Symptoms
Assume that you try to access a Web Distributed Authoring and Versioning (WebDAV) server on a client computer that is running Windows 7 or Windows Server 2008 R2. The WebDAV server requires certificate authentication (Soft-Token). However, you encounter the following issue:
- If the certificate is setup for high security level and if the authentication process requires a personal identification number (PIN), the PIN dialog box does not appear and the Explorer View fails.
Note You can access the WebDAV server if the user certificate is not requiring medium or high security level
Cause
The current DAV client architecture implemented in Windows 7 does not allow the PIN to be transferred programmatically across different processes.
Microsoft cannot provide a solution for this issue within a hotfix because of major architecture design changes that are beyond the scope of a hotfix.
Microsoft cannot provide a solution for this issue within a hotfix because of major architecture design changes that are beyond the scope of a hotfix.
Resolution
As an alternate solution you use one of the following:
- Lower certificate security restriction.
- Use a Smart Card in combination with the following supported hotfix:2647954 The PIN dialog box does not appear or you are presented with all the certificates in the store when you try to access a WebDAV server in Windows 7 or in Windows Server 2008 R2
Status
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
More Information
Information on setting Security Level
Open MMC – Certificates – current user – Personal Certificates –context: All tasks – Inport … - [file name: certificate.file ] –
Type the password for the private key.
Password: [ ********** ]
Check next box:
[x] Enable strong private key protection. You will be prompted every time the private key is used by an application if you enable this option.
[ ] mark this key as exportable. This will allow you to back up or transport your keys at a later time.
[x] Include all extended properties.
[Next> ]
Keep default (= (o) Place all certificates in the following store
Certificate Store: Personal
[Next> ]
[Finish]
Importing a new private exchange key
CryptoAPI Private Key
Security level set to Medium [Set Security Level ..]
Select [Set Security Level ..]
Choose a security level appropriate for this item:
(o) High
Request my permission with a password when this item is to be used.
( ) Medium
Request my permission when this item is to be used.
[Next> ]
Create a password to protect this item.
Create a new password for this item.
Password for: [CryptoAPI Private Key ]
Password: [ ]
Confirm: [ ]
[ Finish ]
Importing a new private exchange key
An application is creating a Protected item.
CryptoAPI Private Key
Security level set to High [Set Security Level .. ]
[OK]
Certificate Import Wizard
The import was successful.
[OK]
Now open IE and go to the secure website hosting the DAV share [https://webdav.domain.com/]
Windows Security
Confirm Certificate
YourCertificateName…
Issuer: Company-Bulk_CA-4:PN
[OK]
Grant or deny this application permission to use this key
Key name:
(o) Grant permission
( ) Deny permission
Key protection password: [********** ]