Hello everybody. I build up a webservice using vbscript and C# to get information from a specific CHG or Incident. It all worked fine until a new policy came in to squash my work. I used the login constructor to authenticate (User and PW) but now I must use a PKI auth. I know I must use the loginservicemanaged constructor and I have the certificate (.p12) locally for testing. But I am unable to properly authenticate. It gives me the error "invalid login policy encryption".
Here it is the main code:
private string GetCertificado()
// Certificados X509 Versão 3
string strPKI = string.Empty;
X509Certificate2 objCertificado = null;
X509Store localiz_certif = new X509Store(StoreName.Root, StoreLocation.LocalMachine);
//-> strNomeCert="CN=ServiceDesk ZDACPolicy"
X509Certificate2Collection Resultado =
localiz_certif.Certificates.Find(X509FindType.FindByIssuerDistinguishedName, _strNomeCertif, true);
if (Resultado.Count != 0)
objCertificado = Resultado;
//strPKI = objCertificado.PrivateKey.ToXmlString(false);
strPKI = Convert.ToBase64String(objCertificado.Export(X509ContentType.Cert), Base64FormattingOptions.None);
public int Ligar(string strCertifPKI)
strSID = objCAWebService.loginServiceManaged ("ZDACPolicy", strCertifPKI);
int intSID = int.Parse(strSID);
catch (Exception erro)
Has anyone implemented code using a PKI with the loginservicemanaged?
Thanks in advance.
Hi, basicaly what you need to do is to extract private key from certificate and sign policy name with it. I do not see this hapening in your code. Please use C:\CA\SDM\samples\sdk\websvc\java\test1_pki\USDWSUtil.java for the reference
Hello Gutis. I do not have CA installed in my local machine, therefore I cannot view the USDWSUtil.java reference. After the signing of the policy what I have to do next? Encode it with Base64?
Thanks for the reply.
Yes you need to encode it.
I have attached USDWSUtil.java for you.
I am going to try. Thanks
Hello Gutis - I cannot implement the code you provided because it is JAVA and I am coding in C#. However the code gave me some insight but I am getting an "Invalid Login Policy Encryption" error.
Here's my code (I can get the certificate that is stored):
Maybe you can help me out.
Hello, i am not programer, but i don't see where in your code you have extracted private key from the certificate. As far as i understand you exporting certificate from localMachine store, but i don't see where you extracting private key from the certificate using policy name as password.
You are right - I've changed the code a little but the error msg still maintains.
strSID = objCAWebService.loginServiceManaged ("xxxxPolicy", strCertifPKI);
From your code it seems that you are signing certificate itself instead of policy name
Thank you for your help and effort Gutis - I shall introspect and code accordingly.
Hello Gutis, I changed the code, tried to do what you had written, but to no avail. It still gives me "Invalid policy encription"...
I have found an old test executable that we used to test this method. Since i was not able to find source i have decompiled it. So project most probably will not compile but it will give you some guidance
Hello Gutis and thank you very much for showing me such corporate project! I just look at it very fast but I think this could help alot, mainly the UsdList.cs tiny little file... It looks promising and I think you do not need to give me guidance. Thanks again for your big and opportune effort.
Hello Gutis and... THANK YOU!!!!!
I only used the file that I told you (UsdList.cs) to make it work.
But I had, offcourse to modify alot of code. Moreover, the uppercase and lowercase didn't worked at all. The code returned an uppercase string which it does not work in my case. I tested extensively and the policy string must be equal as it is displayed in the MMC's console of the certificate tree.
I searched and posted in other forums but nobody could help me out. You don't know how much did you helped me! Thank you so much Gutis!
You are welcome