Using C# .Net V 1.1.4322, I am attempting to call some web services
that will ONLY be consumed by our Winforms client application.
I have my web service security working from the browser by following
instructions from good resources like this:
http://www.windowsecurity.com/articl...te-Authenticat...
I cannot successfully call the same web service from my C#
application.
I am attempting to embed my client certificate in the code so that
only my software will have the certificate. I have done this by
adding the CA cert file to the project and tagging it as an embedded
resource. I then have this method:
private static X509Certificate wsCertificate;
private static X509Certificate GetCertificate( )
{
if(wsCertificat e != null)
{
return wsCertificate;
}
Assembly a = Assembly.GetExe cutingAssembly( );
byte[] certBytes = null;
using(Stream certStream =
a.GetManifestRe sourceStream("D ataAccess.Posti nkClient.cer"))
{
certBytes = new byte[certStream.Leng th];
certStream.Read (certBytes, 0,
Convert.ToInt32 (certStream.Len gth));
}
wsCertificate = new X509Certificate (certBytes);
return wsCertificate;
}
This method gets called during configuration of my web service:
ws.ClientCertif icates.Add(GetC ertificate());
The resulting error is as follows:
The request failed with HTTP status 403: Forbidden.
Since the I can call this from the browser, I assume my server config
is ok. It has to something with how I'm dealing with the certificate
in the code.
Does anyone have any ideas? Keep in mind that I would really like
for
my application to handle this seamlessly as I deploy without having
to
install certificates on each machine it will be running on.
Or is there a much better way??????
Thanks in advance for any help or advice you can provide.
Karl