SSL https requests with client certificates from ASP.NET
Problem
Applications making https request from .net web applications (.aspx pages) are not able to use client certificates.
Cause
Client certificates are linked to user accounts, ASPX is running under ASPNET account, this account can’t access the certificates installed under user account or system account.
HttpWebRequest implementation only access the certificate only from account under which process is running or under System account. Most of the time when we install the certificate it is installed in current user account.
Possible Solutions
a) Run the service under the account which certificate is installed, but in real world this is not a feasible solution on production servers,
b) Install the certificate under System account and provide access to ASPNET service account, this could be achieved using following steps
a. Install certificate using MMC (Microsoft Management Console) or using certificate configuration tool as described in Microsoft KB article (https://support.microsoft.com/?id=823193 )
b. Tool is available at the following link
Make sure following, when installing the certificate
1) Certificate contains the private key, otherwise it can’t be used for client authentication, .cer certificate files only contain the public key, you need to have certificate with .pfx or .p12 file,
2) Make sure you are installing certificate in “My” store of the system account, following command is an example of installing certificate in “My” store of “System” account with extending access to aspnet account, follow the above link for more detailed description and usage of certificate configuration tool
WinHttpCertCfg -i mycert.pfx -p certpassword -c LOCAL_MACHINE\my –a aspnet
Note: Solution discussed here would work on .Net frameworks v1.0 with SP3 or v1.1 with SP1 install, on previous versions of frameworks clientcertificate were used only from current User store not from System acount.
- This posting is provided "AS IS" with no warranties, and confers no rights