Client Certificates: The request failed with HTTP status 403: Forbidden.

Discussion in 'ASP .Net Web Services' started by karlag92, Jun 26, 2007.

  1. karlag92

    karlag92 Guest

    Using C# .Net V 1.1.4322, I am attempting to call some web services
    that will ONLY be consumed by our Winforms client application.

    I have my web service security working from the browser by following
    instructions from good resources like this:
    http://www.windowsecurity.com/articles/Client-Certificate-Authentication-IIS6.html

    I cannot successfully call the same web service from my C#
    application.

    I am attempting to embed my client certificate in the code so that
    only my software will have the certificate. I have done this by
    adding the CA cert file to the project and tagging it as an embedded
    resource. I then have this method:

    private static X509Certificate wsCertificate;

    private static X509Certificate GetCertificate()
    {
    if(wsCertificate != null)
    {
    return wsCertificate;
    }

    Assembly a = Assembly.GetExecutingAssembly();
    byte[] certBytes = null;

    using(Stream certStream =
    a.GetManifestResourceStream("DataAccess.PostinkClient.cer"))
    {
    certBytes = new byte[certStream.Length];

    certStream.Read(certBytes, 0, Convert.ToInt32(certStream.Length));
    }

    wsCertificate = new X509Certificate(certBytes);

    return wsCertificate;
    }

    This method gets called during configuration of my web service:

    ws.ClientCertificates.Add(GetCertificate());

    The resulting error is as follows:

    The request failed with HTTP status 403: Forbidden.

    Since the I can call this from the browser, I assume my server config
    is ok. It has to something with how I'm dealing with the certificate
    in the code.

    Does anyone have any ideas? Keep in mind that I would really like for
    my application to handle this seamlessly as I deploy without having to
    install certificates on each machine it will be running on.

    Or is there a much better way??????

    Thanks in advance for any help or advice you can provide.

    Karl
     
    karlag92, Jun 26, 2007
    #1
    1. Advertisements

  2. ....
    It may have _something_ to do with you are dealing with the certificate, but
    it may not be what you think. The way to find out is to use a network
    monitor of some kind to find out what's happening on the wire.

    Also, please tell us how you have configured IIS and ASP.NET as far as
    handling certificates. I would want to be certain of whether it is IIS that
    is giving you this error, or ASP.NET.

    Have you looked at the certificate that is retrieved by your GetCertificate
    call? Are you sure that it's valid and that it's identical to the
    certificate being used from the browser?

    Is it possible that the certificate isn't what's being used from the
    browser, but instead your Windows credentials?
     
    John Saunders [MVP], Jun 26, 2007
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.