Hi all, Sometime ago a customer of mine had some problems in his x64 machine when running WMI queries in Powershell . Take for instance the following query : " Get-WMIObject Win32_LogicalDisk " It failed with the following error...

Hi all, Sometime ago a customer of mine faced the following issue on his .NET Framework 3.5 app: System.DirectoryServices.AccountManagement.UserPrincipal.IsMemberOf returned false negatives when the group had more than 1500 members . This means...

Hi all, Some time ago a customer of mine reported the following issue with SetWindowsHookEx API: Their application had global hooks to monitor for both keyboard and mouse input. On Windows 7 , and under high CPU usage, those hooks were getting...

Hi all, The other day a customer of mine was trying to use OWA to sign an email with a specific certificate , with no success . To put you in situation, he had two certificates with very similar properties, but slightly different. When he accessed...

Hi all, If you used to query Active Directory properties like TerminalServicesProfilePath , TerminalServicesHomeDrive and TerminalServicesHomeDirectory on Windows Server 2003 , you may have realized already that those properties are not available on...

Hi all, Some time ago a customer of mine wanted to use the Windows Server 2008 R2 Certificate Enrollment Web Services , so they could send a PKCS#10 request and get the certificate back. They followed the instructions in this whitepaper: Certificate...

Hi all, You may want to sign data and verify those signatures by following the CAdES standard in your .NET application. The issue is that, by default, we have no specific MS API or MS .NET security library to create or verify CAdES signatures. ...

Hi all, The other day a customer of mine was trying to generate XML signatures following the ebXML standard with .NET and its SignedXML class. The main issue was that they didn't know how to refer in the signature the reference to an attachment that...

Hi all, The other day a customer of mine was trying to validate the chain of a cert like this: X509Certificate2 cert = new X509Certificate2(fileName); Console.WriteLine(String.Format("Certificate {0} is valid: {1}", fileName, cert.Verify()));...

Hi all, I've been working recently on a couple of issues with SignedXml not being able to generate XML signatures following certain standards or validate those signatures properly. Well, at the end we sometimes managed to make things work, but we must...

Hi all, When doing certificate chain validation with X509Chain class in .NET, you may realize that the ChainStatus property doesn't return NotTimeNested , even if the certificate validity period is not nested in the issuing certificate validity period...

Hi all, We may publish a printer attached to our machine in Active Directory . To do that on Windows 7 , for instance, we can go to "Devices and Printers" console , select "Printer Properties", go to "Sharing" tab, and mark the "List in the directory...

Hi all, Some time ago I posted the following sample How to call CryptMsg API in streaming mode (C#) .Well, I continued working on that CryptMsg sample, and I got many consts, structs and API declarations that may help you if you need to p/invoke CryptoAPI...

Hi all, The other day a colleague of mine was having some issues to call CryptEncodeObject from C# . In order to assist, I created this sample for him: using System; using System.Collections.Generic; using System.ComponentModel; using System...

Hi all, I just joined the twitter community today: http://twitter.com/alejacma . I don't have much time to create lengthy posts lately, so I decided to give an opportunity to micro-blogging. I will keep posting Crypto, WinSDK and debugging stuff in...

Hi all, The other day I created this C# sample which shows how to request an smartcard logon cert to a CA . It is based on this other sample: How to create a certificate request with CertEnroll and .NET (C#) . using System; using System.Collections...

Hi all, One customer of mine wanted to import a public key he got from a partner. That public key had a 2048 bits modulus and a 5 bytes exponent . The problem was that CryptoAPI's RSAPUBKEY structure doesn't allow a 5 bytes exponent because it defines...

Hi all, The other day a customer of mine got this exception when trying to use SignedCms and EnvelopedCms class with a CNG provider in their .NET 3.5 application: Exception type: System.Security.Cryptography.CryptographicException Message: Invalid...

Hi all, The other day a customer of mine got this exception when trying to use AES algorithms with EnvelopedCms class in their .NET 3.5 application: Exception type: System.Security.Cryptography.CryptographicException Message: An internal error occurred...

Hi all, The other day a customer of mine got this exception when trying to use SHA-2 algorithms with SignedCms class in their .NET 3.5 application: Exception type: System.Security.Cryptography.CryptographicException Message: An internal error occurred...

Hello all, I recently posted about this issue: CertEnroll control won't work when hosted inside a frame/iframe in IE8 . I already mentioned that this was an issue on Windows 7 / Windows Server 2008 R2 , and proposed a few ways to work around this issue...

Hi all, The other day a customer of mine was getting the following error when signing with RSACryptoServiceProvider after specifying SHA 256 as hash algorithm: invalid algorithm specified . He was using a non-Microsoft CSP (Cryptographic Service Provider...

Hi all, You may get errors like the following when using CertEnroll control in a web page hosted inside another page's frame/iframe : CertEnroll::CX509EnrollmentWebClassFactory::CreateObject: Unspecified error 0x80004005 (-2147467259) CertEnroll...

Hi all, The following C# sample shows how to use Certadm.dll and CryptoAPI to get the name of the template and the enhanced usages of client certificates in a CA : <SAMPLE file="Form1.cs"> using System; using System.Collections.Generic; using...

Hi all, The following ASP sample shows how to get all Active Directory groups of the user accessing the ASP page. Note: I know ASP is quite old and people should be using ASP.NET instead. But I'm posting this sample because translating it to VBScript...