CODEWITHSUNDEEP
c#asp.netcryptographyx509certificatersacryptoserviceprovider
Eric Debut
Eric Debut

Reputation: 31

How can I load client certificates from personal store using ASP.NET?

How can I load client certificates from personal store using ASP.NET?

If it is possible, can I a crypt data with it?

For that I created an application in ASP.NET 2.0 that retrieves all certificates installed in the client certificate store (personal) to create with it a digital signature.

but it does not work , and I don’t know what is the problem

// ...
using System.Security.Cryptography.X509Certificates;

namespace WebApplication4
{
    public partial class _Default : System.Web.UI.Page
    {
        public static string ToHexString(byte[] bytes)
        {
           // ...
        }

        protected void btnSignature_Click(object sender, EventArgs e)
        {
            X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
            store.Open(OpenFlags.OpenExistingOnly);
            X509Certificate2Collection certificates = store.Certificates;

            int a = certificates.Count;

            lbCertCount.Text = System.Convert.ToString(a);

            if (a > 0)
            {
                X509Certificate2 certificate = certificates[1];

                string publicKey = certificate.GetPublicKeyString();
                lbMypublicKey.Text = publicKey + "<br/>";

                // AsymmetricAlgorithm privateKey = certificate.PrivateKey;

                RSACryptoServiceProvider privateKey = certificate.PrivateKey as RSACryptoServiceProvider;

                // test message 
                byte[] buffer = Encoding.Default.GetBytes("Welcome");
                byte[] signature = privateKey.SignData(buffer, new SHA1Managed());
                string me = ToHexString(signature);

                lbSignature.Text = me;


                RSACryptoServiceProvider publicKey1 = certificate.PublicKey.Key as RSACryptoServiceProvider;

                bool verify = publicKey1.VerifyData(buffer, new SHA1Managed(), signature);

                if (verify == true)
                {
                    lbControl.Text = "Signature valid";
                }
                else
                {
                    lbControl.Text = "Signature not Valid";
                }
            }
        }
    }
}

Upvotes: 3

Views: 6684

Answers (2)

Jonas Stensved
Jonas Stensved

Reputation: 15296

For all Googlers:

Add this to your Web.Config:

<identity impersonate="true" />

For more information, see msdn on impersonation.

Upvotes: 2

Myles McDonnell
Myles McDonnell

Reputation: 13335

I'm guessing you have knocked up this ASP.NET app. as a test harness and it is not actually your intention to write a production application that accesses the personal cert. store on a web server? I haven't studied or tested your code at all but I would check security priviledges in the first instance. I expect the account under which the ASP.Net worker process is running does not have access to the personal cert. store.

Upvotes: 0

Related Questions