469,893 Members | 2,176 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,893 developers. It's quick & easy.

403: Access Forbidden

hello,

i am working on my first web service project. i am writing a webpage
that consumes a ws from one of our partners, so i do not have access to
the ws code itself. this partner uses certificates for security. the
steps they gave me to access it are:
1) run wsdl.exe on the "webservice.wsdl" given to me
2) compile the resulting .CS proxy class into a .DLL assembly
3) add this to my project's References section

4) install the .PFX certificate given to me by double-clicking it,
input password
5) go into IE (or Control Panels -> Internet Options) and go to Content
tab, Certificates...
6) click on the newly installed cert and Export, doing so as a DER
X.509 ".CER" file
7) do the following in my app code:

//load up the .cer
X509Certificate cert =
X509Certificate.CreateFromCertFile(@"c:\temp\test. cer");

//attach the cert to my proxy class ws object
ws.ClientCertificates.Add(cert);

//app authentication for proxy object
ws.Credentials = new NetworkCredential("[name]", "[password]");

//use webservice
bool result = ws.ValidateCustomer(customerID);

....however, when i run any of the ws methods, i get a 403 error:

The request failed with HTTP status 403: Access Forbidden.

....according to my IT contact at the partner, he said their logs report
i am failing at the web server level, and am not even reaching the
application's authentication (the NetworkCredential entry). he
indicated this is due to a problem w/ my certificate.

he also said other clients are using it, and provided me w/ a secure
test-form URL that uses the service. i am able to access the URL on
their secure site, so i know it works and apparently my certificate
works (IE asks me if i want to use the installed cert, i say Yes, i get
in and can run the form).
now i am stuck. i have granted ASPNET access to the .cer file, nothing.
have also farted around with the WinHttpCertCfg command line util,
running:

winhttpcertcfg -i webservice.pfx -p [password] -c LOCAL_MACHINE\my -a
aspnet

....which i see puts in entries to "C:\Documents and Settings\All
Users\Application Data\Microsoft\Crypto\RSA\MachineKeys". no use.
obviously, im not a certificate expert. any help would be
appreciated...
thanks!
matt

Nov 23 '05 #1
2 5899
i am now able to successfully run the costco webservice in my C#
ASP.NET test project. there were two changes i made on my end:

1) installed .NET Framework 1.1's service pack (the 1.1 release has
it's own SP1), which cites updates to webservices, security, and
certificates. this did not immediately fix my problem... so it may not
be related.

2) added the Certifcates snap-in for the MMC windows management
utility, and using it to delete my certs, re-add the .PFX into the
"Personal" store, then exporting it to a .CER all w/ the MMC snap-in
(and not using Control Panels -> Internet Settings or IE).

works. but i should really test further to establish which of the two
fixed it... im leaning towards #2.. i read in some other places people
said it was better to let MMC manage the store settings set it properly
sets rights.

but who knows, maybe it was both. if i have time ill test it on another
box.

Nov 23 '05 #2
tested on another machine -- it was using MMC.

the other machine did not have 1.1 SP1 installed, had the same problem
as my machine when installing the certificate just by double-clicking
the .PFX. however, after using MMC's snap-in, importing the .PFX, then
exporting the .CER, i had no trouble.
matt

Nov 23 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

reply views Thread by Oleg Konovalov | last post: by
reply views Thread by Layne L via DotNetMonster.com | last post: by
3 posts views Thread by Shamresh | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.