httpwebrequest and client certificates

[Guest]

We retrieve data from a company called XYZ through httpwebrequest.
The program is coded using VB.NET
They have given a certificate to install.
This certificate is included with the request object.I use httpwebrequest to
retrieve data. The certificate is added to the client certificates collection.

When this component is called from a windows application, I can retrieve the
data.
When this component is called from a web page, I get the following error
The remote server returned an error 403 forbidden.
we have no special setting in machine.config for the section processmodel.
The aspnet process is running under the username aspnet.
if I deploy my component in COM+, it runs successfully.
we feel it is because of permission issue for the user ASPNET .
I have used winhttpcertcfg tool from microsoft to give access to the private
key for the user ASPNET.
The certificate is installed under local machine account in the folder
Personals(LOCAL_MACHINE\MY).
I have no success even after utilizing winhttpcertcfg . I feel that the
httpwebrequest is somehow not passing the client certificate.
to the server. I donot want to put this component in COM+ or make any
changes to Processmodel section of machine.config files.
give me some insights into the issue

 

[Eliyahu Goldin]

You are right, you are having a permission issue for the user ASPNET. When I
had a similar problem, I didn't have any luck with winhttpcertcfg either. I
ended up with running the request under the same account as the certificate
was installed under. In your case this translates to changing your ASPNET
user in machine.config.

Wish you to find a better solution.

Eliyahu