SSL / Web Service requring client certificates. No certificate server side...?


M

Matthew

Hi all,

I have the following scenario (XP / IIS 5, FX v1.1.4322) Both the
client app and web service are running on my local development
machine.

I am using a straightforward HTTPWebRequest, and WSE 2 to add an X509
certificate, as follows:

==================================================================
Private Function CreateWebRequest() As HttpWebRequest

Dim objRequest As HttpWebRequest = WebRequest.Create(m_URL &
"/" & m_Operation)


SetProxy(objRequest.Proxy)

objRequest.Method = "POST"
objRequest.ContentType = "application/x-www-form-urlencoded"
objRequest.Timeout = 300000

Dim certStore As X509CertificateStore
certStore = X509CertificateStore.LocalMachineStore(X509CertificateStore.RootStore.ToString)
certStore.OpenRead()

Dim cert As X509Certificates.X509Certificate
If certStore.FindCertificateBySubjectString("XYZ").Count > 0
Then
cert = certStore.FindCertificateBySubjectString("XYZ")(0)
End If

objRequest.ClientCertificates.Add(cert)

Return objRequest


End Function

==================================================================

This is using a test cert generated with makecert, and imported into
the local machine root store. When in debug mode, I can see the cert
is retrieved and added to the request's clientcertificates collection
fine.

However when inspecting the Context.Request.ClientCertificate property
in the WebService code, there is only an HTTPClientCerticate object
there with its properties unpopulated . ( this seems to be present
irrespective of whether or not the certificate is added client side)

I have attempted a similar exercise with the following test code which
I found here : http://www.15seconds.com/issue/020312.htm
to test a straightforward web service scenario, with the same result.
(The cert does not seem to be passed to the service...)

==================================================================

private void TestService_Click(object sender, System.EventArgs e)
{
CSWebservices.CCWebservice objws ;
objws = new CSWebservices.CCWebservice() ;

X509Certificate objCert ;
objCert = X509Certificate.CreateFromCertFile("xyz.cer") ;


objws.ClientCertificates.Add(objCert) ;

CSWebservices.ClientCertificateDetails objCertDetails ;
objCertDetails = objws.GetCertificateDetails() ;

}

==================================================================

Server Side:

[WebMethod]
public ClientCertificateDetails GetCertificateDetails()
{
HttpClientCertificate objCertificate =
HttpContext.Current.Request.ClientCertificate ;
ClientCertificateDetails objCertificateDetails = new
ClientCertificateDetails() ;
objCertificateDetails.Cookie = objCertificate.Cookie ;
objCertificateDetails.IsPresent = objCertificate.IsPresent ;
objCertificateDetails.Issuer = objCertificate.Issuer ;
objCertificateDetails.IsValid = objCertificate.IsValid ;
objCertificateDetails.KeySize = objCertificate.KeySize ;
objCertificateDetails.SecretKeySize = objCertificate.SecretKeySize
;
objCertificateDetails.SerialNumber = objCertificate.SerialNumber ;
objCertificateDetails.ServerIssuer = objCertificate.ServerIssuer ;
objCertificateDetails.ServerSubject = objCertificate.ServerSubject
;
objCertificateDetails.ValidFrom = objCertificate.ValidFrom ;
objCertificateDetails.ValidUntil = objCertificate.ValidUntil ;

return objCertificateDetails ;
}

======================================================================

If I configure IIS to require Client certificates: I experience HTTP
403.7 ( cert required ) errors.

Any ideas / pointers would be appreciated.

Thanks,

Matthew
 
Ad

Advertisements


Top