Using RevertToSelf in DLL to be used from classic ASP webapplication

  • Thread starter Marja Ribbers-de Vroed
  • Start date
M

Marja Ribbers-de Vroed

Hi,

I've developed a COM DLL in Visual C++ to generate a digital signature based on a certificate read from a PFX file.
This DLL is used in a classic ASP webapplication to digitally sign a XML message before sending it to another party.

To process the PFX file I use the CryptoAPI function PFXImportCertStore, but RevertToSelf must be called prior to calling PFXImportCertStore, and the virtual directory's Application Protection option must be set to Low. Otherwise I receive the error "The system cannot find the file specified".

I understand that RevertToSelf will 'impersonate' the System Account which is undesirable from a security point of view.

What can I do to go back to the IUSR_ account again after generating the signature?
 
B

Bruno van Dooren

use OpenThreadToken to obtain the current token. if i understand you
correctly, the process is running as system, but that specific thread is
running as another user.
if that is true, the thread will have its own token which you will now have.

then you call RevertToSelf, which reverts to the original process token, do
whatever you need to do and call ImpersonateLoggedOnUser with the thread
token you obtained earlier to get back to the security status you originally
had before reverting.

i don't know if RevertToSelf will close the original thread token. if it
does, you should call DuplicateToken to create a duplicate or the thread
token before you revert, and then use the duplicate when calling
ImpersonateLoggedOnUser.

that should do it.

kind regards,
Bruno.

Hi,

I've developed a COM DLL in Visual C++ to generate a digital signature based
on a certificate read from a PFX file.
This DLL is used in a classic ASP webapplication to digitally sign a XML
message before sending it to another party.

To process the PFX file I use the CryptoAPI function PFXImportCertStore, but
RevertToSelf must be called prior to calling PFXImportCertStore, and the
virtual directory's Application Protection option must be set to Low.
Otherwise I receive the error "The system cannot find the file specified".

I understand that RevertToSelf will 'impersonate' the System Account which
is undesirable from a security point of view.

What can I do to go back to the IUSR_ account again after generating the
signature?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Prevent access to advapi32.dll RevertToSelf() 2
p/invoke of crypt32.dll - I am having a strange problem 4
Using .Net DLL in classic ASP 3
can an asp page call a .NET DLL that... 3
Signing WinForms ClickOnce app with Certificate Chain 0
descript string using classic asp ? 1
can Classic ASP use the .NET dll ? 2
Calling a VB.net(2008) assembly from classic asp 7

Top