.NET ssl certificates and webservices

Hi,

Had to  change one of my c# programs that uses consumed webservices to use SSL and not just server side certificat, but also client side.

1. Certificate files

Add your server certificate to “Local machine”  -> “Trusted Root “certificate store.

Add your client host certificate to “Local machine” -> “Personal” certificate store.

2. Change csharp code to use ssl

Create HttpBinding

BasicHttpBinding primaryBinding = new BasicHttpBinding();

primaryBinding.Security.Mode = BasicHttpSecurityMode.Transport;
primaryBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;

Create EndpointAddress

EndpointAddress remoteAddressPrimary = new EndpointAddress(new Uri(conn.PrimaryCapturePointURL));

Create ws

wsPrimary = new iWebServiceClient(primaryBinding, remoteAddressPrimary);

set webservice to use client certificate

wsPrimary.ClientCredentials.ClientCertificate.SetCertificate(
                                        StoreLocation.CurrentUser,
                                        StoreName.My,
                                        X509FindType.FindBySubjectName,
                                        “yourdomain.com”);

This next line will override stanadart mode, I had to use this line since I have IE8, if you try to access webservice via IE you will  have to accept client certificate as well

more on this http://blogs.msdn.com/b/ieinternals/archive/2009/09/03/client-certificate-selection-prompt.aspx

So actual line is

 wsPrimary.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.PeerOrChainTrust;
That should be it.

NOTE:

If you do not import server certificate in root please use following code

I have this line in class cunstructor.
System.Net.ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(OnValidationCallback);

Then add follolwing method  to class

public static bool OnValidationCallback(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors errors)
        {
            return true;
        }

Hope this helps.

Advertisements


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s