[WP7] Using an Exchange Account With a Custom Certificate

By jay at July 31, 2010 15:07 Tags: ,

Depending on which corporation you work for, you may have to connect to your exchange server using a self-signed server certificate to be used with HTTPS protocol (using either TLS or SSL).

If you're unlucky enough to be in this situation, but are using a modern browser, you can install the certificate in either your windows certificate store, or using your browser's store. You can do that using this lengthy technique for IE8.

But if you're on a Windows Phone 7, if you try to connect to your exchange account, you'll get a nice message telling you that there is a problem with the server certificate. Well, neither Internet Explorer or the bundled Exchange tools give you the ability to install that custom certificate. And there is no access to the file system either.

Luckily, you can email your certificate on your GMail account for instance, and the WP7 mail client has the ability to install certificates !

So, use the lengty technique to export your certificate in the ".cer" format by connecting to your exchange server using its HTTPS address in Internet Explorer on your PC, email it to yourself, and tap on it on your Windows Phone 7 to install it.

Now you can enjoy having your work emails and calendars on your weekends, in case you don't have anything else better to do :)


EDIT: If it still does not work, you may need to also import the full chain of certificates, up to the root. To do so, in the certificate from your exchange server, open the "Certification Path" tab, then for each item in the tree, click "View Certificate", then "Details", then "Copy to File...". Email each certificate to your Windows Phone and you're done !

Prevent ASP.NET web.config inheritance, and inheritInChildApplications attribute

By Jerome at March 23, 2008 12:34 Tags: , ,

Since I've changed my top level blog engine, I've had some troubles with YAF, the forum engine I'm using for my Remote Control software.

The forum I'm using is in a child directory, which is a child application defined in IIS as an other application. The BlogEngine.NET disables the use of Sessions, and YAF requires sessions to be enabled, plus BlogEngine.NET adds some custom HTTP handlers, which incidentally are not known but the forum application. This is quite a mess, and to be able to get both applications running without fine tuning each one to work with the other, I had to use the little known attribute inheritInChildApplications.

This attribute prevents an application from passing its configuration as a default to child applications. Using this attribute is a little tricky, and has to be used this way :

<!-- Root web.config file -->

<?xml version="1.0"?>


  <location path="." inheritInChildApplications="false">


      <compilation debug="false" />

      <!-- other configuration attributes -->




This way, any child application defined below this application will not use the current configuration. There's some mystery around the inheritInChildApplications attribute; it is not defined in the dotnetconfig.xsd file and it still is a rather helpful configuration option...

WCF WebService behind a NAT Gateway

By Jerome at April 15, 2007 11:06 Tags: , , ,

I'm currently working on a WCF service that's exposed via a basicHttpBinding, with some exposition of the metadata via a WSDL url.

The metadata generator has been improved a bit since it is now split into multiple files, with references from the first wsdl to other URI's. There's not much to do to have that WSDL generated, and the generator take the liberty of using the machine's name to create reference URIs.

Most of the time, this is a good idea, but sometimes when your machine is behind a NAT gateway doing some port forwarding, your machine probably won't have the public FQDN used to access your gateway. You then end up with a root document referencing URI's with a host name that is not valid on the other side of the gateway.

The solution to change that behavior is quite simple : Just change the host name IIS is listening on. Use the MMC snap-in, and specify that your port 80 (or whatever port you're using) is listening on your external FQDN. WCF will then use that host name when generating URI's. Also don't forget that if you specify a host name, you might need to add an other entry to be able to access your website using "localhost".

This operation is also needed for servers farm when doing some load balancing.

IIS, HTTP 401.3 and ASP.NET directories ACLs

By Jerome at September 01, 2006 22:09 Tags: , ,

A few days ago, on a newly installed web server with all the appropriate security patches applied, I kept having the same error on every ASP.NET 1.1 application I was running :

HTTP Error 401.3 - Unauthorized: Access is denied due to an ACL set on the requested resource.

At first, the reflex is to check all the permissions of the mapped physical directory, that they match the Application Pool identity, the guest identity (IUSR_Machine on my server) and for some configurations, the impersonated identity any ASP.NET configuration. Even with all these checks, any ASP.NET application was returning the same 401.3 error for anonymous users...

Well, it turns out that the ACL of the %SystemRoot%\Microsoft.NET\Framework\v1.1.4322 is important too... I don't know how the ACL got changed in the first place, and I don't know either how I came to check on these ACL, but that can waste a lot of time...

About me

My name is Jerome Laban, I am a Software Architect, C# MVP and .NET enthustiast from Montréal, QC. You will find my blog on this site, where I'm adding my thoughts on current events, or the things I'm working on, such as the Remote Control for Windows Phone.