If I buy a CA certificate for the one site on the webserver, can I use the same certificate on a self-hosted wcf service.
The wcf service will use wsHttpBinding with username/password authentication.
I have a rather strange situation that I am in.
I have to write a web-service that will (among other things) communicate with another web service. When we communicate with that remote web-service we are required to use a certificate that they provided.
I am having a really hard time trying to find any sample code that does this.
I have found code for installing certs when you want to use a browser to communicate, but none when you are using a web-service to web-service and you are required to HAVE the certificate, not requiring the OTHER end to have the certificate.
So far I cannot even find code to allow me to parse throught the cert store. Samples I found online show up as errors in Visual Studio 2005.
Note: This is running one Windows 2000, designed with Visual Studio 2005, asp.net 2.0
Keyset does not existDescription:An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.Exception Details: System.Security.Cryptography.CryptographicException: Keyset does not existSource Error:
[Code]...
I have a WCF service that runs in my web application that provides data to a Silverlight application and is defined as follows (with an appropriate .svc file)....
[ServiceContract(Namespace = "")]
[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)]
public class DispatchService [code]...
The idea is that the user logs into the website and is then authorised for all services. I do not want to have a login aspect to my Silverlight application to authenticate users.Therefore I dont want anyone to be able to call my service who is not authenticated.
Could I...Somehow determine this for each Operation Contract. I had a look inside the OperationContext object but couldnt find anthing that stood out as a way to determine who the user was.Somehow attribute the ServiceContract so that the method can only be used by authorised users?Put something in my web.config to stop unathorised users from being able to access the folder containing the services?
Am facing problem while consuming a java web service using WCF. below is the web.config and aspx.cs file details
Requirement
Service request and response will be encrypted with certificate. when i run this below code am getting the error "The private key is not present in the X.509 certificate."
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="TestClientCertificate">
<clientCredentials>
<clientCertificate storeLocation="CurrentUser" storeName="My"
findValue="certificatename" x509FindType="FindByIssuerName"/>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="TestHttpBinding" maxReceivedMessageSize="1048576" maxBufferSize="1048576" transferMode="Buffered">
<security mode="TransportWithMessageCredential">
<!--<transport clientCredentialType="Certificate"/>-->
<message clientCredentialType="Certificate"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint name="TestHttpPort" address="https://webserviceurl/webservice"
binding="basicHttpBinding" bindingConfiguration="TestHttpBinding"
behaviorConfiguration="TestClientCertificate"
contract="ServiceReference1.webService1">
</endpoint>
</client>
</system.serviceModel>
in page
protected void Page_Load(object sender, EventArgs e)
{
WebServiceClient abc = new WebServiceClient();
BindingElementCollection elements = abc.Endpoint.Binding.CreateBindingElements();
elements.Find<SecurityBindingElement>().IncludeTimestamp = true;
abc.Endpoint.Binding = new CustomBinding(elements);
WebServiceClientResponse xyz = abc.WebMethod("", "");
}
private static bool customXertificateValidation(object sender, X509Certificate cert, X509Chain chain, System.Net.Security.SslPolicyErrors error)
{
return true;
}
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="TestClientCertificate">
<clientCredentials>
<clientCertificate storeLocation="CurrentUser" storeName="My"
findValue="partnerservices" x509FindType="FindByIssuerName"/>
</clientCredentials>
<!--<serviceDebug includeExceptionDetailInFaults="true"/>-->
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="TestHttpBinding" maxReceivedMessageSize="1048576" maxBufferSize="1048576" transferMode="Buffered">
<security mode="TransportWithMessageCredential">
<!--<transport clientCredentialType="Certificate"/>-->
<message clientCredentialType="Certificate"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint name="TestHttpPort" address="https://webservicespprd.biworldwide.com/partnerservices/services/v1/AccountWebService.biws"
binding="basicHttpBinding" bindingConfiguration="TestHttpBinding"
behaviorConfiguration="TestClientCertificate"
contract="ServiceReference1.AccountWebService">
<!--<identity>
<certificate encodedValue="MIIB5zCCAVCgAwIBAgIQlerVslZ+4p1Of3evhNc3TDANBgkqhkiG9w0BAQQFADAP
MQ0wCwYDVQQDEwRTR0JJMB4XDTEwMTExNjA5MjYyOVoXDTM5MTIzMTIzNTk1OVow
DzENMAsGA1UEAxMEU0dCSTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5mYW
n4Qp/8uosJ56fXLqygOkTDuYTTX0KECRce7fkeCFH8SpqQeCltNMjFgNRzr+C4rk
6A7GFe6gMiVyogqYgQn/QyZGT5iTXJ4khkAYui/gLX4Cga3tBCoVckja/93bCUOS
G4rS7W86kgG2hV+BfceqmlRISnlaLWxN/Ys6TAsCAwEAAaNEMEIwQAYDVR0BBDkw
N4AQ7veQWUUKR17/SJxFCEHu56ERMA8xDTALBgNVBAMTBFNHQkmCEJXq1bJWfuKd
Tn93r4TXN0wwDQYJKoZIhvcNAQEEBQADgYEAPsTiaYcghQCtBRH8FupLZIzliSHx
h3rsr6mKQT68rA+I9qjs/lsPaN2ebajDb3xzJRmjlrz2+9Gjc9LUGDaHEgxsPHab
Dh/IOgkqyjVAJHufjroKFfkzTJwwB4/uWU2vOKPpqVXfLqRXJ8du25MI7iWcHVfg
oYS1eESNBuPCErQ="/>
</identity>-->
</endpoint>
</client>
</system.serviceModel>
I need to send a X.509 client certificate to a web service in byte array (not attached to request). Besides the certificate, the caller will also send data and signed data. From the web service I can verify if the signature is ok but I don't know what is required to verify that the certificate is ok. I have the client certificate issuer CA trusted in Server (where the web service runs).
More specifically, how can I verify if a X.509 certificate itself is valid? I need to do it in web service not from IIS.
I'm calling an external Web service that requires a certificate to be passed. This works perfectly fine for a stand-alone Windows Forms application, but when I attempt to do the exact same thing through an ASP.NET Web Application, it throws the following error:
"No connection could be made because the target machine actively refused it"
I found this MS article that describes what appears to be the exact issue I'm having, but it only applies to .NET 1.0:
[URL]
I'm using .NET 3.5, so surely it must be fixed by now!
I've attempted to change permissions on the certificate and fooled around with the app pool identity, but nothing seems to work.
Can a windows service and a IIS site share the same dlls?
And maybe the configuration (web.config)?
Can I use the membership provider api on a hosted service? I can create mssql databases but have no control over iis. Will I be able to use the membership admin webpage on the hosted service?
Am I correct in stating that the api uses ASPNETDB.MDF in the app_data folder as it's database?
I want to get the certificate information of a website. I means that i've a textbox on a page. When i enter a url in that textbox and press the button. The certificate information of that website should be returned.
Say, i've entered the [URL], Then it should return the Certificate authority, Validation period etc.
I'm running an ASP page that is using a WCF client to get some data. How can I set/pass the Network Credentials (of the user that performed the request, not the .net pool thread) on the WCF client so the WCF service will be able to perform impersonation using these credentials ?
View 1 RepliesI have an ASP.Net site using Forms authentication. One of the aspx pages loads a WinForms user control hosted in IE. That control must connect with a WCF service located in the same ASP.Net web site.How can I make the WCF service secure? Currently I have set the WCF service to use AspNetCompatibilityRequirements mode but the user control hosted in IE can't connect to the WCF service as it isn't logged in.
View 1 RepliesProgramatically is it possible using C# or script 1. To attach certificate to the https binding of website in IIS 7.5(from a drop down).
View 1 RepliesWe have developed a website in asp.net using windows authentication and deployed it on the intranet (IIS v6.0). Most of the times, when users try to access this website they are taken straight to the website, but occasionally some users get a prompt to enter their windows username and password. I understand that this could be caused because of several reasons like:
Cached active directory password. Recently active directory password changed. Active directory account locked out. I want to fix this issue for good because it is annoying the users.
I have asp.net 2.0 site which is calling web services hosted on another server. When i have an xml file from where web service ip for eg. www.mysite/webservice1/myservice.asmx is given. When i call the same server from developer machine using local networkit works fine.But the same is when hosted remotely and from client end when services is called reading xml fiile from client machine it given a message 'remote server not connecting'.
View 1 Repliesi have created a normal web service and i want to host it outside IIS. one idea i got is to use window service as hosting environment. i have created a web service and hosted it window service and its window service is running now.would anybody please let me know that how can i call web service hosted in window service binded over soap.tcp. here is my sample code.
[Code]....
[Code]....
I'm trying to receive a Client Certificate in a Web Service and having some problems.
Client
[Code]....
The certificate seems to be correclty loading and added to the client.
The client connects to the server with HTTPS.
Server:
[Code]....
cert.IsPresent is false and all certificate fields are empty.
IIS is configured to Accept Client Certificates.
Reproduced in two environments:
- Windows 7 x64, IIS 7, VS 2008, .NET 3.5
- XP x86, IIS 5, VS 2008, .NET 3.5
Always in the Web Service the Client Certificate is not proesent. I haven't been able to find any other configuration I should do.
I have hosted a WCF service on IIS. The configuration file is as follows
[code]....
If I host the service on ASP .NET Dev server, it work well but if I host on IIS above mentioned error occurs.
I have searched and could not find any article related to "How to implement Certificate Security in
production environment".
I could able to Create sample certificates for client and Server on my local machine and was able to authenticate my client app with the certificates . These certificates are test certificates.
How do I do this in Production. We have a domain certificate from GoDaddy which resides on the server. How do I create a Client Certificate off of that.
I have a client asp.net website that uses ASP.Net Membership, Roles and Profile providers and Login controls. I need to expand the application so was going to use WCF Workflows, the ASP.Net website will be hosted on a different server than the WCF Services so what I want to do is get the ASP.Net Website to auth via the WCF Service. So process will go:
ASP.Net Website ------------------> WCF Service ------------------> SQL Database (Membership, Roles, Profile, Workflow Persistence Data and Business Data)
I tried creating a custom Membership and Role providers but I have had problems managing the users (Membershipuser class) saying null when a vaild user has been return by the WCF Service as can access the properies but not the methods.
I get this error when trying to access a self hosted wcf service...
[Code]....
Can someone explain what I need to do to get this to work, I do not have any cross domain policy file. And don't know how that is supposed to look like.
I'm having trouble injecting services dependencies into my WCF service using Autofac 1.4.5. I've read and followed the Autofac wiki page on WcfIntegration but my debugging shows me that my WCF service is created by the System.ServiceModel.Dispatcher.InstanceBehavior.GetInstance() method and not by the AutofacWebServiceHostFactory. What am I doing wrong?
I've set up my ajax.svc file to look like the one in the example for use with WebHttpBinding:
<%@ ServiceHost Language="C#" Debug="true"
Service="Generic.Frontend.Web.Ajax, Generic.Frontend.Web"
Factory="Autofac.Integration.Wcf.AutofacWebServiceHostFactory,
Autofac.Integration.Wcf" %>
My WCF service class Ajax is defined like this:
namespace Generic.Frontend.Web
{
[ServiceContract]
[AspNetCompatibilityRequirements(
RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)]
public class Ajax
{
public MapWebService MapWebService { get; set;}.....
The service already works fine but I can't get the Autofac bits (read: creation/injection) to work.
Removing the default constructor unfortunately leads to the following exception:
System.InvalidOperationException: The service type provided could not be loaded as a service because it does not have a default (parameter-less) constructor. To fix the problem, add a default constructor to the type, or pass an instance of the type to the host.
I have an ASP.NET web-site and a WCF service which is called from ASP. The problem is, that during the first client request the site loads aufully slow, cause some time-consuming static objects are being created inside the WCF service. Is it possible to call any service method (by doing this the wcf object will be created), when the site gets loaded in IIS? (I know there is a solution for this problem in ASP 4 and IIS 7.5, but i'd like to know what's about IIS6-7). It is something like "user emulation") Maybe i can add some event handlers in global.asax?
View 1 RepliesI need advice on how to secure my WCF web service hosted in IIS. I am new to WCF and would appreciate any sample code, articles to help me restrict access to my WCF service.
I am in the process of testing and deploying a WCF service that will be available on the internet. I need to secure the web service so that only authorized clients can use the service. I need to be able to detect who the client is making the call to the service. The group I am building this service for wants to use Certificate authentication or IP address to Identify the themselves to call my web service. They do not want to use user name and password.
I have found several articles and code snippets for getting the IP address of the client and Certificate authentication. The problem I found using trying to get the IP address of the client is that since my web service his hosted behind a F5 or some type of reverse proxy I cannot get the true IP of the client. The IP that the web services get is the IP of the F5 or the reverse proxy.
For Certificate Authentication I followed the directions from the 9 simple steps to enable X.509 certificates on WCF located here
http://www.codeproject.com/KB/WCF/9StepsWCF.aspx?msg=3181718. I had a few problems using this setup for my web service. 1) To me it seemed like as long as the user presented a valid Certificate they would be able to call my web service.
2) Does Certificate Authentication work when the security mode is set to Transport? In my production environment only HTTPS traffic is allowed through. I setup a Certificate authention on my service following the steps outlined in the article. I used the SSL certificate assigned to my server for the web services. For the client outside the network the service is hosted on, I used one of the certificates I generated when i tested the code locally. I changed the authentication mode of the certificate to chain trust for both the client and the server. I was able to call the service and recieve a message. I thought that since my certificate was self generated using the makecert command that the web services would not authenticate the client for the service.
how I can secure my services to only allow a few approved clients to call call the service.
Im using asp.net website with WCF service, having wsHttpBinding,Aspnet compatibility enabled, specified as Sessionmode -allowed, service behavior- isinitiated and client session cookie enabled. Its looking like Asp.Net session object and WCF Session( HTTPContext.Current.Session) work independently. How can I share Asp.net Session value to WCF Session and vise versa.
View 3 Replies