|
|
You're in the
dotnet web services
group:getting 403: forbidden when attempt to access SSL secured webservice
dotnet web services:
I have an ASP.net page, written in VB.net. In that code I want to access a validator web services that is secured via SSL. I have installed the certificate, via a .pfx file, on the system. I can browse to the service and appear to be getting through However, from my server page I cannot access the web service. The call to the service generates the exception "Request failed with HTTP status 403: Forbidden". I had previously received this error when I attempted to access the service via IE. But specifying the appropriate Client Certificate when asked seemed to fix the problem. I read that I need to do something similar in code so I implemented the ICertificatePolicy class's member CheckValidationResult() returning true. The code I use to do this is: Public Class NetPolicy implements ICertificatePolicy Public Function CheckValidationResult (....) as boolean Return True End Function End Class The code that calls the webservice ValidateWS() is: Function Validate(id as integer) as boolean dim result as boolean System.Net.ServicePointManager.CertificatePolicy = new NetPolicy result =WebServer.ValidateWS(id) ' this is where the exception is generated return result End function Any thoughts or pointers? Thanks, Jerry
BTW, the error is also generated on a VB.net winform app.
[quoted text, click to view] "JerryK" <jerryk@nospam.com> wrote in message news:OMLCgkRIFHA.2984@TK2MSFTNGP15.phx.gbl... > Hi, > > I have an ASP.net page, written in VB.net. In that code I want to access > a validator web services that is secured via SSL. I have installed the > certificate, via a .pfx file, on the system. I can browse to the service > and appear to be getting through However, from my server page I cannot > access the web service. The call to the service generates the exception > "Request failed with HTTP status 403: Forbidden". > > I had previously received this error when I attempted to access the > service via IE. But specifying the appropriate Client Certificate when > asked seemed to fix the problem. I read that I need to do something > similar in code so I implemented the ICertificatePolicy class's member > CheckValidationResult() returning true. The code I use to do this is: > > Public Class NetPolicy implements ICertificatePolicy > > Public Function CheckValidationResult (....) as boolean > Return True > End Function > > End Class > > The code that calls the webservice ValidateWS() is: > > Function Validate(id as integer) as boolean > > dim result as boolean > > System.Net.ServicePointManager.CertificatePolicy = new NetPolicy > result =WebServer.ValidateWS(id) ' this is where the exception is > generated > return result > > End function > > > Any thoughts or pointers? > > Thanks, > > Jerry > >
You need to export the certficate (without private key) from IE into a .cer
file. Then you need to open MMC, add the certificates Snap-In and import the certificate into the trusted root authorities. (also known as the machine store) Finally, you need to attach the certificate to the request serviceProxy.ClientCertificates.Add(System.Security.Cryptography.X509Certificates.X509Certificate.CreateFromCertFile("c:\\yourCert.cer"); -Trevor Hello JerryK, [quoted text, click to view] > BTW, the error is also generated on a VB.net winform app. > > "JerryK" <jerryk@nospam.com> wrote in message > news:OMLCgkRIFHA.2984@TK2MSFTNGP15.phx.gbl... > >> Hi, >> >> I have an ASP.net page, written in VB.net. In that code I want to >> access a validator web services that is secured via SSL. I have >> installed the certificate, via a .pfx file, on the system. I can >> browse to the service and appear to be getting through However, from >> my server page I cannot access the web service. The call to the >> service generates the exception "Request failed with HTTP status 403: >> Forbidden". >> >> I had previously received this error when I attempted to access the >> service via IE. But specifying the appropriate Client Certificate >> when asked seemed to fix the problem. I read that I need to do >> something similar in code so I implemented the ICertificatePolicy >> class's member CheckValidationResult() returning true. The code I >> use to do this is: >> >> Public Class NetPolicy implements ICertificatePolicy >> >> Public Function CheckValidationResult (....) as boolean >> Return True >> End Function >> End Class >> >> The code that calls the webservice ValidateWS() is: >> >> Function Validate(id as integer) as boolean >> >> dim result as boolean >> >> System.Net.ServicePointManager.CertificatePolicy = new NetPolicy >> result =WebServer.ValidateWS(id) ' this is where the exception is >> generated >> return result >> End function >> >> Any thoughts or pointers? >> >> Thanks, >> >> Jerry >>
Trevor,
Thanks for the reply. I added the code that adds the certificates to the clientCertificate collection and that seems to work for the WinForm version. It did not however, effect the ASP.Net version. I did as you suggested added the certificates using the MMC. When I launched the snap in it came up with a dialog that Says, this snap in will always manage certificates for: My user account, Service Account, or Computer account. I added the snap in 3 times, once for My User Account, Computer Account, and Service Account. For the Service Account is asked me the service name, and I selected the Machine Debugger Account. I do not have a single certificate but rather three certificates that are designed to be in 3 different stores. At least that is what the guy who gave them to me said. We have a root certificate, that resides in the Trusted Root Certificate Authority. Then there is a intermediate certificate that resides in the Intermediate Certificate Authorities. Finally there is a Personal Certificate that resides in the Personal Certificate Authority. The Personal Certificate's path points to the Intermediate Certificate, which in turn points to the Root Certificate. I placed each of these certificates in the appropriate stores for the User, Service, and Computer accounts. However, I am still generating the 403: Forbidden error from the asp.net page. I thought this might be an account issue, but I do have impressionation enabled and am using the administrator account, which works with the WinForms version. Any thoughts? jerrry [quoted text, click to view] "Trevor Pinkney" <tpinkney@cyence.com> wrote in message news:4367632460479641665970@news.microsoft.com... > You need to export the certficate (without private key) from IE into a > .cer file. > > Then you need to open MMC, add the certificates Snap-In and import the > certificate into the trusted root authorities. (also known as the machine > store) > > Finally, you need to attach the certificate to the request > > serviceProxy.ClientCertificates.Add(System.Security.Cryptography.X509Certificates.X509Certificate.CreateFromCertFile("c:\\yourCert.cer"); > > -Trevor > > > Hello JerryK, > >> BTW, the error is also generated on a VB.net winform app. >> >> "JerryK" <jerryk@nospam.com> wrote in message >> news:OMLCgkRIFHA.2984@TK2MSFTNGP15.phx.gbl... >> >>> Hi, >>> >>> I have an ASP.net page, written in VB.net. In that code I want to >>> access a validator web services that is secured via SSL. I have >>> installed the certificate, via a .pfx file, on the system. I can >>> browse to the service and appear to be getting through However, from >>> my server page I cannot access the web service. The call to the >>> service generates the exception "Request failed with HTTP status 403: >>> Forbidden". >>> >>> I had previously received this error when I attempted to access the >>> service via IE. But specifying the appropriate Client Certificate >>> when asked seemed to fix the problem. I read that I need to do >>> something similar in code so I implemented the ICertificatePolicy >>> class's member CheckValidationResult() returning true. The code I >>> use to do this is: >>> >>> Public Class NetPolicy implements ICertificatePolicy >>> >>> Public Function CheckValidationResult (....) as boolean >>> Return True >>> End Function >>> End Class >>> >>> The code that calls the webservice ValidateWS() is: >>> >>> Function Validate(id as integer) as boolean >>> >>> dim result as boolean >>> >>> System.Net.ServicePointManager.CertificatePolicy = new NetPolicy >>> result =WebServer.ValidateWS(id) ' this is where the exception is >>> generated >>> return result >>> End function >>> >>> Any thoughts or pointers? >>> >>> Thanks, >>> >>> Jerry >>> > > >
Don't see what you're looking for? Try a search.
|
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |