469,319 Members | 2,291 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,319 developers. It's quick & easy.

HttpClientCertificate not available in webservice

Hi

We have developed a webservice that was accessed by a fat windows client. A
security requirement was that the client authenticates itself by using by
providing a client certificate. The webserver (iis) made then sure that only
clients providing a valid certificate could connect. (settings: Requeire
secure channel, Require client certificates). This worked fine.

Due to a request by our client, we are forced to integrate the webservice in
another website where iis does not requeire a client certificate. I thought
about moving this security check to the application by checking the
HttpContext.Current.Request.ClientCertificate property. Unfortunately, this
does not work as i wish. When i debug, the ClientSertificate.IsPresent
property is always set to false. How is this possible, our client does send
a certificate.

Some more information about our settings:

- in iis we use security settings are set to accept client certificates!
- the certificates we use are invalid !!! Is it possible that iis blocks
this certificates so the webserver does not see them?

I am grateful for any help. Thanks in advance

Greetings
Daniel
--------------------------------------- Client code connection to webservice
and adding certificate to
est ------------------------------------------

private void InitWebService(string URL) {

webService = new Service();

webService.Url = URL;

cookies = new System.Net.CookieContainer();

webService.CookieContainer = cookies; // now Session are no longer lost

// create an X509Certificate object from the information

// in the certificate export file and add it to the

// ClientCertificates collection of the Web service proxy

ResourceManager resourceManager = new
ResourceManager("SmartClient.Certificate.ClientCer tificate",
Assembly.GetExecutingAssembly());

object o = resourceManager.GetObject("prime_user_cert_29jun20 06"); //
certificate testcertificate would be clientcert

Byte[] bytesOfCertificate = null;

if (o is System.Byte[]) {

bytesOfCertificate = (System.Byte[])o;

}

X509Certificate cert = new X509Certificate(bytesOfCertificate);

webService.ClientCertificates.Add(cert);

}

------------------------------------------------- Server
code ---------------------------------------------------

internal bool ValidateClient(){

HttpClientCertificate certificate =
HttpContext.Current.Request.ClientCertificate;

if(certificate == null || !certificate.IsPresent ){

return false;

}else{

return certificate.IsValid;

}

}

Mar 13 '07 #1
0 1866

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

13 posts views Thread by Edje.Rommel | last post: by
2 posts views Thread by ko | last post: by
7 posts views Thread by Amirallia | last post: by
4 posts views Thread by =?Utf-8?B?ZmFpcnl2b2ljZQ==?= | last post: by
2 posts views Thread by Mike Endys | last post: by
1 post views Thread by CARIGAR | last post: by
reply views Thread by suresh191 | last post: by
reply views Thread by Gurmeet2796 | last post: by
reply views Thread by mdpf | last post: by
reply views Thread by harlem98 | last post: by
reply views Thread by listenups61195 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.