O
Oddmar Sandvik
Using .NET framework v1.1.4322.
My application connects up to a server using HttpWebRequest over SSL. The server certificate is selfsigned, and the CA certificate is installed on the client in Trusted Root Certification Authorities on the Local Computer account.
When I run the client application standalone, SSL communications work fine. However, when I install it as a service, the certificate cannot be validated. I override the ICertificatePolicy interface and receive an error code (0) that does not match any of the ones I have found in various examples.
I have tried with the service running both as LocalSystem (preferred) or as the same local user that I used when testing the application as a non-service. The result is the same - failure in both cases. I must resort to ignoring certificate validation. That is not an acceptable solution since there is no server authentication.
It appears that I cannot access the certificate store through .NET APIs without using P/Invoke against CryptoAPI, something I would prefer to stay away from. Thus I cannot see the CA certificates from my application.
Can anyone shed a light on why the .NET framework behaves differently when running as a service?
My application connects up to a server using HttpWebRequest over SSL. The server certificate is selfsigned, and the CA certificate is installed on the client in Trusted Root Certification Authorities on the Local Computer account.
When I run the client application standalone, SSL communications work fine. However, when I install it as a service, the certificate cannot be validated. I override the ICertificatePolicy interface and receive an error code (0) that does not match any of the ones I have found in various examples.
I have tried with the service running both as LocalSystem (preferred) or as the same local user that I used when testing the application as a non-service. The result is the same - failure in both cases. I must resort to ignoring certificate validation. That is not an acceptable solution since there is no server authentication.
It appears that I cannot access the certificate store through .NET APIs without using P/Invoke against CryptoAPI, something I would prefer to stay away from. Thus I cannot see the CA certificates from my application.
Can anyone shed a light on why the .NET framework behaves differently when running as a service?