Discussion:
ServerXMLHTTP 4.0 and Local Machine Client Certificate
(too old to reply)
FL
2006-09-08 12:40:01 UTC
Permalink
Hi,

I have not been able to use local machine client certificates using
ServerXMLHTTP from MSXML 4.0 when run under a non-administrator account,
e.g. normal IIS account IWAM_xxx.

The error I got when run code is similar as follows (in a .VBS file):
set objSrvHTTP = CreateObject("MSXML2.ServerXMLHTTP.4.0")
objSrvHTTP.setOption 3, "LOCAL MACHINE\My\MyCert.com"
objSrvHTTP.open "POST", "https://MyServer.com", false
objSrvHTTP.setRequestHeader "content-Type","text/xml"
objSrvHTTP.send objXMLDocument <--- Error here

The error I got is "Security error". The same code runs fine if run
under the local administrator account, but not if the account is a
restricted user.

I've tried giving access to local machine client certificates using
winhttpcertcfg, but it didn't work. Any hints where to look to solve
this problem? Thanks!

FL
Anthony Jones
2006-09-08 14:26:06 UTC
Permalink
Post by FL
Hi,
I have not been able to use local machine client certificates using
ServerXMLHTTP from MSXML 4.0 when run under a non-administrator account,
e.g. normal IIS account IWAM_xxx.
set objSrvHTTP = CreateObject("MSXML2.ServerXMLHTTP.4.0")
objSrvHTTP.setOption 3, "LOCAL MACHINE\My\MyCert.com"
objSrvHTTP.open "POST", "https://MyServer.com", false
objSrvHTTP.setRequestHeader "content-Type","text/xml"
objSrvHTTP.send objXMLDocument <--- Error here
The error I got is "Security error". The same code runs fine if run
under the local administrator account, but not if the account is a
restricted user.
I've tried giving access to local machine client certificates using
winhttpcertcfg, but it didn't work. Any hints where to look to solve
this problem? Thanks!
Have you tried granting access to IUSR_?

Use regedt32 to examine the security on the registry key.

We are talking Windows 2000 IIS 5.0 right?
Post by FL
FL
FL
2006-09-08 17:04:26 UTC
Permalink
Post by Anthony Jones
Post by FL
I have not been able to use local machine client certificates using
ServerXMLHTTP from MSXML 4.0 when run under a non-administrator account,
e.g. normal IIS account IWAM_xxx.
set objSrvHTTP = CreateObject("MSXML2.ServerXMLHTTP.4.0")
objSrvHTTP.setOption 3, "LOCAL MACHINE\My\MyCert.com"
objSrvHTTP.open "POST", "https://MyServer.com", false
objSrvHTTP.setRequestHeader "content-Type","text/xml"
objSrvHTTP.send objXMLDocument <--- Error here
The error I got is "Security error". The same code runs fine if run
under the local administrator account, but not if the account is a
restricted user.
I've tried giving access to local machine client certificates using
winhttpcertcfg, but it didn't work. Any hints where to look to solve
this problem? Thanks!
Have you tried granting access to IUSR_?
Yes, I have. Actually, I've also created a normal user account and tried
to run the above VBS script. It runs OK under local Admin account, but
returns an error when I run it under this normal user account.
Post by Anthony Jones
Use regedt32 to examine the security on the registry key.
Which registry entry to check?
Post by Anthony Jones
We are talking Windows 2000 IIS 5.0 right?
Using WinXP+IIS 5.1 as testing platform.

Thanks for your help.

FL

Loading...