Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / Web Services / July 2004

Tip: Looking for answers? Try searching our database.

Repost:  WebService Client Certificate Problem

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Koan B - 14 Jul 2004 17:41 GMT
Hi,

I'm attempting to connect to a 3rd party web service (for which they
have supplied client certificates), but with no success.

As far as I can tell, the code below should work, however, I always
get back an HTTP 403 (Forbidden) error returned. (I've also tried
loading the certificate from the certificate store with exactly the
same result.

I'm using a WSDL file as the basis for the interface to a web service
and using the following code (based on MSDN documentation):

/////////////////////////////////////////////////////////////////////
service = new RequestService();

// certificate is the path to a DER encoded x509 certificate
X509Certificate x509 =
X509Certificate.CreateFromCertFile(certificate);
service.ClientCertificates.Add(x509);

// Create a request object
RequestType request = new RequestType();
// Build request

// MakeRequest method of the service
ReplyType reply = service.MakeRequest(request);
/////////////////////////////////////////////////////////////////////

Cheers,

Koan
Reply to this Message
[MSFT] - 15 Jul 2004 04:17 GMT
Hi Koan,

Is the client application a ASP .NET app or a Win form app? Additionally,
if you add following code, will it help?

             service.Credentials = CredentialCache.DefaultCredentials;    
       

       
Luke
Reply to this Message
Koan B - 15 Jul 2004 15:06 GMT
> Hi Koan,
>
[quoted text clipped - 3 lines]
>               service.Credentials =
>               CredentialCache.DefaultCredentials;    

Hi Luke,

First of all, thanks for your prompt reply! Let me take this
opportunity to apologise for whingeing about Microsoft not responding
to my previous post in this newsgroup on this topic; the fault was
mine, for using the wrong posting address. I am more than happy to
admit when I've screwed up. ;-)

Anyway, the client is a WinForm app.

I've tried adding default credentials with the same (Forbidden)
result.  I've also tried using the credentials available on a Basic
Authentication connection. Again, with the same result.

Cheers,
Koan
Reply to this Message
[MSFT] - 16 Jul 2004 03:45 GMT
Hi Koan,

Is the web service an ASP .NET web service (*.asmx) ? If so, can you access
it in IE? Is there any proxy/firewall between the client and web service
server?

Luke
Reply to this Message
Koan B - 20 Jul 2004 10:52 GMT
> Hi Koan,
>
> Is the web service an ASP .NET web service (*.asmx) ? If so, can
> you access it in IE? Is there any proxy/firewall between the
> client and web service server?

The webservice is actually an IBM WebSphere service.

It is accessible (sort of) from IE.  The browser brings up the dialog
requesting me to choose the client certificate (only there's no
certificates to choose from).  Using the certificates snap-in I can
see the certificates are there for the current user and using IE also
shows more than one certificate available.

We are not using a proxy or firewall as far as I know.  Having spoken
to a guy at the webserver end, he's seen errors logged saying that
the client certificates were not sent during the connection attempt.  
This fits with what I've seen in a packet sniffer.

Cheers,
Koan
Reply to this Message
Adarsh Khare [ MS ] - 20 Jul 2004 18:50 GMT
How did you install the certificate, certificate need to have private key,
if you want to use for client authentication (e.g. installing from .cer file
would not install private key, you need to hav .pfx file).

Signature

adarshk [MSFT]
===========================
This posting is provided as-is. It provides no guarantees and confers no
rights

> > Hi Koan,
> >
[quoted text clipped - 17 lines]
> Cheers,
> Koan
Reply to this Message
Koan B - 22 Jul 2004 08:56 GMT
> How did you install the certificate, certificate need to have
> private key, if you want to use for client authentication (e.g.
> installing from .cer file would not install private key, you
> need to hav .pfx file).

The certificate was installed from a .pfx file with the private key.  
Checking the certificate in the store, it can be seen that the
private key is there.

Cheers,
Koan
Reply to this Message
[MSFT] - 23 Jul 2004 06:28 GMT
Is your current user running the app is the installation who installed the
certificate? There is some  known issues when there are two different users
here.

Luke
Reply to this Message
Koan B - 24 Jul 2004 13:14 GMT
> Is your current user running the app is the installation who
> installed the certificate? There is some  known issues when
> there are two different users here.

A short answer...yes.

Microsoft (in dialogue with one of my colleagues) have mentioned the
fact that the certificate does not have an "Enhanced Key Usage" set
for Client Authentication.  The certificate has been set to "Enable
all purposes" which includes Client Authentication, however I don't
know whether this "Enhanced Key Usage" setting is also vital.  Does
anyone know anything about this?

Cheers,
Koan
Reply to this Message
[MSFT] - 26 Jul 2004 07:32 GMT
Hi Koan,

Based on my experince, "Enhanced Key Usage" wouldn'y cause such a problem.
If you configure client certificate in Local_Machine store so all users can
access it, will this help?

Luke
Reply to this Message
Koan B - 27 Jul 2004 10:32 GMT
> Hi Koan,
>
> Based on my experince, "Enhanced Key Usage" wouldn'y cause such
> a problem. If you configure client certificate in Local_Machine
> store so all users can access it, will this help?

I installed the certificate into Current_User and Local_Machine
stores with the same result.

I am running the app under the same account that I installed the
certificate.

Cheers,
Koan
Reply to this Message
[MSFT] - 28 Jul 2004 08:53 GMT
Hi Koan,

Is the connection between server and client based on SSL? Addtionally, from
your previous post:

t is accessible (sort of) from IE.  The browser brings up the dialog
requesting me to choose the client certificate (only there's no
certificates to choose from).

It seems IE also can't find the certificate. It should be some problem with
your sertificate store. Have you try this on other clients? You may also
consult the owener of the web service to see if they know more information
about this.

Luke
Reply to this Message
Koan B - 29 Jul 2004 10:50 GMT
> Hi Koan,
>
[quoted text clipped - 9 lines]
> clients? You may also consult the owener of the web service to
> see if they know more information about this.

Can I ask you to bear with me a little longer; we're testing some
suggestions which Microsoft have suggested through a separate
channel.

Cheers,
Koan
Reply to this Message
[MSFT] - 30 Jul 2004 08:12 GMT
No problem. I will keep to monitor this thread for days. If you had made
some progress, please post here. It may benefit more people who may has
same issues.

Thanks,

Luke
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2009 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.