How to enable my webservice to use https?

Discussion in 'ASP .Net Web Services' started by Sinex, Apr 25, 2007.

  1. Sinex

    Sinex Guest

    Hi. I need to write a simulated web service to give to my clients'
    development team. For the simulated service the client doesnt want any
    authentication...but they want to use https anyways. How do I proceed? An
    initial search tells me that I'll need a certificate. Guess I can make
    myself a certificate using makecert. But then how do I give that certificate
    to the client? Also, in the code do I need to make any checks to ensure that
    https is being used?

    regards,
    Sinex
    Sinex, Apr 25, 2007
    #1
    1. Advertising

  2. Sinex

    Scott Holman Guest

    SSL needs a self-signed certificate or a certificate issued by a CA that
    contains a private key. Presumably in a test environment we don't have a
    CA issued SSL certificate. The following will create a self-signed
    certificate



    makecert -sk "ssldemo" -pe -r -e "11/11/2006" -sky Exchange

    -sy 12 -sp "Microsoft RSA SChannel Cryptographic Provider"

    -n "CN=localhost"

    -ss MY -eku 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 ssldemo.cer





    which generates a self-signed (-r) certificate with exportable (-pe) private
    key.

    Generates an AT_KEYEXCHANGE 1024 bit keypair in keycontainer "ssldemo".

    The keypair uses the RSA SCHANNEL provider type (-sy 12) and associated
    provider (-sp ..)

    The SubjectName is assigned Common Name "localhost" for local web-test
    purposes. Remote connections will require the actual website name used in
    the url ( for example: http://MyMachine/MyService.svc would use
    CN=MyMachine).

    The certificate is generated in the current user MY store.

    The ExtendedKeyUsages are specified:

    Server Authentication (1.3.6.1.5.5.7.3.1)

    Client Authentication (1.3.6.1.5.5.7.3.2)

    The ssldemo.cer file is a x509 certificate and should be installed in the
    Trusted Root Certification Authorities store in either LocalMachine (for all
    users) or CurrentUser



    Refer to
    <http://groups.google.com/group/microsoft.public.platformsdk.security/browse_thread/thread/1d46088ee8a2fe3a/b8a30c64c832e2a8%23b8a30c64c832e2a8>



    If you intend to use this to setup a test web server then you will need to
    export the certificate with private key to a *.pfx file. This can be done
    with the Certificates MMC plug-in. The pfx file can then be imported into
    IIS using the IIS MMC . After importing the pfx file you will need to 1)
    add the certificate to Trusted Root CA and 2) set the file permissions on
    the private key file to allow the AspNet user read access.





    Setting file permissions on Private Keys

    The private key is stored on the local machine and the only way to find it
    is with FindPrivateKey.exe or with the WseCertificate3.exe tool in the
    Microsoft WSE3.0 SDK.



    FindPrivateKey.exe is a console tool that you can build from the WCFSamples.
    It can be found in \TechnologySamples\Tools after installing the samples.
    The samples can be downloaded from



    http://www.microsoft.com/downloads/...6c-8f98-40d0-880d-c3339c5da01e&DisplayLang=en



    The WSE3.0 tool is available

    http://www.microsoft.com/downloads/...fd-3a74-43c5-8ec1-8d789091255d&DisplayLang=en



    After you find the file, you can assign read rights to the ASPNet account.
    Access rights can also be set via WinHttpCertCfg.exe console application.
    This is the preferred tool to use with production servers.





    "Sinex" <> wrote in message
    news:...
    > Hi. I need to write a simulated web service to give to my clients'
    > development team. For the simulated service the client doesnt want any
    > authentication...but they want to use https anyways. How do I proceed? An
    > initial search tells me that I'll need a certificate. Guess I can make
    > myself a certificate using makecert. But then how do I give that
    > certificate
    > to the client? Also, in the code do I need to make any checks to ensure
    > that
    > https is being used?
    >
    > regards,
    > Sinex
    >
    >
    Scott Holman, Apr 25, 2007
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Patrick
    Replies:
    1
    Views:
    648
  2. batista
    Replies:
    1
    Views:
    911
    Laurent Bugnion
    Jan 26, 2006
  3. batista
    Replies:
    0
    Views:
    561
    batista
    Jan 26, 2006
  4. batista
    Replies:
    0
    Views:
    255
    batista
    Jan 26, 2006
  5. Axel
    Replies:
    8
    Views:
    1,086
    Adrienne Boswell
    Apr 27, 2009
Loading...

Share This Page