X509Certificate not passed to webservice.

M

Matthew

Hi all,

I have the following scenario (XP / IIS 5, FX v1.1.4322) Both the
client app and web service are running on my local development
machine.

I am using a straightforward HTTPWebRequest, and WSE 2 to add an X509
certificate, as follows:

==================================================================
Private Function CreateWebRequest() As HttpWebRequest

Dim objRequest As HttpWebRequest = WebRequest.Create(m_URL &
"/" & m_Operation)


SetProxy(objRequest.Proxy)

objRequest.Method = "POST"
objRequest.ContentType = "application/x-www-form-urlencoded"
objRequest.Timeout = 300000

Dim certStore As X509CertificateStore
certStore = X509CertificateStore.LocalMachineStore(X509CertificateStore.RootStore.ToString)
certStore.OpenRead()

Dim cert As X509Certificates.X509Certificate
If certStore.FindCertificateBySubjectString("XYZ").Count > 0
Then
cert = certStore.FindCertificateBySubjectString("XYZ")(0)
End If

objRequest.ClientCertificates.Add(cert)

Return objRequest


End Function

==================================================================

This is using a test cert generated with makecert, and imported into
the local machine root store. When in debug mode, I can see the cert
is retrieved and added to the request's clientcertificates collection
fine.

However when inspecting the Context.Request.ClientCertificate property
in the WebService code, there is only an HTTPClientCerticate object
there with its properties unpopulated . ( this seems to be present
irrespective of whether or not the certificate is added client side)

I have attempted a similar exercise with the following test code which
I found here : http://www.15seconds.com/issue/020312.htm
to test a straightforward web service scenario, with the same result.
(The cert does not seem to be passed to the service...)

==================================================================

private void TestService_Click(object sender, System.EventArgs e)
{
CSWebservices.CCWebservice objws ;
objws = new CSWebservices.CCWebservice() ;

X509Certificate objCert ;
objCert = X509Certificate.CreateFromCertFile("xyz.cer") ;


objws.ClientCertificates.Add(objCert) ;

CSWebservices.ClientCertificateDetails objCertDetails ;
objCertDetails = objws.GetCertificateDetails() ;

}

==================================================================

Server Side:

[WebMethod]
public ClientCertificateDetails GetCertificateDetails()
{
HttpClientCertificate objCertificate =
HttpContext.Current.Request.ClientCertificate ;
ClientCertificateDetails objCertificateDetails = new
ClientCertificateDetails() ;
objCertificateDetails.Cookie = objCertificate.Cookie ;
objCertificateDetails.IsPresent = objCertificate.IsPresent ;
objCertificateDetails.Issuer = objCertificate.Issuer ;
objCertificateDetails.IsValid = objCertificate.IsValid ;
objCertificateDetails.KeySize = objCertificate.KeySize ;
objCertificateDetails.SecretKeySize = objCertificate.SecretKeySize
;
objCertificateDetails.SerialNumber = objCertificate.SerialNumber ;
objCertificateDetails.ServerIssuer = objCertificate.ServerIssuer ;
objCertificateDetails.ServerSubject = objCertificate.ServerSubject
;
objCertificateDetails.ValidFrom = objCertificate.ValidFrom ;
objCertificateDetails.ValidUntil = objCertificate.ValidUntil ;

return objCertificateDetails ;
}

======================================================================

If I configure IIS to require Client certificates: I experience HTTP
403.7 ( cert required ) errors.

Any ideas / pointers would be appreciated.

Thanks,

Matthew
 
G

Guest

Did you install SSL Cert on your machine running IIS?

Chew
Hi all,

I have the following scenario (XP / IIS 5, FX v1.1.4322) Both the
client app and web service are running on my local development
machine.

I am using a straightforward HTTPWebRequest, and WSE 2 to add an X509
certificate, as follows:

==================================================================
Private Function CreateWebRequest() As HttpWebRequest

Dim objRequest As HttpWebRequest = WebRequest.Create(m_URL &
"/" & m_Operation)


SetProxy(objRequest.Proxy)

objRequest.Method = "POST"
objRequest.ContentType = "application/x-www-form-urlencoded"
objRequest.Timeout = 300000

Dim certStore As X509CertificateStore
certStore = X509CertificateStore.LocalMachineStore(X509CertificateStore.RootStore.ToString)
certStore.OpenRead()

Dim cert As X509Certificates.X509Certificate
If certStore.FindCertificateBySubjectString("XYZ").Count > 0
Then
cert = certStore.FindCertificateBySubjectString("XYZ")(0)
End If

objRequest.ClientCertificates.Add(cert)

Return objRequest


End Function

==================================================================

This is using a test cert generated with makecert, and imported into
the local machine root store. When in debug mode, I can see the cert
is retrieved and added to the request's clientcertificates collection
fine.

However when inspecting the Context.Request.ClientCertificate property
in the WebService code, there is only an HTTPClientCerticate object
there with its properties unpopulated . ( this seems to be present
irrespective of whether or not the certificate is added client side)

I have attempted a similar exercise with the following test code which
I found here : http://www.15seconds.com/issue/020312.htm
to test a straightforward web service scenario, with the same result.
(The cert does not seem to be passed to the service...)

==================================================================

private void TestService_Click(object sender, System.EventArgs e)
{
CSWebservices.CCWebservice objws ;
objws = new CSWebservices.CCWebservice() ;

X509Certificate objCert ;
objCert = X509Certificate.CreateFromCertFile("xyz.cer") ;


objws.ClientCertificates.Add(objCert) ;

CSWebservices.ClientCertificateDetails objCertDetails ;
objCertDetails = objws.GetCertificateDetails() ;

}

==================================================================

Server Side:

[WebMethod]
public ClientCertificateDetails GetCertificateDetails()
{
HttpClientCertificate objCertificate =
HttpContext.Current.Request.ClientCertificate ;
ClientCertificateDetails objCertificateDetails = new
ClientCertificateDetails() ;
objCertificateDetails.Cookie = objCertificate.Cookie ;
objCertificateDetails.IsPresent = objCertificate.IsPresent ;
objCertificateDetails.Issuer = objCertificate.Issuer ;
objCertificateDetails.IsValid = objCertificate.IsValid ;
objCertificateDetails.KeySize = objCertificate.KeySize ;
objCertificateDetails.SecretKeySize = objCertificate.SecretKeySize
;
objCertificateDetails.SerialNumber = objCertificate.SerialNumber ;
objCertificateDetails.ServerIssuer = objCertificate.ServerIssuer ;
objCertificateDetails.ServerSubject = objCertificate.ServerSubject
;
objCertificateDetails.ValidFrom = objCertificate.ValidFrom ;
objCertificateDetails.ValidUntil = objCertificate.ValidUntil ;

return objCertificateDetails ;
}

======================================================================

If I configure IIS to require Client certificates: I experience HTTP
403.7 ( cert required ) errors.

Any ideas / pointers would be appreciated.

Thanks,

Matthew

User submitted from AEWNET (http://www.aewnet.com/)
 
C

chew

Did you install SSL Cert on your machine running IIS?

Chew
Hi all,

I have the following scenario (XP / IIS 5, FX v1.1.4322) Both the
client app and web service are running on my local development
machine.

I am using a straightforward HTTPWebRequest, and WSE 2 to add an X509
certificate, as follows:

==================================================================
Private Function CreateWebRequest() As HttpWebRequest

Dim objRequest As HttpWebRequest = WebRequest.Create(m_URL &
"/" & m_Operation)


SetProxy(objRequest.Proxy)

objRequest.Method = "POST"
objRequest.ContentType = "application/x-www-form-urlencoded"
objRequest.Timeout = 300000

Dim certStore As X509CertificateStore
certStore = X509CertificateStore.LocalMachineStore(X509CertificateStore.RootStore.ToString)
certStore.OpenRead()

Dim cert As X509Certificates.X509Certificate
If certStore.FindCertificateBySubjectString("XYZ").Count > 0
Then
cert = certStore.FindCertificateBySubjectString("XYZ")(0)
End If

objRequest.ClientCertificates.Add(cert)

Return objRequest


End Function

==================================================================

This is using a test cert generated with makecert, and imported into
the local machine root store. When in debug mode, I can see the cert
is retrieved and added to the request's clientcertificates collection
fine.

However when inspecting the Context.Request.ClientCertificate property
in the WebService code, there is only an HTTPClientCerticate object
there with its properties unpopulated . ( this seems to be present
irrespective of whether or not the certificate is added client side)

I have attempted a similar exercise with the following test code which
I found here : http://www.15seconds.com/issue/020312.htm
to test a straightforward web service scenario, with the same result.
(The cert does not seem to be passed to the service...)

==================================================================

private void TestService_Click(object sender, System.EventArgs e)
{
CSWebservices.CCWebservice objws ;
objws = new CSWebservices.CCWebservice() ;

X509Certificate objCert ;
objCert = X509Certificate.CreateFromCertFile("xyz.cer") ;


objws.ClientCertificates.Add(objCert) ;

CSWebservices.ClientCertificateDetails objCertDetails ;
objCertDetails = objws.GetCertificateDetails() ;

}

==================================================================

Server Side:

[WebMethod]
public ClientCertificateDetails GetCertificateDetails()
{
HttpClientCertificate objCertificate =
HttpContext.Current.Request.ClientCertificate ;
ClientCertificateDetails objCertificateDetails = new
ClientCertificateDetails() ;
objCertificateDetails.Cookie = objCertificate.Cookie ;
objCertificateDetails.IsPresent = objCertificate.IsPresent ;
objCertificateDetails.Issuer = objCertificate.Issuer ;
objCertificateDetails.IsValid = objCertificate.IsValid ;
objCertificateDetails.KeySize = objCertificate.KeySize ;
objCertificateDetails.SecretKeySize = objCertificate.SecretKeySize
;
objCertificateDetails.SerialNumber = objCertificate.SerialNumber ;
objCertificateDetails.ServerIssuer = objCertificate.ServerIssuer ;
objCertificateDetails.ServerSubject = objCertificate.ServerSubject
;
objCertificateDetails.ValidFrom = objCertificate.ValidFrom ;
objCertificateDetails.ValidUntil = objCertificate.ValidUntil ;

return objCertificateDetails ;
}

======================================================================

If I configure IIS to require Client certificates: I experience HTTP
403.7 ( cert required ) errors.

Any ideas / pointers would be appreciated.

Thanks,

Matthew

User submitted from AEWNET (http://www.aewnet.com/)
 
M

Matthew

Hi

Yes. I have a test certificate running on IIS and the web service is
configured to require SSL.
I am overriding cert warnings with the implementation of a custom
CertificatePolicy, client side.

My first thought was that, unless I set up the service to require
client certificates, the certificate wouldn't be sent with the
request. So I set up IIS to require client certificates. With that
configuration, I got the 403.7 HTTP Error referred to in my first
post.

still a bit baffled on this one.

I have also installed the root certificate for the test client
certificate which I generated with makecert.exe (Root Agency), into
the Local Machine Trusted Certification Authorities store.

I also edited the certificate trust list on IIS to include the
relevant client certificate.

All this ... and the same result. either the client certificate doesnt
seem to be sent, or if the service requires a client certificate then
a 403 error.

I wonder if the issue is that IIS is looking in the local user store,
as opposed to the local machine store, to determine whether it
recognizes the root CA....? Guess I'll give that a go.

Thanks..
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,743
Messages
2,569,478
Members
44,898
Latest member
BlairH7607

Latest Threads

Top