Home All Groups Group Topic Archive Search About

CAPICOM problem:cannot access certificate store

microsoft.public.dotnet.security
Author
27 May 2005 9:30 AM
edwards
Hello, Could you help me ?
I am developing a web application that needs to create a signature. To do
this I am using CAPICOM but I have a problem:
When I try to obtain the certificate from a certificate store but I get a
exception which says that the Certificate store is empty (this is not true,
of course):

System.Runtime.InteropServices.COMException(0x80880231):The certificate
store does not contain any certificate.

But, when I use the same code in windows application, it runs ok. 
I use CAPICOM2.0.0.3,runs on Windows XP,IIS 5.1

What is hapenning? How can i solve it?

ahh.. if I could not solve my problem..

The code is listed following, it's from MSDN sample code:


Sub Signfile(ByVal InputFileName As String, ByVal _
     OutputFileName As String)

        'On Error GoTo ErrorHandler
        Dim content As String
        Dim signature As String
        Dim MyStore As New Store()
        Dim Signobj As New SignedData()
        Dim Signer As New Signer()

        ' NOTE: the name 'Attribute' is not a unique name
        ' and must be preceded by 'CAPICOM.'
        Dim SigningTime As New CAPICOM.Attribute()

        ' Open the MY store and retrieve the first certificate from the
        ' Store. The signing operation will only work if this
        ' certificate is valid and has access to the signer's private key.
        MyStore.Open(CAPICOM_STORE_LOCATION.CAPICOM_CURRENT_USER_STORE,
"MY", CAPICOM_STORE_OPEN_MODE.CAPICOM_STORE_OPEN_READ_ONLY)
        'Signer.Certificate = MyStore.Certificates.Item(1)

        ' Open the input file and read the content to be signed from the file.
        FileOpen(1, InputFileName, OpenMode.Input)
        While Not EOF(1)
            content = LineInput(1)
        End While

        FileClose(1)

        ' Set the content to be signed.
        Signobj.Content = content

        ' Save the time the data was signed as a signer attribute.
        SigningTime.Name =
CAPICOM_ATTRIBUTE.CAPICOM_AUTHENTICATED_ATTRIBUTE_SIGNING_TIME
        SigningTime.Value = Now
        Signer.AuthenticatedAttributes.Add(SigningTime)

        ' Sign the content using the signer's private key.
        ' The 'True' parameter indicates that the content signed is not
        ' included in the signature string.
        'signature = Signobj.Sign(Signer, True)
        signature = Signobj.Sign(Nothing, True)
        FileOpen(2, OutputFileName, OpenMode.Output)
        Write(2, signature)
        FileClose(2)

        'MsgBox("Signature done - Saved to file" & OutputFileName)
        Signobj = Nothing
        MyStore = Nothing
        Signer = Nothing
        SigningTime = Nothing

        Exit Sub

        'ErrorHandler:
        '       If Err.Number > 0 Then
        '          MsgBox("Visual Basic error found:" & Err.Description)
        '     Else
        '        MsgBox("CAPICOM error found : " & Err.Number)
        '   End If
    End Sub

Author
31 May 2005 11:07 PM
Sam Davis
It has to do with the user profile that is running the application. I had the
same issue and tried the following code.

/* Determine if the Cert Store has what we need */
            CertStore.Open(CAPICOM.CAPICOM_STORE_LOCATION.CAPICOM_CURRENT_USER_STORE
, "MY", CAPICOM.CAPICOM_STORE_OPEN_MODE.CAPICOM_STORE_OPEN_READ_ONLY);
            CertList = (CAPICOM.Certificates)CertStore.Certificates;
            CertList2 =
(CAPICOM.Certificates)CertList.Find(CAPICOM.CAPICOM_CERTIFICATE_FIND_TYPE.CAPICOM_CERTIFICATE_FIND_ISSUER_NAME, strCertName, false);
            nCertFound = CertList2.Count;

            if(nCertFound == 0)
            {                 CertStore.Open(CAPICOM.CAPICOM_STORE_LOCATION.CAPICOM_LOCAL_MACHINE_STORE, "ROOT", CAPICOM.CAPICOM_STORE_OPEN_MODE.CAPICOM_STORE_OPEN_READ_ONLY);
                CertList = (CAPICOM.Certificates)CertStore.Certificates;
                CertList2 =
(CAPICOM.Certificates)CertList.Find(CAPICOM.CAPICOM_CERTIFICATE_FIND_TYPE.CAPICOM_CERTIFICATE_FIND_ISSUER_NAME , strCertName, false);
                nCertFound = CertList2.Count;
            }


Hope this Helps!

Sam

Show quoteHide quote
"edwards" wrote:

> Hello, Could you help me ?
> I am developing a web application that needs to create a signature. To do
> this I am using CAPICOM but I have a problem:
> When I try to obtain the certificate from a certificate store but I get a
> exception which says that the Certificate store is empty (this is not true,
> of course):
>
> System.Runtime.InteropServices.COMException(0x80880231):The certificate
> store does not contain any certificate.

> But, when I use the same code in windows application, it runs ok. 
> I use CAPICOM2.0.0.3,runs on Windows XP,IIS 5.1

> What is hapenning? How can i solve it?
>
> ahh.. if I could not solve my problem..

> The code is listed following, it's from MSDN sample code:


>  Sub Signfile(ByVal InputFileName As String, ByVal _
>      OutputFileName As String)

>         'On Error GoTo ErrorHandler
>         Dim content As String
>         Dim signature As String
>         Dim MyStore As New Store()
>         Dim Signobj As New SignedData()
>         Dim Signer As New Signer()

>         ' NOTE: the name 'Attribute' is not a unique name
>         ' and must be preceded by 'CAPICOM.'
>         Dim SigningTime As New CAPICOM.Attribute()

>         ' Open the MY store and retrieve the first certificate from the
>         ' Store. The signing operation will only work if this
>         ' certificate is valid and has access to the signer's private key.
>         MyStore.Open(CAPICOM_STORE_LOCATION.CAPICOM_CURRENT_USER_STORE,
> "MY", CAPICOM_STORE_OPEN_MODE.CAPICOM_STORE_OPEN_READ_ONLY)
>         'Signer.Certificate = MyStore.Certificates.Item(1)

>         ' Open the input file and read the content to be signed from the file.
>         FileOpen(1, InputFileName, OpenMode.Input)
>         While Not EOF(1)
>             content = LineInput(1)
>         End While

>         FileClose(1)

>         ' Set the content to be signed.
>         Signobj.Content = content

>         ' Save the time the data was signed as a signer attribute.
>         SigningTime.Name =
> CAPICOM_ATTRIBUTE.CAPICOM_AUTHENTICATED_ATTRIBUTE_SIGNING_TIME
>         SigningTime.Value = Now
>         Signer.AuthenticatedAttributes.Add(SigningTime)

>         ' Sign the content using the signer's private key.
>         ' The 'True' parameter indicates that the content signed is not
>         ' included in the signature string.
>         'signature = Signobj.Sign(Signer, True)
>         signature = Signobj.Sign(Nothing, True)
>         FileOpen(2, OutputFileName, OpenMode.Output)
>         Write(2, signature)
>         FileClose(2)

>         'MsgBox("Signature done - Saved to file" & OutputFileName)
>         Signobj = Nothing
>         MyStore = Nothing
>         Signer = Nothing
>         SigningTime = Nothing

>         Exit Sub

>         'ErrorHandler:
>         '       If Err.Number > 0 Then
>         '          MsgBox("Visual Basic error found:" & Err.Description)
>         '     Else
>         '        MsgBox("CAPICOM error found : " & Err.Number)
>         '   End If
>     End Sub
>



Post Other interesting topics
sslstream and certificates
Appl. Security Problems
Impersonation through HttpModule
hotmail
Security exception related to network
IIS / SQL Server impersonation
How many keys?
problem:referenced assembly "XPCommonControls(a free third party component)" has no strongName.
Migrating users to asp.net 2.0 from CSK and setting passwords
Changing MSN Messenger Display Name for NON msn/hotmail email addr