How to select Digital User Certificate in Web Applications?

Asked

Viewed 7,208 times

5

I am developing a project in ASP.NET MVC5 to make manifestation of electronic invoices.

During the process of searching notes, manifestation or download, I access the Internal Revenue Service and need to send the digital certificate for the CNPJ.

Everything works fine while I’m developing and testing things locally, but when the application is published and goes to the server I can no longer select the digital certificate I want to use.

I’m using the classes X509certificate2, X509store and X509certificate2collection

I would like to do something like this link: https://cav.receita.fazenda.gov.br/eCAC/publico/login.aspx

Clicking on the digital certificate image opens the Store containing the certificates, but I can only do this when I run the local application, after it goes to the server I can’t access the Store.

Has anyone ever worked with it or know how to solve the problem?

  • Man, I had a lot of trouble using A3 certificate, because IIS will not be allowed to access the certificates installed on the clients' computer, I suggest you use a A1 certificate. At the time I had started developing the NF module I even read about a CAPICOM API that would help to use A3, but for simplicity and practicality I chose to use A1,

  • I understand and I know that A3 is very problematic, but I cannot put this limitation to users. I have the 2 models for testing, and site everything works fine, but how do government websites manage to use the way they use the link I asked the question? There must be some way the Windows Certificate Store can be opened by web applications and select the certificate.

  • Yes, I understand you, but I believe that you will have to study the CAPICOM API to open the windows certificate repository, I do not know any way to do direct by C#.

  • @Pablovargas, even if I use CAPICOM and run everything in javascript, for example... At some point I will need to send the certificate with the data required by the webservice, so I can only do it by C#. Is there any way to do it via javascript too?

  • Jefferson Pedro, have you managed to find the solution to your problem? How have you solved?

3 answers

1

Good afternoon Jefferson, on the site you indicated is only sent to the public certificate key server, to sign the NF-e private key is required.

When I implemented NF-e, I made a webservice and a local desktop application that downloaded XML, signed it, sent it to the recipe server, and relayed the result to the webservice. I still think the best strategy.

If you need to use the site you will have to use the A1 template and directly reference the certificate file.

I hope I’ve helped.

0

Set your IIS to "Request Digital Certificates", so the server will ask for the clients' certificate. Whether it is A3 or A1 certified.

In this question the staff already explained how to do this : How to request client IIS 7.5 ssl certificate

0

I did as follows using A1

private RecepcaoEvento.RecepcaoEventoSoapClient _nfeRecepcao;
    _nfeRecepcao.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySerialNumber, GetSerialCertificado());
     private string GetSerialCertificado()
            {
                X509Store store = new X509Store("My");
                store.Open(OpenFlags.ReadOnly);
                foreach (var certificado in store.Certificates)
                {
                    if (certificado.SubjectName.Name.Contains(cnpj))
                    {
                        _serialCertificado = certificado.SerialNumber;
                    }
                }
                store.Close();
                return _serialCertificado;
            }

so far it is running in several places in this way.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.