HttpWebRequest With SSL, Problem while deploying to IIS

Hi, In one of my Asp.Net 2.0 application i have to retrieve
the data from
other server which is using the SSL Client certificates to
authenticate.

to accomplish this i have used the HttpWebRequest and pass
the SSL
Certificate to it, and it works fine while running the
project from the
Visual Studio every thing works fine but when we deploy the
site to the IIS,
it starts giving the error and returns the *"The remote
server returned an
error: (403) Forbidden.*"

I have tried to deploy the application to both the IIS 6 and
IIS 7 and the
behavior remains same, however the request logs an event in
the System Event
Log which is something like  "The remote server has
requested SSL client
authentication, but no suitable client certificate could be
found. An
anonymous connection will be attempted. This SSL connection
request may
succeed or fail, depending on the server's policy
settings."

Here is my code to create a request and pass that to the
server.

        HttpWebRequest wr =
(HttpWebRequest)WebRequest.Create(ServerURL);

        X509Certificate cert = new
X509Certificate(HttpContext.Current.Server.MapPath("~/A
pp_Data/CertName.p12"),
"Password");

        // Also Tried This but the Problem Remains Same


 //X509Certificate.CreateFromCertFile(HttpContext.Current.Se
rver.MapPath("~/App_Data/CertName.cer"));

        wr.ClientCertificates.Add(cert);

        wr.Method = "POST";
        wr.PreAuthenticate = true;
        byte[] bytes = Encoding.UTF8.GetBytes(RequestData);
        wr.ContentLength = bytes.Length;
        using (Stream requestStream =
wr.GetRequestStream())
        {
            requestStream.Write(bytes, 0, bytes.Length);
            requestStream.Flush();
            requestStream.Close();
        }

        #region "getting request and processing
it"
        using (WebResponse wrp = wr.GetResponse())
        {
            // Code to process the response
        }

I have even used the <identity
impersonate="true"
userName="xxxxxxxxx"
password="*******"/>

and also have installed the certificate to the browser but
all is in in
vain.

Can any body please help me out on this.

--
Regards,
------
Asif Raza Ashraf

===================================
This list is hosted by DevelopMentorŪ  http://www.develop.com

View archives and manage your subscription(s) at http://discuss.develop.com

1 - Is the issuer of the client cert trusted on the server?
2 - Is the CRL Distribution Point (CDP) accessible to the
server?

To test, export your client cert to a .cer file and copy it
to the server.
You can then double-click it and view the properties. 
Ensure no errors are
indicated on the "General" tab.  Then click the
"Details" tab and scroll
down and look at "CRL Distribution Points".  Make
sure you can access the
primary CDP (The first location listed) from the server.

--
Steve Johnson

On Thu, Jul 17, 2008 at 12:48 AM, Asif Raza Ashraf
<5177637gmail.com>
wrote:

> Hi, In one of my Asp.Net 2.0 application i have to
retrieve the data from
> other server which is using the SSL Client certificates
to authenticate.
>
> to accomplish this i have used the HttpWebRequest and
pass the SSL
> Certificate to it, and it works fine while running the
project from the
> Visual Studio every thing works fine but when we deploy
the site to the
> IIS,
> it starts giving the error and returns the *"The
remote server returned an
> error: (403) Forbidden.*"
>
> I have tried to deploy the application to both the IIS
6 and IIS 7 and the
> behavior remains same, however the request logs an
event in the System
> Event
> Log which is something like  "The remote server
has requested SSL client
> authentication, but no suitable client certificate
could be found. An
> anonymous connection will be attempted. This SSL
connection request may
> succeed or fail, depending on the server's policy
settings."
>
> Here is my code to create a request and pass that to
the server.
>
>        HttpWebRequest wr =
(HttpWebRequest)WebRequest.Create(ServerURL);
>
>        X509Certificate cert = new
>
>
X509Certificate(HttpContext.Current.Server.MapPath("~/A
pp_Data/CertName.p12"),
> "Password");
>
>        // Also Tried This but the Problem Remains Same
>
>
>
> 
//X509Certificate.CreateFromCertFile(HttpContext.Current.Ser
ver.MapPath("~/App_Data/CertName.cer"));
>
>        wr.ClientCertificates.Add(cert);
>
>        wr.Method = "POST";
>        wr.PreAuthenticate = true;
>        byte[] bytes =
Encoding.UTF8.GetBytes(RequestData);
>        wr.ContentLength = bytes.Length;
>        using (Stream requestStream =
wr.GetRequestStream())
>        {
>            requestStream.Write(bytes, 0,
bytes.Length);
>            requestStream.Flush();
>            requestStream.Close();
>        }
>
>        #region "getting request and processing
it"
>        using (WebResponse wrp = wr.GetResponse())
>        {
>            // Code to process the response
>        }
>
> I have even used the <identity
impersonate="true"
userName="xxxxxxxxx"
> password="*******"/>
>
> and also have installed the certificate to the browser
but all is in in
> vain.
>
> Can any body please help me out on this.
>
> --
> Regards,
> ------
> Asif Raza Ashraf
>
> ===================================
> This list is hosted by DevelopMentor(R)  http://www.develop.com
>
> View archives and manage your subscription(s) at
> http://discuss.develop.com

>

===================================
This list is hosted by DevelopMentorŪ  http://www.develop.com

View archives and manage your subscription(s) at http://discuss.develop.com

Hi Steve,
Thanks for the reply,

In the General Tab there is no error and it has the Text 
Under This
Certificate is Intended for  the following purposes:
"All application
policies"

On the Details Tab I didn't find any CRL Distribution
Points. but there is a
Key Usage field which says "Digital Signature, Key
Encipherment, Data
Encipherment (b0)"

--
Regards,
------
Asif Raza Ashraf


On Thu, Jul 17, 2008 at 3:17 PM, Steve Johnson
<sjjohnsonpobox.com> wrote:

> 1 - Is the issuer of the client cert trusted on the
server?
> 2 - Is the CRL Distribution Point (CDP) accessible to
the server?
>
> To test, export your client cert to a .cer file and
copy it to the server.
> You can then double-click it and view the properties. 
Ensure no errors are
> indicated on the "General" tab.  Then click
the "Details" tab and scroll
> down and look at "CRL Distribution Points". 
Make sure you can access the
> primary CDP (The first location listed) from the
server.
>
> --
> Steve Johnson
>
> On Thu, Jul 17, 2008 at 12:48 AM, Asif Raza Ashraf
<5177637gmail.com>
> wrote:
>
> > Hi, In one of my Asp.Net 2.0 application i have to
retrieve the data from
> > other server which is using the SSL Client
certificates to authenticate.
> >
> > to accomplish this i have used the HttpWebRequest
and pass the SSL
> > Certificate to it, and it works fine while running
the project from the
> > Visual Studio every thing works fine but when we
deploy the site to the
> > IIS,
> > it starts giving the error and returns the
*"The remote server returned
> an
> > error: (403) Forbidden.*"
> >
> > I have tried to deploy the application to both the
IIS 6 and IIS 7 and
> the
> > behavior remains same, however the request logs an
event in the System
> > Event
> > Log which is something like  "The remote
server has requested SSL client
> > authentication, but no suitable client certificate
could be found. An
> > anonymous connection will be attempted. This SSL
connection request may
> > succeed or fail, depending on the server's policy
settings."
> >
> > Here is my code to create a request and pass that
to the server.
> >
> >        HttpWebRequest wr =
(HttpWebRequest)WebRequest.Create(ServerURL);
> >
> >        X509Certificate cert = new
> >
> >
>
X509Certificate(HttpContext.Current.Server.MapPath("~/A
pp_Data/CertName.p12"),
> > "Password");
> >
> >        // Also Tried This but the Problem Remains
Same
> >
> >
> >
> >
> 
//X509Certificate.CreateFromCertFile(HttpContext.Current.Ser
ver.MapPath("~/App_Data/CertName.cer"));
> >
> >        wr.ClientCertificates.Add(cert);
> >
> >        wr.Method = "POST";
> >        wr.PreAuthenticate = true;
> >        byte[] bytes =
Encoding.UTF8.GetBytes(RequestData);
> >        wr.ContentLength = bytes.Length;
> >        using (Stream requestStream =
wr.GetRequestStream())
> >        {
> >            requestStream.Write(bytes, 0,
bytes.Length);
> >            requestStream.Flush();
> >            requestStream.Close();
> >        }
> >
> >        #region "getting request and
processing it"
> >        using (WebResponse wrp = wr.GetResponse())
> >        {
> >            // Code to process the response
> >        }
> >
> > I have even used the <identity
impersonate="true"
userName="xxxxxxxxx"
> > password="*******"/>
> >
> > and also have installed the certificate to the
browser but all is in in
> > vain.
> >
> > Can any body please help me out on this.
> >
> > --
> > Regards,
> > ------
> > Asif Raza Ashraf
> >
> > ===================================
> > This list is hosted by DevelopMentor(R)  http://www.develop.com
> >
> > View archives and manage your subscription(s) at
> > http://discuss.develop.com

> >
>
> ===================================
> This list is hosted by DevelopMentor(R)  http://www.develop.com
>
> View archives and manage your subscription(s) at
> http://discuss.develop.com

>

===================================
This list is hosted by DevelopMentorŪ  http://www.develop.com

View archives and manage your subscription(s) at http://discuss.develop.com