K
karlag92
Using C# .Net V 1.1.4322, I am attempting to call some web services
that will ONLY be consumed by our Winforms client application.
I have my web service security working from the browser by following
instructions from good resources like this:
http://www.windowsecurity.com/articles/Client-Certificate-Authentication-IIS6.html
I cannot successfully call the same web service from my C#
application.
I am attempting to embed my client certificate in the code so that
only my software will have the certificate. I have done this by
adding the CA cert file to the project and tagging it as an embedded
resource. I then have this method:
private static X509Certificate wsCertificate;
private static X509Certificate GetCertificate()
{
if(wsCertificate != null)
{
return wsCertificate;
}
Assembly a = Assembly.GetExecutingAssembly();
byte[] certBytes = null;
using(Stream certStream =
a.GetManifestResourceStream("DataAccess.PostinkClient.cer"))
{
certBytes = new byte[certStream.Length];
certStream.Read(certBytes, 0, Convert.ToInt32(certStream.Length));
}
wsCertificate = new X509Certificate(certBytes);
return wsCertificate;
}
This method gets called during configuration of my web service:
ws.ClientCertificates.Add(GetCertificate());
The resulting error is as follows:
The request failed with HTTP status 403: Forbidden.
Since the I can call this from the browser, I assume my server config
is ok. It has to something with how I'm dealing with the certificate
in the code.
Does anyone have any ideas? Keep in mind that I would really like for
my application to handle this seamlessly as I deploy without having to
install certificates on each machine it will be running on.
Or is there a much better way??????
Thanks in advance for any help or advice you can provide.
Karl
that will ONLY be consumed by our Winforms client application.
I have my web service security working from the browser by following
instructions from good resources like this:
http://www.windowsecurity.com/articles/Client-Certificate-Authentication-IIS6.html
I cannot successfully call the same web service from my C#
application.
I am attempting to embed my client certificate in the code so that
only my software will have the certificate. I have done this by
adding the CA cert file to the project and tagging it as an embedded
resource. I then have this method:
private static X509Certificate wsCertificate;
private static X509Certificate GetCertificate()
{
if(wsCertificate != null)
{
return wsCertificate;
}
Assembly a = Assembly.GetExecutingAssembly();
byte[] certBytes = null;
using(Stream certStream =
a.GetManifestResourceStream("DataAccess.PostinkClient.cer"))
{
certBytes = new byte[certStream.Length];
certStream.Read(certBytes, 0, Convert.ToInt32(certStream.Length));
}
wsCertificate = new X509Certificate(certBytes);
return wsCertificate;
}
This method gets called during configuration of my web service:
ws.ClientCertificates.Add(GetCertificate());
The resulting error is as follows:
The request failed with HTTP status 403: Forbidden.
Since the I can call this from the browser, I assume my server config
is ok. It has to something with how I'm dealing with the certificate
in the code.
Does anyone have any ideas? Keep in mind that I would really like for
my application to handle this seamlessly as I deploy without having to
install certificates on each machine it will be running on.
Or is there a much better way??????
Thanks in advance for any help or advice you can provide.
Karl