|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
HttpWebRequest.GetRequestStream - Trust Failure In Windows ServiceThe code with this call works fine when hosted in a Console application, but
throws error Trust Failure - The underlying connection was closed: could not establish trust relationship with remote server when run in a windows service. I have spent almost the whole day reading about security, attributes, etc. but I just can't get this to work. A few questions:
1. Do both the console and service calls attempt to connect to the exact same URL (incl. use of https protocol)? 2. Are both the console and service run from the same machine? 3. Are both the console and service run under the same Windows user account? (If the answer to any of the above is "no", please provide details on the differences.) 4. Does the target server require that a client certificate be provided? Show quoteHide quote "FloridaCoder" <FloridaCo***@discussions.microsoft.com> wrote in message news:442FCE06-B609-4D6C-98CF-B51FF41FA3E1@microsoft.com... > The code with this call works fine when hosted in a Console application, > but > throws error Trust Failure - The underlying connection was closed: could > not > establish trust relationship with remote server when run in a windows > service. > > I have spent almost the whole day reading about security, attributes, etc. > but I just can't get this to work. 1. Yes, both apps execute the exact same code.
2. Yes. 3. The console program, I assume, uses my logged on user account, the windows service uses the LocalSystem account. I will experiment with having it use my user account. 4. Yes, a simple certificate that I installed in IE. I don't do anything in my code to reference this certificate so I don't know why it works for the console app and not the Window Service. Show quoteHide quote "Nicole Calinoiu" wrote: > A few questions: > > 1. Do both the console and service calls attempt to connect to the exact > same URL (incl. use of https protocol)? > 2. Are both the console and service run from the same machine? > 3. Are both the console and service run under the same Windows user > account? > > (If the answer to any of the above is "no", please provide details on the > differences.) > > 4. Does the target server require that a client certificate be provided? > > > > "FloridaCoder" <FloridaCo***@discussions.microsoft.com> wrote in message > news:442FCE06-B609-4D6C-98CF-B51FF41FA3E1@microsoft.com... > > The code with this call works fine when hosted in a Console application, > > but > > throws error Trust Failure - The underlying connection was closed: could > > not > > establish trust relationship with remote server when run in a windows > > service. > > > > I have spent almost the whole day reading about security, attributes, etc. > > but I just can't get this to work. > > > I changed the service user to my logon user and it works.
Thanks so much for getting me pointed in the right direction. If you can give me some pointers of what permission is involved that my user logon has that LocalSystem doesn't and how I can change LocalSystem, that would be great. Again, thanks Show quoteHide quote "Nicole Calinoiu" wrote: > A few questions: > > 1. Do both the console and service calls attempt to connect to the exact > same URL (incl. use of https protocol)? > 2. Are both the console and service run from the same machine? > 3. Are both the console and service run under the same Windows user > account? > > (If the answer to any of the above is "no", please provide details on the > differences.) > > 4. Does the target server require that a client certificate be provided? > > > > "FloridaCoder" <FloridaCo***@discussions.microsoft.com> wrote in message > news:442FCE06-B609-4D6C-98CF-B51FF41FA3E1@microsoft.com... > > The code with this call works fine when hosted in a Console application, > > but > > throws error Trust Failure - The underlying connection was closed: could > > not > > establish trust relationship with remote server when run in a windows > > service. > > > > I have spent almost the whole day reading about security, attributes, etc. > > but I just can't get this to work. > > > It probably has nothing to do with permissions. When you installed the
client certificate via IE, you were placing it in a user-specific store. The LocalSystem account doesn't have a corresponding certificate, so its requests fail. See http://msdn.microsoft.com/library/en-us/dnnetsec/html/secnetht13.asp for more information and instructions on how to use the machine store rather than a user-level store. (N.B.: You can also use the MMC certificates snap-in to manage the certificate store.) Show quoteHide quote "FloridaCoder" <FloridaCo***@discussions.microsoft.com> wrote in message news:72FD9AF4-0633-436C-9B8E-7F0BEFD0A4FD@microsoft.com... >I changed the service user to my logon user and it works. > > Thanks so much for getting me pointed in the right direction. > > If you can give me some pointers of what permission is involved that my > user > logon has that LocalSystem doesn't and how I can change LocalSystem, that > would be great. > > Again, thanks > > "Nicole Calinoiu" wrote: > >> A few questions: >> >> 1. Do both the console and service calls attempt to connect to the exact >> same URL (incl. use of https protocol)? >> 2. Are both the console and service run from the same machine? >> 3. Are both the console and service run under the same Windows user >> account? >> >> (If the answer to any of the above is "no", please provide details on the >> differences.) >> >> 4. Does the target server require that a client certificate be provided? >> >> >> >> "FloridaCoder" <FloridaCo***@discussions.microsoft.com> wrote in message >> news:442FCE06-B609-4D6C-98CF-B51FF41FA3E1@microsoft.com... >> > The code with this call works fine when hosted in a Console >> > application, >> > but >> > throws error Trust Failure - The underlying connection was closed: >> > could >> > not >> > establish trust relationship with remote server when run in a windows >> > service. >> > >> > I have spent almost the whole day reading about security, attributes, >> > etc. >> > but I just can't get this to work. >> >> >> 
Other interesting topics
Import RSA parameters from .PEM format
LogonUser Succeeds - but fails later Getting User Information from a SID Authenticate User in Windows 2000 machine Export and Import RSA Key Container Get an unauthenticated windowsIdentity? Cryptography implementation using memeorystream Forms Authentication Not Redirecting To Login Page I'm not sure I get this 'salt' thing problem to run WINDOW user control in IE |
|||||||||||||||||||||||
