All geek questions in one place

How to avoid admin access for SslStream.AuthenticateAsClient?

I have an application that uses the .NET SslStream class along with client and server certificates. This application works fine in Windows XP. However, on Windows 7 (probably Vista, too), the following exception occurs when calling SslStream.AuthenticateAsClient:

System.ComponentModel.Win32Exception: The credentials supplied to the package were not recognized   
  at System.Net.SSPIWrapper.AcquireCredentialsHandle(SSPIInterface SecModule, String package, CredentialUse intent, SecureCredential scc)   
  at System.Net.Security.SecureChannel.AcquireCredentialsHandle(CredentialUse credUsage, SecureCredential& secureCredential)   
  at System.Net.Security.SecureChannel.AcquireClientCredentials(Byte[]& thumbPrint)   
  at System.Net.Security.SecureChannel.GenerateToken(Byte[] input, Int32 offset, Int32 count, Byte[]& output)   
  at System.Net.Security.SecureChannel.NextMessage(Byte[] incoming, Int32 offset, Int32 count)   
  at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)   
  at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)   
  at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)   
  at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)   
  at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)   
  at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)   
  at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)   
  at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)   
  at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation)

If the application runs as β€œAdministrator in Windows 7, everything works fine. I assume that the main reason here is that AuthenticateAsClient needs a private key for the client certificate (which is installed in the personal vault of the local machine), and this requires administrator access .

: -, , ? , AuthenticateAsClient ?

+1
2

WinHttpCertCfg?

- :

winhttpcertcfg -g -c LOCAL_MACHINE\My -s MyCertificate -a TESTUSER

. .

+2

Microsoft (MMC) . . . Microsoft Windows (WinHTTP) , IWAM, .

https://msdn.microsoft.com/en-us/library/aa384088(VS.85).aspx#_using

+1

Source: https://habr.com/ru/post/1681130/

More articles:


All Articles