.Add(token);
                respCtx.Security.Elements.Add(new MessageSignature(token));
                writer.WriteLine("done");
                writer.Close();
            //Process the submitted information
            return 0;
        }
Reply to this Message
Yogesh S - 06 Oct 2005 04:32 GMT
On further investigation using filemon, i found out that aspnet_wp.exe access
a different folder to find the keys

it is accessing the below folder
C:\Documents and Settings\SAROJA\ASPNET\Application Data\Microsoft\Crypto\RSA\

instead of accessing this one
C:\Documents and Settings\MUK\Application Data\Microsoft\Crypto\RSA\

All my certificates are stored in above folder. The certificates are created
using makecert tool and copied under Localmachine store .  If i change the
web.config to impersonate another user account then it works fine, it is only
with default ASPNET account i am not able to sign the message.  


> System.Web.Services.Protocols.SoapHeaderException:
> System.Web.Services.Protocols.SoapHeaderException: Server unavailable, please
[quoted text clipped - 62 lines]
>             return 0;
>         }
Reply to this Message
Pablo Cibraro - 06 Oct 2005 18:51 GMT
Hi Yogesh,
The ASPNET account doesn't have permissions on the certificate keys. You can
grant those permission using the WSE certificate tool.

Regards,
Pablo Cibraro
www.lagash.com

> On further investigation using filemon, i found out that aspnet_wp.exe
> access
[quoted text clipped - 85 lines]
>> return 0;
>> }
Reply to this Message
Yogesh S - 07 Oct 2005 02:25 GMT
Thx Pablo for your reply..

If you read my original post, i mentioned about assigning ASPNET account the
required rights.. The confusing part is even though you open local
certificate store, but when signing happens on server side, the private keys
are looked into the current user folder. i.e. C:\Program
Files\SAROJA\ASPNET\.... and it is obvious that it will not find the key and
that is why an exception is thrown. I have verified this using filemon (file
monitor) uitlity from sysinternals.com... so it looks like a bug in WSE or i
am doing something wrong ...

> Hi Yogesh,
> The ASPNET account doesn't have permissions on the certificate keys. You can
[quoted text clipped - 93 lines]
> >> return 0;
> >> }
Reply to this Message
DBreese - 19 Oct 2005 21:42 GMT
I am running into the exact same issue -- I created my own self-signe
certs using:

makecert -sk mycert -ss Personal -$ individual -n "CN=dbreese" -
mscertfile

Then, I imported the cert into BOTH LocalMachine/Personal an
CurrentUser/Personal.

I even tried loading cert from file (in addition to loading fro
store):

X509SecurityToken token = new X509SecurityToken
X509Certificate.CreateCertFromFile(@"c:\projects\keys\client\mscertfile"));
myService.RequestSoapContext.Security.Tokens.Add( token );
myService.RequestSoapContext.Security.Elements.Add( ne
MessageSignature( token ) );

Invoke service and boom!  I get the Cryptography_CSP_NoPrivateKe
issue.

Thanks,
Dusit

--
DBrees
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.