dotnet web services: Consuming WebService using SSL and Authenticated with X509 Certifi -- dotnet web services

You're in the

dotnet web services

group:

Consuming WebService using SSL and Authenticated with X509 Certifi

David G
8/29/2006 10:19:02 AM

dotnet web services:

My company has a Webservice that is currently running in production. It is
secured using SSL and clients are authenticated using X509 certificates.

I am able to consume the Webservice methods in a Framework 2.0 c# Forms
based application where I instantiate the X509 Certificate by pointing to the
certificate file and passing the password:

//====================
X509Certificate cert = new X509Certificate(this.tbCertFilePath.Text,
this.tbCertificatePassword.Text);

myWebService.ClientCertificates.Add(cert);
string k = myWebService.GetMyDataByYear(2004);
//====================

However, we are trying to instantiate the X509 Certificate using the
LocalMachineStore in a Framework 2.0 c# Web App:

//====================
X509CertificateStore store;
store = X509CertificateStore.LocalMachineStore(X509CertificateStore.MyStore);
byte[] certHash = new byte[]{0x28, 0x83, 0xf0, ...};

bool open = store.OpenRead();
Microsoft.Web.Services2.Security.X509.X509CertificateCollection certs =
store.FindCertificateByHash(certHash);
Microsoft.Web.Services2.Security.X509.X509Certificate cert = certs[0];

myWebService.ClientCertificates.Add(cert);
string k = myWebService.GetMyDataByYear(2004);
//====================

I am able to verify that the X509 Certificate is in fact being retrieved and
is being placed in the myWebService.ClientCertificates collection. The
problem occurs when I try to consume the Webservice. I am getting the
following exceptions:

[SocketException (0x274d): No connection could be made because the target
machine actively refused it]
System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot,
SocketAddress socketAddress) +1002146
System.Net.Sockets.Socket.InternalConnect(EndPoint remoteEP) +33
System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure,
Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState
state, IAsyncResult asyncResult, Int32 timeout, Exception& exception) +431

[WebException: Unable to connect to the remote server]
System.Net.HttpWebRequest.GetRequestStream() +1504525
System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String
methodName, Object[] parameters) +103
DbTest.com.WebServerName.GlobalOrganizerXML.GetAssigneeList(Int32
taxYear) in d:\webapps\DbTest\App_Code\GlobalOrganizerXML.cs:79
DbTest.WebForm1.Page_Load(Object sender, EventArgs e) in
d:\webapps\DbTest\WebForm1.aspx.cs:65
System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o,
Object t, EventArgs e) +15
System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender,
EventArgs e) +34
System.Web.UI.Control.OnLoad(EventArgs e) +99
System.Web.UI.Control.LoadRecursive() +47
System.Web.UI.Page.ProcessRequestMain(Boolean
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1061

Re: Consuming WebService using SSL and Authenticated with X509 Certifi

Zdenek Drlik
8/31/2006 3:20:18 PM

[quoted text, click to view]
Does the second certificate has associated private key? You could use
certificate for SSL authentication only if you have both private and
public keys.
So check certificate private key by MMC console, or check certificate
instance loaded with code line

Microsoft.Web.Services2.Security.X509.X509Certificate cert = certs[0];

in your example if "cert.Key != null".

Re: Consuming WebService using SSL and Authenticated with X509 Certifi

Kay-Christian Wessel
9/1/2006 2:11:30 AM

I think when you Open the store you need to specify MaxAllowed as a
parameter.

Best regards
Kay

[quoted text, click to view]

Got something to say? Click here to post a reply to this thread.

Don't see what you're looking for? Try a search.

View other messages in the dotnet web services group.

home · blog · groups

Questions? Comments? Contact the dn