Hi,
A few weeks ago, someone asked the same question.
It turned out that the ASP application runs with USER privileges, which
cannot do that. you have to call RevertToSelf to fall back to system
privileges, do the Cert stuff, and then get back to the previous
impersonation level.
Below you will find my answer then.
please note that I have not tested this myself, but the guy who asked the
question then said he'd give it a try, and I didn't hear from him again, so
I assume that it worked.
his original post on January the 11th was called:
Using RevertToSelf in DLL to be used from classic ASP webapplication
Kind regards,
Bruno.
<reply>
use OpenThreadToken to obtain the current token. if i understand you
correctly, the process is running as system, but that specific thread is
running as another user.
if that is true, the thread will have its own token which you will now have.
then you call RevertToSelf, which reverts to the original process token, do
whatever you need to do and call ImpersonateLoggedOnUser with the thread
token you obtained earlier to get back to the security status you originally
had before reverting.
i don't know if RevertToSelf will close the original thread token. if it
does, you should call DuplicateToken to create a duplicate or the thread
token before you revert, and then use the duplicate when calling
ImpersonateLoggedOnUser.
</reply>
The call CertOpenSystemStore(0, "MY") in a C++ COM DLL returns an "Access is
denied" error when called from a classic ASP webapplication.
Doesn't the IUSR and/or IWAM account by default have the proper
authorisation to call CertOpenSystemStore() ?