c# - WCF wsHttpBinding Client Certificate Authentication without using store in client -


i have wcf service registered such using wshttpbinding hosted in iis https binding valid , active certificate:

<?xml version="1.0"?> <configuration>   <system.webserver>     <security>       <access sslflags="ssl, sslnegotiatecert, sslrequirecert"/>       <authorization>         <add users="*" accesstype="allow" />       </authorization>     </security>   </system.webserver>   <system.web>     <authorization>       <allow users="*" />     </authorization>   </system.web>   <system.servicemodel>     <protocolmapping>       <add scheme="https" binding="wshttpbinding" />     </protocolmapping>     <bindings>       <wshttpbinding>         <binding name="mynamespace.webservice_transportsecurity">           <security mode="transport">             <transport clientcredentialtype="certificate" />           </security>         </binding>       </wshttpbinding>     </bindings>     <behaviors>       <servicebehaviors>         <behavior name="mynamespace.webservice_behaviour">           <servicemetadata httpgetenabled="false" httpsgetenabled="true" />           <servicedebug includeexceptiondetailinfaults="true" />           <servicecredentials>             <clientcertificate>               <authentication certificatevalidationmode="peerorchaintrust" revocationmode="nocheck" />             </clientcertificate>           </servicecredentials>         </behavior>       </servicebehaviors>     </behaviors>     <services>       <service name="mynamespace.webservice" behaviorconfiguration="mynamespace.webservice_behaviour">         <endpoint address=""                   binding="wshttpbinding"                   bindingconfiguration="mynamespace.webservice_transportsecurity"                   contract="mynamespace.imyservicecontract">         </endpoint>          <endpoint address="mex"                              binding="mexhttpsbinding"                   contract="imetadataexchange" />       </service>     </services>   </system.servicemodel> </configuration>

i'm using .net 4 far can tell binding works ssl , client certificate authentication.

i've generated standard proxy using svcutil , trying set certificate (self signed in server) using it's base64 representation:

x509certificate2 certificate = new system.security.cryptography.x509certificates.x509certificate2(system.convert.frombase64string("thebase64ofthecertificate")); if (certificate == null) {     return null; } imyservicecontractclient client = new imyservicecontractclient(new system.servicemodel.wshttpbinding {     security = new system.servicemodel.wshttpsecurity     {         mode = system.servicemodel.securitymode.transport,         transport = new system.servicemodel.httptransportsecurity         {              clientcredentialtype = system.servicemodel.httpclientcredentialtype.certificate         }     } }, new system.servicemodel.endpointaddress(new system.uri("https://myserviceendpoint/webservice.svc"))); client.clientcredentials.clientcertificate.certificate = certificate;

but not work if don't have certificate in local computer store, error:

enter image description here

i'm not expert in security, ssl or certificates, feasible?

all i'm trying achieve ensure service called code, , thought using self-signed client certificates validated in server do, if need in store adds unnecessary complexity whole thing!

update 1:

as suggested yacoub massad exporting certificate's base64 x509contenttype.pkcs12 yields exception: 

an unhandled exception of type 'system.security.cryptography.cryptographicexception' occurred in mscorlib.dll  additional information: key not valid use in specified state.

i'm loading certificate store with:

    x509certificate2 certificate = null;     x509store store = new x509store(storename.my, storelocation.localmachine);     try     {         store.open(openflags.readwrite);         var r = store.certificates.find(x509findtype.findbysubjectname, "licensingcert", false);         if (r.count > 0)             certificate = r[0];     }     catch     {         certificate = null;     }         {         if (store != null)             store.close();     }      if (certificate == null)     {         return null;     }     file.writealltext(@"c:\tmp\certs\exportlicensingcert.txt", convert.tobase64string(certificate.export(x509contenttype.pkcs12)));

update 2:

made sure certificate had been imported mark exportable , did trick, must have skipped first time imported certificate. testing compiled code on computer has stopped doing error. thank yacoub massad pointing me in right direction :)

for certificate authentication work, client needs private key prove identity server. certificate alone not work.

make sure x509certificate2 setup wcf client use has corresponding private key.

you need pfx file contains certificate , private key , need import them x509certificate2 object via import method.


Comments

Post a Comment

Popular posts from this blog

sublimetext3 - what keyboard shortcut is to comment/uncomment for this script tag in sublime -

Image
i have script tag in code, keyboard shortcut comment/uncomment script tag in sublime. after selecting script open , close tag. <script src="http://code.jquery.com/jquery-latest.min.js" type="text/javascript"> </script> i pressing ctrl + shift + / , getting this /*<script src="http://code.jquery.com/jquery-latest.min.js" type="text/javascript"> </script>*/ also pressed ctrl + / , got this // <script src="http://code.jquery.com/jquery-latest.min.js" type="text/javascript"> // </script> instead of <!-- <script src="http://code.jquery.com/jquery-latest.min.js" type="text/javascript"> </script> --> script open , close tag in 2 lines not in 1 line , not have spaces too. for mac,high light lines want comment. hold 'command , / ' commented. for windows: high line or select lines ,then hold ctrl + / if not work: ...
Read more

java - No use of nillable="0" in SOAP Webservice -

i have received xsd 3rd party supplier generated java based system; used create soap endpoint receive data transfers. xsd not make use of nillable attribute defined within w3c/xsd namespace, example: <xs:complextype name="customer"> <xs:sequence> <xs:element minoccurs="1" maxoccurs="1" name="id" type="xs:integer"/> <xs:element minoccurs="0" maxoccurs="1" name="titleid" type="xs:integer"/> <xs:element minoccurs="0" maxoccurs="1" name="firstname" type="xs:string"/> <xs:element minoccurs="0" maxoccurs="1" name="familyname" type="xs:string"/> <xs:element minoccurs="0" maxoccurs="1" name="previousname" type="xs:string"/> <xs:element minoccurs="0" maxoccurs="1" nam...
Read more

ubuntu - Laravel 5.2 quickstart guide gives Not Found Error -

edit: think problem due not setting apache properly, these 2 links helped me. solution: http://laravel.io/forum/06-11-2014-not-found-but-route-exists https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-virtual-hosts-on-ubuntu-14-04-lts end edit i'm following laravel 5.2 quickstart guide. https://laravel.com/docs/5.2/quickstart i'm running ubuntu 14.04.2 the website runs initially, when click on add task button run 404 not found error. as per guide run following commands setup complete quickstart project. git clone https://github.com/laravel/quickstart-basic quickstart cd quickstart composer install php artisan migrate additionally run following commands because i'm on ubuntu server: sudo chown -r www-data.www-data quickstart sudo chmod -r 755 quickstart sudo chmod 777 quickstart/storage the routes.php file looks like: <?php use app\task; use illuminate\http\request; route::group(['middleware' => ['web']]...
Read more