locked
IXMLHTTPRequest2 ssl client authentication

    Question

  • Hi all,

    I'm having trouble getting client authentication to work using an IXMLHTTPRequest2 connection. This is similar to other problems already asked on here, but different enough that those questions didn't help solve my problem.

    What I'm finding is my app will connect to the server and prompt the user for the certificate without problem. Client cert has the "Client Authentication" OID 1.3.6.1.5.5.7.3.2 set in "Enhanced Key Usage", and installed in Personal/Certificates. The CA that signed the client cert is also installed in Trusted Root Certificate Authorities.

    This CA is also the servers CA.

    If I connect with IE everything passes. If I connect with the IE app everything passes. Users are prompted for the cert and then prompted to allow access to the cryptographic key.

    My problem is my app prompts for the cert but never gets to the stage where it asks the user to grant access to the key.

    The server logs show the client closing the connection after the server sends the client a certificate request. My code returns "The download of the specified resource has failed"

    Because these certs are accepted by IE I'm wondering if there is a setting in IXMLHTTPRequest2 I need to set, or a capability I need to add to my app to allow this connection to continue.

    Capabilities set are "Enterprise Authentication", "Home/Work Networking", "Internet (Client)" and "Shared User-Certificates"

    Any hints would be extremely appreciated.

    Monday, October 29, 2012 3:40 PM

Answers

All replies