Using ActivClient and DOD CAC Certificates in Windows Metro? RRS feed

  • Question

  • Hello,

    I am trying to build a windows metro app that will contact a web service to get some data. This services is protected by a firewall that uses DOD CAC certificates. The general idea is to have a simple xhr request that will send some info about what I want and return data accordingly. Currently I am simply testing getting past the firewalls with the following code:

    var oReq = new window.XMLHttpRequest;
            if (oReq != null) {
                oReq.open("GET", "https://example.com", true);
                oReq.withCredentials = true;
                oReq.onreadystatechange = (function() {
                    if (oReq.readyState == 4 /* complete */) {
                        if (oReq.status == 200) {
                            document.getElementById("xhrReport").innerText = oReq.responseText;
            else {
                xhrDiv.innerText = "Ajax not supported";

    So far I have this successfully prompting me to select a certificate (there are two that meet the requirements and only one that works). The only problem is it will not prompt me for my pin. Instead it gives me another screen to select a smart card device. This screen only has one listed which is ActivClient, the name of my physical smart card reader, and a message saying my smart card is ready. Upon selecting that twice it fails to connect with the following error:

    APPHOST9613: The app couldn’t navigate to https://example.com/ because of this error: DOWNLOAD_FAILURE.

    How can I get this to work?

    I have read through Gaurav Mantri's blog but I believe he is speaking of a different type of smart card.


    I am now only getting prompted to select a smart card device. The error message being displayed is:

    XMLHttpRequest: Network Error 0x2efd, Could not complete the operation due to error 00002efd.


    Turns out this works perfectly without ActivClient. Not sure why the third party tool is failing hopefully this is fixed in a newer release.

    • Edited by MikeManFlash Thursday, May 30, 2013 2:33 PM update
    Thursday, May 16, 2013 10:02 PM

All replies

  • What happens when you browse to the same site using IE? Do you get back a success page?



    @prashantphadke || Windows Store Developer Solutions #WSDevSol || Want more solutions? See our blog, Windows Store & Phone Developer Solutions

    Friday, May 17, 2013 11:44 PM
  • Sorry for the delay seems like my alerts are not set up.

    When navigating to this in IE metro it responds perfectly. I get a prompt to select my CAC, a prompt via ActivClient to select my pin, and the expected debug info.

    Is it possible that I need to use a different type of request?

    Tuesday, May 21, 2013 3:19 PM
  • The error 0x2EFD that you are getting means that the destination server could not be reached. Are you sure you are using the same URL's in IE v/s XHR? To troubleshoot the 0x2EFD error, I would recommend that you use Network Monitor or Wireshark to check which server is being contacted and not responding - by checking the SYN attempts.



    @prashantphadke || Windows Store Developer Solutions #WSDevSol || Want more solutions? See our blog, Windows Store & Phone Developer Solutions

    Tuesday, May 21, 2013 11:43 PM
  • The server cannot be reached because the authentication is failing. The server is not going to give a pretty message saying "you don't have access" the request will simply fail with no headers. This is true even in a browser if I hit cancel when prompted to select my smart card.

    However, to answer your question the code containing the link is one of the few places I have the link written down so I often copy it and insert it in other places including my browser of which it works perfectly.

    Wednesday, May 22, 2013 1:12 PM