Issue with .p12 certificate on shared hosting

[lzoumas]

PushSharp 3.0

I am using PushSharp 3.0 to send Apple notifications via an MVC app. I generated a .p12 per the documentation and everything is working perfect locally. There are no issues. However, when I move this to shared hosting (Rackspace Cloud Sites), I get the following error...

System.AggregateException: One or more errors occurred. ---> System.ComponentModel.Win32Exception: The credentials supplied to the package were not recognized at PushSharp.Apple.ApnsServiceConnection.d2.MoveNext() --- End of inner exception stack trace --- ---> (Inner Exception #0) System.ComponentModel.Win32Exception (0x80004005): The credentials supplied to the package were not recognized at PushSharp.Apple.ApnsServiceConnection.d2.MoveNext()<---

I know it's finding the .p12 file on the server and the password is obviously the same, so not sure what is happening.

Her is the relevant code that is throwing an error...

string path = ConfigurationManager.AppSettings["AppleP12CertificatePath"];

var config = new ApnsConfiguration(ApnsConfiguration.ApnsServerEnvironment.Production, path, "PASSWORD"); ... Thanks,

Lee

[Redth]

Shared hosting is probably doing some sort of sandboxing. I remember Azure shared websites had (and may still have) this issue as well. I would recommend asking the host about it.

[lzoumas]

Thanks for the quick response. Much appreciated. I reached out to Rackspace Cloud Sites support and they are trying to help me troubleshoot the issue. They suggested using impersonation, which I did, but that still didn't do it.

This was part of their response...

"I also wanted to point out just because full trust and impersonation is used doesn't give free reign. Without knowing 100% exactly what the code is trying to do we can't know definitively what part may or may not be working due to our security or other parameters that may be set.

If there is any other insight that you could provide we will certainly do our best to help pinpoint what it is that may be taking place."

I'm not really sure what else to tell them to be honest with you. Any suggestions, would be greatly appreciated.

Thanks :)

[Redth]

You can certainly point them at the source code that is relevant:

Setting up the certificates: https://github.com/Redth/PushSharp/blob/master/PushSharp.Apple/ApnsConnection.cs#L26-L47

Authenticating via the certificate to the open network stream: https://github.com/Redth/PushSharp/blob/master/PushSharp.Apple/ApnsConnection.cs#L351-L360

[lzoumas]

Hello, thanks again for the help. This is the response I got back from RS Cloud Sites support...

"After much testing, I think I found the issue.

In the previous event Log, and any subsequent failing logs, the user attempting to authenticate the push appears to be morevisibility-app, which is a typical "subuser" of sorts for the application user morevisibility. The problem is that user is your main account user for the account, but the application is being executed as clientname. It appears that, for some reason, the application is attempting to use the file as the wrong user and the user cannot be a part of the group for clientname.

This seems to be the only cause, as nothing else in the system would cause a problem, as we have many users using our system for authentications like this (and for this purpose). If the application can be modified to execute as clientname instead, it should work properly."

Not really sure how i can modify the application to execute as clientname. I already added impersonation settings to the web.config file and that doesn't seem to work. The notification portion of my code is stored in a seperate class library than the MVC app I am using, not sure if that makes a difference or not?

[Redth]

Maybe it does, but I can't see why it should.

I'm not really sure how to fix this, ASP.NET stuff is a bit out of my comfort zone on this level...