Connection problems when using SSL
Posted: Thu 07 Oct 2010 17:56
I have tried this with the latest version of the drivers and an older version and the problem exists in all the versions...
Steps:
PREPARATION:
1. Configure db server to require SSL
2. Create two client applications that connect to the database and execute some query, one that runs as a Windows Service (LOCAL SYSTEM user account) and the other that runs as a web application (ASPNET user account on XP and Network Service user account on Win2k3)
3. The connection string just needs to use Protocol=Ssl. There is no need to specify a CA-Cert or client certs.
CASE 1: FAILS
1. Take an XP machine and go to your "C:\Documents and Settings\All
Users\Application Data\Microsoft\Crypto\RSA\MachineKeys" folder and delete all files from there.
2. Start the Windows Service first. After a db connection is made, a new file (let's call is "x") is created in the machinekeys folder.
3. Start the web application and notice the connection problems.
Cause: The web application tries to read the "x" file and has not access on it. It then tries to create a file under it's own user profile (ASPNET user's profile) but fails because it picks the wrong folder location to do so.
It tries to create the file "x" under the following folder that does not exist:
C:\Documents and Settings\ASPNET\Application Data\Microsoft\Crypto\RSA\
The correct path should be:
C:\Documents and Settings\\ASPNET\Application Data\Microsoft\Crypto\RSA\
CASE 2: PASS
1. Take a Windows 2k3 machine and go to your "C:\Documents and Settings\All
Users\Application Data\Microsoft\Crypto\RSA\MachineKeys" folder and delete all files from there.
2. Start the Windows Service first. After a db connection is made, a new file (let's call is "x") is created in the machinekeys folder.
3. Start the web application and notice the connection passes.
Cause: The web application tries to read the "x" file and has not access on it. It then tries to create a file under it's own user profile (Network Service user's profile) and succeeds.
It tries to create the file "x" under the following folder that does not exist:
C:\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto\RSA\
--------
We need a resolution to this behavior in next few weeks because he offer Ssl connectivity to the database and our product has windows services and web clients that run on the same machine.
Steps:
PREPARATION:
1. Configure db server to require SSL
2. Create two client applications that connect to the database and execute some query, one that runs as a Windows Service (LOCAL SYSTEM user account) and the other that runs as a web application (ASPNET user account on XP and Network Service user account on Win2k3)
3. The connection string just needs to use Protocol=Ssl. There is no need to specify a CA-Cert or client certs.
CASE 1: FAILS
1. Take an XP machine and go to your "C:\Documents and Settings\All
Users\Application Data\Microsoft\Crypto\RSA\MachineKeys" folder and delete all files from there.
2. Start the Windows Service first. After a db connection is made, a new file (let's call is "x") is created in the machinekeys folder.
3. Start the web application and notice the connection problems.
Cause: The web application tries to read the "x" file and has not access on it. It then tries to create a file under it's own user profile (ASPNET user's profile) but fails because it picks the wrong folder location to do so.
It tries to create the file "x" under the following folder that does not exist:
C:\Documents and Settings\ASPNET\Application Data\Microsoft\Crypto\RSA\
The correct path should be:
C:\Documents and Settings\\ASPNET\Application Data\Microsoft\Crypto\RSA\
CASE 2: PASS
1. Take a Windows 2k3 machine and go to your "C:\Documents and Settings\All
Users\Application Data\Microsoft\Crypto\RSA\MachineKeys" folder and delete all files from there.
2. Start the Windows Service first. After a db connection is made, a new file (let's call is "x") is created in the machinekeys folder.
3. Start the web application and notice the connection passes.
Cause: The web application tries to read the "x" file and has not access on it. It then tries to create a file under it's own user profile (Network Service user's profile) and succeeds.
It tries to create the file "x" under the following folder that does not exist:
C:\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto\RSA\
--------
We need a resolution to this behavior in next few weeks because he offer Ssl connectivity to the database and our product has windows services and web clients that run on the same machine.