Submit My Question - Recent Questions - Recent Answer
Msdn Tech >> Windows Live Developer Forums >> Windows Live Data Development

"Choose a digital certificate" windows popping up

My gadget uses RPS authentication via HTTPS protocol to get contacts from Live Contacts address book.

The problem is that if to open the gadget HTML file by itself (not from the sidebar) the popup window appears saying: "Choose a digital certificate. The website you want to view requests identification. Please choose a certificate.". And this requires pressing OK or Cancel buttons in order to proceed. However, if I run it as a gadget, I cannot get an access to this digital certificate window, therefore the gadget just hangs.

Do you know how to bypass this popup window. Thanks a lot for your help.

(this thread was duplicated as unfortunately I didn't know which forum I need to relate my post to)

[754 byte] By [SergeiGolubev] at [2008-2-1]
«« Upgrading sourcecode from VB 5 to VB 2005
»» This application has failed to start because MSVCR80D.dill was not found
# 1

Sergei:

Can you give me more details abot your configuration? The problem doesn't sound to be with Windows Live Data but with your gadget configuration or how you get the RPS ticket. Are you using the Windows Live ID SDK on the client to generate the calls to RPS or are you invoking the RPS web service directly? If you are using the Live ID SDK, post your question on the Live ID forum too. See also the MSDN article below for details on how to get an RPS ticket by invoking the Live ID Ws-Trust WS.

FedericoRaggi-MSFT at 2007-10-2 > top of Msdn Tech,Windows Live Developer Forums,Windows Live Data Development...
# 2

Federico, following the MSDN article I am using the following code to get RPS ticket from Windows Live Contacts service:

Code Snippet


function getToken(user, pass) {
var userName = user;
var password = pass;
var applicationId = "10"; // arbitrary value (in alpha release)
var url = "https://dev.login.live.com/wstlogin.srf";
var soapHeader = "https://dev.login.live.com/wstlogin.srf";
var soapEnvelope = '<s:Envelope ' +
'xmlns:s = "http://www.w3.org/2003/05/soap-envelope" ' +
'xmlns:wsse = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" ' +
'xmlns:saml = "urn:oasis:names:tc:SAML:1.0:assertion" ' +
'xmlns:wsp = "http://schemas.xmlsoap.org/ws/2004/09/policy" ' +
'xmlns:wsu = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" ' +
'xmlns:wsa = "http://www.w3.org/2005/08/addressing" ' +
'xmlns:wssc = "http://schemas.xmlsoap.org/ws/2005/02/sc" ' +
'xmlns:wst = "http://schemas.xmlsoap.org/ws/2005/02/trust">' +
'<s:Header>' +
' <wlid:ClientInfo xmlns:wlid = "http://schemas.microsoft.com/wlid"> ' +
' <wlid:ApplicationID>' + applicationId + '</wlid:ApplicationID>' +
' </wlid:ClientInfo>' +
' <wsa:Action s:mustUnderstand = "1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</wsa:Action>' +
' <wsa:To s:mustUnderstand = "1">https://dev.login.live.com/wstlogin.srf</wsa:To>' +
' <wsse:Security>' +
' <wsse:UsernameToken wsu:Id = "user">' +
' <wsse:Username>' + userName + '</wsse:Username>' +
' <wsse:Password>' + password + '</wsse:Password>' +
' </wsse:UsernameToken>' +
' </wsse:Security>' +
'</s:Header>' +
'<s:Body>' +
' <wst:RequestSecurityToken Id = "RST0">' +
' <wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType>' +
' <wsp:AppliesTo>' +
' <wsa:EndpointReference>' +
' <wsa:Address>http://live.com</wsa:Address>' +
' </wsa:EndpointReference>' +
' </wsp:AppliesTo>' +
' <wsp:PolicyReference URI = "MBI"></wsp:PolicyReference>' +
' </wst:RequestSecurityToken>' +
'</s:Body>' +
'</s:Envelope>';

tokenRequest=setupAjax();
tokenRequest.open("POST", url, false);
tokenRequest.setRequestHeader("Content-Type", "text/xml");
tokenRequest.setRequestHeader("SOAPAction", soapHeader);
tokenRequest.onreadystatechange = processToken; // xml parsing
tokenRequest.send(soapEnvelope);
} //getToken

When I test this in IE it the windows pops up and requires confirmation about the certificate. Because inside the gadget the message is not visible, the script cannot proceed. What I have come up with is to use the function twice with a time period between. In this case, it somehow works.
SergeiGolubev at 2007-10-2 > top of Msdn Tech,Windows Live Developer Forums,Windows Live Data Development...
# 3

Sergei:

What version of IE are you using?

FedericoRaggi-MSFT at 2007-10-2 > top of Msdn Tech,Windows Live Developer Forums,Windows Live Data Development...
# 4

Sergei:

I'm discussing your problem with Galo and YuanYuan, two of our developers, and we have a couple of questions:

  • What Ajax library are you using? I would like to create a test page to reproduce your problem.
  • How do you solve the cross-domain security restriction? You are making a POST to https://dev.login.live.com/wstlogin.srf that is on a different domain. It is handled by your ajax library? My guess is your request is sent to a server acting as a proxy.
  • Can you post a screenshoot of the IE with the pop up window asking for the certificate confirmation?
FedericoRaggi-MSFT at 2007-10-2 > top of Msdn Tech,Windows Live Developer Forums,Windows Live Data Development...
# 5

It is IE 7, Federico.

SergeiGolubev at 2007-10-2 > top of Msdn Tech,Windows Live Developer Forums,Windows Live Data Development...
# 6

Following my code above, I am using the standard method below to send XMLHTTP request:

Code Snippet

function setupAjax()
{
var request = null;
try {
// Firefox, Opera 8.0+, Safari
request=new XMLHttpRequest();
}
catch (e) {
// Internet Explorer
try {
request=new ActiveXObject("Msxml2.XMLHTTP");
}
catch (e) {
try {
request=new ActiveXObject("Microsoft.XMLHTTP");
}
catch (e) {
alert("Your browser does not support AJAX!");
return false;
}
}
}

return request;
} //setupAjax

The screenshot of the message box is here: http://www.sgolubev.com/anonim/digi-cert.png

As there is no chance to click OK buttons inside the gadget, I'm just calling the method of getting token again after some interval.

SergeiGolubev at 2007-10-2 > top of Msdn Tech,Windows Live Developer Forums,Windows Live Data Development...
# 7

Hi, Sergei:

This is kinda weird because it seems to us that you are executing this XmlHttp POST request from your browser. This is explicitly prohibited by cross-domain security mechanism in IE and normally you should get a "Permission Denied" or "Access denied" error (we tried your code and Access denied is what we got). Sure there is a way to ask IE to allow you to execute cross-domain request from localhost (there is a browser setting that can do that), but that's pretty much it. I am kinda surprised that you are presented with the dialog asking for a client cert.

I am wondering if you mind sending me your complete html page so that I can test it out. You can reach me at: yuanyu at microsoft.com

YuanYuanYu-MSFT at 2007-10-2 > top of Msdn Tech,Windows Live Developer Forums,Windows Live Data Development...
# 8

I have the same questions that YuanYuan has. I'm not very familiar with the gadget framework so I'm asking other Microsoft people that might know the answer. Same as YuanYuan, you can reach me at: feder at microsoft dot com.

FedericoRaggi-MSFT at 2007-10-2 > top of Msdn Tech,Windows Live Developer Forums,Windows Live Data Development...
Windows Live Developer Forums
Windows Live Data Development

Windows Live Developer Forums Hot Topic

Windows Live Developer Forums New Topic

Windows Live Developer Forums

Java / MSDN / Linux Tech / PHP Tech / MSDN DotNet / MSDN TECH / Health Library / Programmers Tech / visual basic Tech / Developer Tech / Ipod faqs / Msdn China Tech

Site Classified