Unable to call SSL Web Service passing Client Certificate

Discussion in 'ASP .Net Web Services' started by gardavis, Jul 2, 2004.

  1. gardavis

    gardavis Guest

    This is one of those cases where it works (calling the Web Service) in a WinForm app but not in ASP.Net.

    I am attempting to call a PayPal Web Service. I got the client certificate from them.

    The certificate works in the WinForm app but the same code in ASP.Net fails.

    I click the submit button an about a minute or so, this trap occurred:

    Web Exception: System.Net.WebException: The underlying connection was closed: Could not establish secure channel for SSL/TLS. ---> System.IO.IOException: Unable to read data from the transport connection. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host at System.Net.Sockets.Socket.Receive(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags) at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size) --- End of inner exception stack trace --- at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size) at System.Net.TlsStream.ForceRead(Byte[] space, Int32 offset, Int32 amount) at System.Net.TlsStream.ReadFullRecord(Byte[] buffer, Int32 length) at System.Net.TlsStream.Handshake(ProtocolToken message) --- End of inner exception stack trace --- at System.Net.HttpWebRequest.CheckFinalStatus() at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult) at System.Net.HttpWebRequest.GetRequestStream() at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters) at PayPal.PayPalWS.PayPalAPIInterfaceService.GetTransactionDetails(GetTransactionDetailsReq GetTransactionDetailsReq) in c:\inetpub\wwwroot\thestore24\paypal\web references\paypalws\reference.cs:line 65 at PayPal._Default.Button1_Click(Object sender, EventArgs ev) in c:\inetpub\wwwroot\paypal\default.aspx.cs:line 107


    A second (and third...) attempt also produces a trap but a bit different and it occurs immediatly, not after a delay like the one above.


    Web Exception: System.Net.WebException: The underlying connection was closed: Could not establish secure channel for SSL/TLS. ---> System.ComponentModel.Win32Exception: The message received was unexpected or badly formatted --- End of inner exception stack trace --- at System.Net.HttpWebRequest.CheckFinalStatus() at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult) at System.Net.HttpWebRequest.GetRequestStream() at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters) at PayPal.PayPalWS.PayPalAPIInterfaceService.GetTransactionDetails(GetTransactionDetailsReq GetTransactionDetailsReq) in c:\inetpub\wwwroot\thestore24\paypal\web references\paypalws\reference.cs:line 65 at PayPal._Default.Button1_Click(Object sender, EventArgs ev) in c:\inetpub\wwwroot\paypal\default.aspx.cs:line 10


    In order to see the warnings from SCHANNEL in the event log, I changed the EventLogging from 1 to 7 using regedit:


    KEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNELEventLogging = 7


    I repeated the failing request and checked the "System" section in the Event Log. I had three log entries from the request. I had two of these:


    Event Type: InformationEvent Source: SchannelEvent Category: NoneEvent ID: 36867User: N/ADescription:Creating an SSL client credential.Data:0000: 04 00 00 00 00 00 00 00 ........0008: 00 00 00 00 00 00 00 00 ........0010: 00 00 00 00 00 00 00 00 ........0018: 00 00 00 00 00 00 00 00 ........0020: 20 00 00 00 00 00 00 00 .......0028: 00 00 00 00 00 00 00 00 ........0030: 18 00 00 00 00 00 00 00 ........


    And one of these:


    Event Type: WarningEvent Source: SchannelEvent Category: NoneEvent ID: 36875User: N/ADescription:The remote server has requested SSL client authentication, but no suitable client certificate could be found. An anonymous connection will be attempted. This SSL connection request may succeed or fail, depending on the server's policy settings.


    This message seems to say that the PayPal Web Service has requested the certificate but my server could not find one to return

    My code:


    PayPalWS.PayPalAPIInterfaceService payPal; PayPalWS.GetTransactionDetailsResponseType response; PayPalWS.GetTransactionDetailsReq request; : : private void Button1_Click(object sender, System.EventArgs ev) { ServicePointManager.CertificatePolicy = new MyCertificateValidation(); payPal = new PayPalWS.PayPalAPIInterfaceService(); response = new PayPalWS.GetTransactionDetailsResponseType(); request = new PayPalWS.GetTransactionDetailsReq(); request.GetTransactionDetailsRequest = new PayPal.PayPalWS.GetTransactionDetailsRequestType(); request.GetTransactionDetailsRequest.TransactionID = tbxTrnID.Text; // TrnID Fillin field request.GetTransactionDetailsRequest.Version = "1.0"; payPal.Url = "https://api.sandbox.paypal.com/2.0/"; payPal.RequesterCredentials = new PayPalWS.CustomSecurityHeaderType(); payPal.RequesterCredentials.Credentials = new PayPalWS.UserIdPasswordType(); payPal.RequesterCredentials.Credentials.Username = "me_api1.mydomain.com"; payPal.RequesterCredentials.Credentials.Password = "*****" payPal.RequesterCredentials.Credentials.Subject = ""; string sCertFile = Server.MapPath("Certificate.cer"); X509Certificate x509 = X509Certificate.CreateFromCertFile(sCertFile); payPal.ClientCertificates.Add(x509); response = payPal.GetTransactionDetails( request ); // WEB SERVICE TRAPS HERE : : }


    A breakpoint shows that the MyCertificatValidation CheckValidationResult() method is not called prior to the trap.

    Thanks for any help!

    Gary
     
    gardavis, Jul 2, 2004
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Colin
    Replies:
    1
    Views:
    846
    Masudur
    Jul 14, 2007
  2. Matthew
    Replies:
    0
    Views:
    392
    Matthew
    Nov 2, 2004
  3. Colin
    Replies:
    1
    Views:
    178
    Masudur
    Jul 14, 2007
  4. Michel Meyer

    Client Certificate not passing to Web Service

    Michel Meyer, Jun 12, 2004, in forum: ASP .Net Web Services
    Replies:
    2
    Views:
    166
  5. Colin
    Replies:
    0
    Views:
    131
    Colin
    Jul 13, 2007
Loading...

Share This Page