windows service with digital certificate token
-
Hy, I have the following application: - server application that uses a digital certificate to login to a website; first time i run the app it requires the pin number from the token... certificate is stored on token); i use X509CertificateUI to select the certificate and it pops-up the token client to enter pin number; - client application connects to my server app and send some data which the server passes to the website to get response and send back to the client. Everything is working ok. BUT... i want to make it a windows service. (currently is form based). I have done the service part, i installed it, can start it from the service manager, but it doesn't show the certificate selection and the token client for the pin. here is the server code to get the certificate;
var store = new X509Store("MY", StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);X509Certificate2Collection selection = X509Certificate2UI.SelectFromCollection(store.Certificates, "Digital Certificates", "Select a certificate from the following list:", X509SelectionFlag. SingleSelection);After i select it and enter the token pin number it works ok, but haven't been able to do the same as a windows service. I have also exported the certificate into a file from the token and declared a x509cert from local file but it should also require the token pin number.
X509Certificate2 localCert = new X509Certificate2(Environment.GetFolderPath(Environment.SpecialFolder.MyDocuments) + "\\my.cer");
return localCert;thanks
-
Hy, I have the following application: - server application that uses a digital certificate to login to a website; first time i run the app it requires the pin number from the token... certificate is stored on token); i use X509CertificateUI to select the certificate and it pops-up the token client to enter pin number; - client application connects to my server app and send some data which the server passes to the website to get response and send back to the client. Everything is working ok. BUT... i want to make it a windows service. (currently is form based). I have done the service part, i installed it, can start it from the service manager, but it doesn't show the certificate selection and the token client for the pin. here is the server code to get the certificate;
var store = new X509Store("MY", StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);X509Certificate2Collection selection = X509Certificate2UI.SelectFromCollection(store.Certificates, "Digital Certificates", "Select a certificate from the following list:", X509SelectionFlag. SingleSelection);After i select it and enter the token pin number it works ok, but haven't been able to do the same as a windows service. I have also exported the certificate into a file from the token and declared a x509cert from local file but it should also require the token pin number.
X509Certificate2 localCert = new X509Certificate2(Environment.GetFolderPath(Environment.SpecialFolder.MyDocuments) + "\\my.cer");
return localCert;thanks
I believe you have to install the service as the user who's certificate will be used. I bet you're installing it as Local System or something like that.
".45 ACP - because shooting twice is just silly" - JSOP, 2010
-----
You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010
-----
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass." - Dale Earnhardt, 1997 -
I believe you have to install the service as the user who's certificate will be used. I bet you're installing it as Local System or something like that.
".45 ACP - because shooting twice is just silly" - JSOP, 2010
-----
You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010
-----
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass." - Dale Earnhardt, 1997You're betting wrong. It does not matter how i install the service. I tried with Local System and with User but i get the same issue. Using the X509Certificate2UI throws exception: "The current session is not interactive"... which is kinda obvious Using the X509Certificate2 from file I get "Cannot create secure SSL/TLS channel" because it does not prompt me to enter the token pin number.
-
Hy, I have the following application: - server application that uses a digital certificate to login to a website; first time i run the app it requires the pin number from the token... certificate is stored on token); i use X509CertificateUI to select the certificate and it pops-up the token client to enter pin number; - client application connects to my server app and send some data which the server passes to the website to get response and send back to the client. Everything is working ok. BUT... i want to make it a windows service. (currently is form based). I have done the service part, i installed it, can start it from the service manager, but it doesn't show the certificate selection and the token client for the pin. here is the server code to get the certificate;
var store = new X509Store("MY", StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);X509Certificate2Collection selection = X509Certificate2UI.SelectFromCollection(store.Certificates, "Digital Certificates", "Select a certificate from the following list:", X509SelectionFlag. SingleSelection);After i select it and enter the token pin number it works ok, but haven't been able to do the same as a windows service. I have also exported the certificate into a file from the token and declared a x509cert from local file but it should also require the token pin number.
X509Certificate2 localCert = new X509Certificate2(Environment.GetFolderPath(Environment.SpecialFolder.MyDocuments) + "\\my.cer");
return localCert;thanks
-
Services aren't supposed to launch UI windows. It looks like the certificate API is respecting that.
I already saw that... hence the "which is obvious...". I was asking if there is any other solution to pass the pin code.
-
I already saw that... hence the "which is obvious...". I was asking if there is any other solution to pass the pin code.
Have you tried using a datafile to store the pin code and have the windows service read that file?
".45 ACP - because shooting twice is just silly" - JSOP, 2010
-----
You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010
-----
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass." - Dale Earnhardt, 1997 -
Hy, I have the following application: - server application that uses a digital certificate to login to a website; first time i run the app it requires the pin number from the token... certificate is stored on token); i use X509CertificateUI to select the certificate and it pops-up the token client to enter pin number; - client application connects to my server app and send some data which the server passes to the website to get response and send back to the client. Everything is working ok. BUT... i want to make it a windows service. (currently is form based). I have done the service part, i installed it, can start it from the service manager, but it doesn't show the certificate selection and the token client for the pin. here is the server code to get the certificate;
var store = new X509Store("MY", StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);X509Certificate2Collection selection = X509Certificate2UI.SelectFromCollection(store.Certificates, "Digital Certificates", "Select a certificate from the following list:", X509SelectionFlag. SingleSelection);After i select it and enter the token pin number it works ok, but haven't been able to do the same as a windows service. I have also exported the certificate into a file from the token and declared a x509cert from local file but it should also require the token pin number.
X509Certificate2 localCert = new X509Certificate2(Environment.GetFolderPath(Environment.SpecialFolder.MyDocuments) + "\\my.cer");
return localCert;thanks
You probably already googled your issue, but I did find this (search phrase is "C# windows service load 509 certificate"): http://msdn.microsoft.com/en-us/library/ms731899.aspx[^]
".45 ACP - because shooting twice is just silly" - JSOP, 2010
-----
You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010
-----
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass." - Dale Earnhardt, 1997
