By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
446,213 Members | 1,117 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 446,213 IT Pros & Developers. It's quick & easy.

HttpClientCertificate not available in webservice

P: n/a
Hi

We have developed a webservice that was accessed by a fat windows client. A
security requirement was that the client authenticates itself by using by
providing a client certificate. The webserver (iis) made then sure that only
clients providing a valid certificate could connect. (settings: Requeire
secure channel, Require client certificates). This worked fine.

Due to a request by our client, we are forced to integrate the webservice in
another website where iis does not requeire a client certificate. I thought
about moving this security check to the application by checking the
HttpContext.Current.Request.ClientCertificate property. Unfortunately, this
does not work as i wish. When i debug, the ClientSertificate.IsPresent
property is always set to false. How is this possible, our client does send
a certificate.

Some more information about our settings:

- in iis we use security settings are set to accept client certificates!
- the certificates we use are invalid !!! Is it possible that iis blocks
this certificates so the webserver does not see them?

I am grateful for any help. Thanks in advance

Greetings
Daniel
--------------------------------------- Client code connection to webservice
and adding certificate to
est ------------------------------------------

private void InitWebService(string URL) {

webService = new Service();

webService.Url = URL;

cookies = new System.Net.CookieContainer();

webService.CookieContainer = cookies; // now Session are no longer lost

// create an X509Certificate object from the information

// in the certificate export file and add it to the

// ClientCertificates collection of the Web service proxy

ResourceManager resourceManager = new
ResourceManager("SmartClient.Certificate.ClientCer tificate",
Assembly.GetExecutingAssembly());

object o = resourceManager.GetObject("prime_user_cert_29jun20 06"); //
certificate testcertificate would be clientcert

Byte[] bytesOfCertificate = null;

if (o is System.Byte[]) {

bytesOfCertificate = (System.Byte[])o;

}

X509Certificate cert = new X509Certificate(bytesOfCertificate);

webService.ClientCertificates.Add(cert);

}

------------------------------------------------- Server
code ---------------------------------------------------

internal bool ValidateClient(){

HttpClientCertificate certificate =
HttpContext.Current.Request.ClientCertificate;

if(certificate == null || !certificate.IsPresent ){

return false;

}else{

return certificate.IsValid;

}

}

Mar 13 '07 #1
Share this question for a faster answer!
Share on Google+

This discussion thread is closed

Replies have been disabled for this discussion.