A
aswathsn
Hello Folks,
Here is my problem:
I have a console app that is trying to connect to an asp.net webservice
hosted by a third party and runs in a secure mode(HTTPS). My code is
running on Windows 2000 Professional and the web service is running on
Windows 2003 Server ("SERVER"). As I said the webservice is running in
HTTPS mode using an SSL cert issued by verisign.
We have decided to use Mutual Authentication due to security concerns.
I have a SSL cert valid for Client Authentication installed on my
machine ("CLIENT"). Everything works fine when the IIS on the SERVER
doesn't require a client cert with every request. The CLIENT can
connect to the SERVER and get a response back.
But the moment the setting on the SERVER is changed to REQUIRE client
cert with every incoming request, I start getting the following
exception on line 69:
"The remote server returned an error: (403) Forbidden"
This is inspite the fact that the CLIENT is attaching a valid client
authentication cert with the request. I have stepped through the
attached code to verify this.
On the SERVER side we are seeing the following error in the weblogs
"HTTP Error 403
403.7 Forbidden: Client certificate required"
the cert is being rejected for some other reason.
Any insights as to why this is happening or as to how to further debug
this problem would be highly appreciated.
Thanks
1 private static void TransmitSecure(string Url, string reqXml)
2 {
3 string errorMessage = "";
4 X509Certificate cert = null;
5 X509CertificateStore certstore = null;
6 X509CertificateCollection certcol = null;
7
8 string certName = "TestCert";
9
10 Encoding isoEncoding = Encoding.UTF8;
11 //string httpHeaders;
12
13 try
14 {
15 certstore =
X509CertificateStore.LocalMachineStore(X509CertificateStore.MyStore);
16
17 certstore.OpenRead();
18
19 certcol =
certstore.FindCertificateBySubjectString(certName);
20
21 cert = certcol[0];
22 }
23 catch(Exception ex)
24 {
25 // Close the X.509 certificate store.
26 if (certstore != null)
27 {
28 certstore.Close();
29 }
30
31 // No Client Certificate, No Mutual
Authenticated SSL.
32 errorMessage = "Certificate Error! " +
ex.Message.ToString();
33 }
34
35 // Close the X.509 certificate store.
36 if (certstore != null)
37 {
38 certstore.Close();
39 }
40
41 try
42 {
43 byte[] bytes;
44 string urlEncodedRequest =
HttpUtility.UrlEncode(requestXml);
45 bytes = isoEncoding.GetBytes("acordXml=" +
urlEncodedRequest);
46
47 HttpWebRequest wRequest =
(HttpWebRequest)WebRequest.Create(partnerSiteUrl);
48
49 //Create WebRequest cast as HTTPWebRequest to
access additional methods
50
51 WebProxy proxyObject = new
WebProxy("YourProxyServerName", true);
52 proxyObject.Credentials = new
NetworkCredential("UserID", "Password", "Domain");
53 wRequest.Proxy = proxyObject;
54
55 //Add the X.509 Certificate to the request
56 int i = wRequest.ClientCertificates.Add(cert);
57 wRequest.Method = "POST";
58 wRequest.ContentLength = bytes.Length;
59 wRequest.ContentType =
"application/x-www-form-urlencoded";
60
61 Stream requestStream =
wRequest.GetRequestStream();
62
63 using(requestStream)
64 {
65 requestStream.Write(bytes, 0,
bytes.Length);
66 }
67
68 Stream dataStream;
69 HttpWebResponse wResponse =
(HttpWebResponse)wRequest.GetResponse();
70
71 using(wResponse)
72 {
73 if(wResponse.StatusCode !=
HttpStatusCode.OK)
74 {
75 errorMessage = String.Format("POST
failed. Received HTTP {0}", wResponse.StatusCode.ToString());
76 throw new Exception(errorMessage);
77 }
78
79 // Get HTTP Headers
80 //httpHeaders =
wResponse.Headers.ToString();
81
82 // Get the stream containing content
returnedby the server.
83 dataStream =
wResponse.GetResponseStream();
84
85 // Open the stream using a StreamReader
86 StreamReader reader = new StreamReader
(dataStream);
87
88 // Read the content.
89 string responseXml = reader.ReadToEnd();
90
91 WriteToFile(responseXml);
92
93 // Cleanup the streams and the response.
94 reader.Close ();
95 dataStream.Close ();
96 }
97 }
98 catch(Exception wxcp)
99 {
100 errorMessage = "HTTPS Request Error! " +
wxcp.Message;
101 WriteToFile(wxcp.Message);
102 }
103 }
Here is my problem:
I have a console app that is trying to connect to an asp.net webservice
hosted by a third party and runs in a secure mode(HTTPS). My code is
running on Windows 2000 Professional and the web service is running on
Windows 2003 Server ("SERVER"). As I said the webservice is running in
HTTPS mode using an SSL cert issued by verisign.
We have decided to use Mutual Authentication due to security concerns.
I have a SSL cert valid for Client Authentication installed on my
machine ("CLIENT"). Everything works fine when the IIS on the SERVER
doesn't require a client cert with every request. The CLIENT can
connect to the SERVER and get a response back.
But the moment the setting on the SERVER is changed to REQUIRE client
cert with every incoming request, I start getting the following
exception on line 69:
"The remote server returned an error: (403) Forbidden"
This is inspite the fact that the CLIENT is attaching a valid client
authentication cert with the request. I have stepped through the
attached code to verify this.
On the SERVER side we are seeing the following error in the weblogs
"HTTP Error 403
403.7 Forbidden: Client certificate required"
request enroute to the SERVER (I dont know how this could happen!) orFrom the error it looks like either the cert gets stripped from the
the cert is being rejected for some other reason.
Any insights as to why this is happening or as to how to further debug
this problem would be highly appreciated.
Thanks
1 private static void TransmitSecure(string Url, string reqXml)
2 {
3 string errorMessage = "";
4 X509Certificate cert = null;
5 X509CertificateStore certstore = null;
6 X509CertificateCollection certcol = null;
7
8 string certName = "TestCert";
9
10 Encoding isoEncoding = Encoding.UTF8;
11 //string httpHeaders;
12
13 try
14 {
15 certstore =
X509CertificateStore.LocalMachineStore(X509CertificateStore.MyStore);
16
17 certstore.OpenRead();
18
19 certcol =
certstore.FindCertificateBySubjectString(certName);
20
21 cert = certcol[0];
22 }
23 catch(Exception ex)
24 {
25 // Close the X.509 certificate store.
26 if (certstore != null)
27 {
28 certstore.Close();
29 }
30
31 // No Client Certificate, No Mutual
Authenticated SSL.
32 errorMessage = "Certificate Error! " +
ex.Message.ToString();
33 }
34
35 // Close the X.509 certificate store.
36 if (certstore != null)
37 {
38 certstore.Close();
39 }
40
41 try
42 {
43 byte[] bytes;
44 string urlEncodedRequest =
HttpUtility.UrlEncode(requestXml);
45 bytes = isoEncoding.GetBytes("acordXml=" +
urlEncodedRequest);
46
47 HttpWebRequest wRequest =
(HttpWebRequest)WebRequest.Create(partnerSiteUrl);
48
49 //Create WebRequest cast as HTTPWebRequest to
access additional methods
50
51 WebProxy proxyObject = new
WebProxy("YourProxyServerName", true);
52 proxyObject.Credentials = new
NetworkCredential("UserID", "Password", "Domain");
53 wRequest.Proxy = proxyObject;
54
55 //Add the X.509 Certificate to the request
56 int i = wRequest.ClientCertificates.Add(cert);
57 wRequest.Method = "POST";
58 wRequest.ContentLength = bytes.Length;
59 wRequest.ContentType =
"application/x-www-form-urlencoded";
60
61 Stream requestStream =
wRequest.GetRequestStream();
62
63 using(requestStream)
64 {
65 requestStream.Write(bytes, 0,
bytes.Length);
66 }
67
68 Stream dataStream;
69 HttpWebResponse wResponse =
(HttpWebResponse)wRequest.GetResponse();
70
71 using(wResponse)
72 {
73 if(wResponse.StatusCode !=
HttpStatusCode.OK)
74 {
75 errorMessage = String.Format("POST
failed. Received HTTP {0}", wResponse.StatusCode.ToString());
76 throw new Exception(errorMessage);
77 }
78
79 // Get HTTP Headers
80 //httpHeaders =
wResponse.Headers.ToString();
81
82 // Get the stream containing content
returnedby the server.
83 dataStream =
wResponse.GetResponseStream();
84
85 // Open the stream using a StreamReader
86 StreamReader reader = new StreamReader
(dataStream);
87
88 // Read the content.
89 string responseXml = reader.ReadToEnd();
90
91 WriteToFile(responseXml);
92
93 // Cleanup the streams and the response.
94 reader.Close ();
95 dataStream.Close ();
96 }
97 }
98 catch(Exception wxcp)
99 {
100 errorMessage = "HTTPS Request Error! " +
wxcp.Message;
101 WriteToFile(wxcp.Message);
102 }
103 }