I'm building a Java Web Services exposed on the internet which I want to
restrain the use to only a few authorized programs, that is .NET Windows
Service (like IIS, Apache, etc..) I also intend to write.
I had a hard time finding clear and simple on how to use security with web
services.
Let's imagine I get it right (I'm not sure) I runned a 'secure' Hello web
services on Sun's app server.
Now I try to connect to it with a .NET client.
It's unclear to me how to connect with the right certificate.
I try something like that:
MyHelloService ds = new MyHelloService();
ds.Url = https://IHOOK-LLOYD.5dservices.com.a...-jaxrpc/hello;
ds.Timeout = 10000;
ds.ClientCertificates.Add(GetCert());
textRemote.Text = ds.sayHello(textUser.Text);
and the get cert return a new X509Certificate(buf)
where buf is the content of client.cer generate by java's keytool tool.
it doenst't work..... :(
on the other hand I found a sample on MSDN with plenty of interop and plenty
of line just to authenticate, I can't belive it's so complex!
any tips, links, others?