 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / Web Services / November 2004X509Certificate not passed to webservice.
Hi all, I have the following scenario (XP / IIS 5, FX v1.1.4322) Both the client app and web service are running on my local development machine. I am using a straightforward HTTPWebRequest, and WSE 2 to add an X509 certificate, as follows: ================================================================== Private Function CreateWebRequest() As HttpWebRequest Dim objRequest As HttpWebRequest = WebRequest.Create(m_URL & "/" & m_Operation) SetProxy(objRequest.Proxy) objRequest.Method = "POST" objRequest.ContentType = "application/x-www-form-urlencoded" objRequest.Timeout = 300000 Dim certStore As X509CertificateStore certStore = X509CertificateStore.LocalMachineStore(X509CertificateStore.RootStore.ToString) certStore.OpenRead() Dim cert As X509Certificates.X509Certificate If certStore.FindCertificateBySubjectString("XYZ").Count > 0 Then cert = certStore.FindCertificateBySubjectString("XYZ")(0) End If objRequest.ClientCertificates.Add(cert) Return objRequest End Function ================================================================== This is using a test cert generated with makecert, and imported into the local machine root store. When in debug mode, I can see the cert is retrieved and added to the request's clientcertificates collection fine. However when inspecting the Context.Request.ClientCertificate property in the WebService code, there is only an HTTPClientCerticate object there with its properties unpopulated . ( this seems to be present irrespective of whether or not the certificate is added client side) I have attempted a similar exercise with the following test code which I found here : http://www.15seconds.com/issue/020312.htm to test a straightforward web service scenario, with the same result. (The cert does not seem to be passed to the service...) ================================================================== private void TestService_Click(object sender, System.EventArgs e) { CSWebservices.CCWebservice objws ; objws = new CSWebservices.CCWebservice() ; X509Certificate objCert ; objCert = X509Certificate.CreateFromCertFile("xyz.cer") ; objws.ClientCertificates.Add(objCert) ; CSWebservices.ClientCertificateDetails objCertDetails ; objCertDetails = objws.GetCertificateDetails() ; } ================================================================== Server Side: [WebMethod] public ClientCertificateDetails GetCertificateDetails() { HttpClientCertificate objCertificate = HttpContext.Current.Request.ClientCertificate ; ClientCertificateDetails objCertificateDetails = new ClientCertificateDetails() ; objCertificateDetails.Cookie = objCertificate.Cookie ; objCertificateDetails.IsPresent = objCertificate.IsPresent ; objCertificateDetails.Issuer = objCertificate.Issuer ; objCertificateDetails.IsValid = objCertificate.IsValid ; objCertificateDetails.KeySize = objCertificate.KeySize ; objCertificateDetails.SecretKeySize = objCertificate.SecretKeySize ; objCertificateDetails.SerialNumber = objCertificate.SerialNumber ; objCertificateDetails.ServerIssuer = objCertificate.ServerIssuer ; objCertificateDetails.ServerSubject = objCertificate.ServerSubject ; objCertificateDetails.ValidFrom = objCertificate.ValidFrom ; objCertificateDetails.ValidUntil = objCertificate.ValidUntil ; return objCertificateDetails ; } ====================================================================== If I configure IIS to require Client certificates: I experience HTTP 403.7 ( cert required ) errors. Any ideas / pointers would be appreciated. Thanks, Matthew Did you install SSL Cert on your machine running IIS? Chew > Hi all, > [quoted text clipped - 105 lines] > > Matthew User submitted from AEWNET (http://www.aewnet.com/) Did you install SSL Cert on your machine running IIS? Chew > Hi all, > [quoted text clipped - 105 lines] > > Matthew User submitted from AEWNET (http://www.aewnet.com/) Hi Yes. I have a test certificate running on IIS and the web service is configured to require SSL. I am overriding cert warnings with the implementation of a custom CertificatePolicy, client side. My first thought was that, unless I set up the service to require client certificates, the certificate wouldn't be sent with the request. So I set up IIS to require client certificates. With that configuration, I got the 403.7 HTTP Error referred to in my first post. still a bit baffled on this one. I have also installed the root certificate for the test client certificate which I generated with makecert.exe (Root Agency), into the Local Machine Trusted Certification Authorities store. I also edited the certificate trust list on IIS to include the relevant client certificate. All this ... and the same result. either the client certificate doesnt seem to be sent, or if the service requires a client certificate then a 403 error. I wonder if the issue is that IIS is looking in the local user store, as opposed to the local machine store, to determine whether it recognizes the root CA....? Guess I'll give that a go. Thanks..
Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.