SSL / Web Service requring client certificates. No certificate server side...?

Discussion in 'ASP .Net Security' started by Matthew, Nov 2, 2004.

  1. Matthew

    Matthew Guest

    Hi all,

    I have the following scenario (XP / IIS 5, FX v1.1.4322) Both the
    client app and web service are running on my local development
    machine.

    I am using a straightforward HTTPWebRequest, and WSE 2 to add an X509
    certificate, as follows:

    ==================================================================
    Private Function CreateWebRequest() As HttpWebRequest

    Dim objRequest As HttpWebRequest = WebRequest.Create(m_URL &
    "/" & m_Operation)


    SetProxy(objRequest.Proxy)

    objRequest.Method = "POST"
    objRequest.ContentType = "application/x-www-form-urlencoded"
    objRequest.Timeout = 300000

    Dim certStore As X509CertificateStore
    certStore = X509CertificateStore.LocalMachineStore(X509CertificateStore.RootStore.ToString)
    certStore.OpenRead()

    Dim cert As X509Certificates.X509Certificate
    If certStore.FindCertificateBySubjectString("XYZ").Count > 0
    Then
    cert = certStore.FindCertificateBySubjectString("XYZ")(0)
    End If

    objRequest.ClientCertificates.Add(cert)

    Return objRequest


    End Function

    ==================================================================

    This is using a test cert generated with makecert, and imported into
    the local machine root store. When in debug mode, I can see the cert
    is retrieved and added to the request's clientcertificates collection
    fine.

    However when inspecting the Context.Request.ClientCertificate property
    in the WebService code, there is only an HTTPClientCerticate object
    there with its properties unpopulated . ( this seems to be present
    irrespective of whether or not the certificate is added client side)

    I have attempted a similar exercise with the following test code which
    I found here : http://www.15seconds.com/issue/020312.htm
    to test a straightforward web service scenario, with the same result.
    (The cert does not seem to be passed to the service...)

    ==================================================================

    private void TestService_Click(object sender, System.EventArgs e)
    {
    CSWebservices.CCWebservice objws ;
    objws = new CSWebservices.CCWebservice() ;

    X509Certificate objCert ;
    objCert = X509Certificate.CreateFromCertFile("xyz.cer") ;


    objws.ClientCertificates.Add(objCert) ;

    CSWebservices.ClientCertificateDetails objCertDetails ;
    objCertDetails = objws.GetCertificateDetails() ;

    }

    ==================================================================

    Server Side:

    [WebMethod]
    public ClientCertificateDetails GetCertificateDetails()
    {
    HttpClientCertificate objCertificate =
    HttpContext.Current.Request.ClientCertificate ;
    ClientCertificateDetails objCertificateDetails = new
    ClientCertificateDetails() ;
    objCertificateDetails.Cookie = objCertificate.Cookie ;
    objCertificateDetails.IsPresent = objCertificate.IsPresent ;
    objCertificateDetails.Issuer = objCertificate.Issuer ;
    objCertificateDetails.IsValid = objCertificate.IsValid ;
    objCertificateDetails.KeySize = objCertificate.KeySize ;
    objCertificateDetails.SecretKeySize = objCertificate.SecretKeySize
    ;
    objCertificateDetails.SerialNumber = objCertificate.SerialNumber ;
    objCertificateDetails.ServerIssuer = objCertificate.ServerIssuer ;
    objCertificateDetails.ServerSubject = objCertificate.ServerSubject
    ;
    objCertificateDetails.ValidFrom = objCertificate.ValidFrom ;
    objCertificateDetails.ValidUntil = objCertificate.ValidUntil ;

    return objCertificateDetails ;
    }

    ======================================================================

    If I configure IIS to require Client certificates: I experience HTTP
    403.7 ( cert required ) errors.

    Any ideas / pointers would be appreciated.

    Thanks,

    Matthew
    Matthew, Nov 2, 2004
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Charles Goehring
    Replies:
    0
    Views:
    1,065
    Charles Goehring
    May 20, 2004
  2. Replies:
    0
    Views:
    521
  3. News123
    Replies:
    9
    Views:
    3,051
    vilas
    Feb 15, 2012
  4. gardavis

    Unable to call SSL Web Service passing Client Certificate

    gardavis, Jul 2, 2004, in forum: ASP .Net Web Services
    Replies:
    0
    Views:
    421
    gardavis
    Jul 2, 2004
  5. n33470

    Are SSL certificates and x.509 certificates the same?

    n33470, Dec 14, 2005, in forum: ASP .Net Web Services
    Replies:
    0
    Views:
    166
    n33470
    Dec 14, 2005
Loading...

Share This Page