WCF / ASMX :: Connect Client Certificate To An Account In A Membership Database
Aug 30, 2010
I have created a web service that authenticates with username and password, works fine.
Basically this one, http://msdn.microsoft.com/en-us/library/ff649647.aspx
Now I also want to connect to this web service using client certificates, works fine
http://msdn.microsoft.com/en-us/library/cc948997.aspx
But I would like to when authenticated via client certificates, connect that certificate to a user in the membership database. So that I can use Roles.IsUserInRole(...) and such.
I thought that, well if I implement a Custom certificate Validator http://msdn.microsoft.com/en-us/library/ms733806.aspx then I could check for example subject and map that against a created username in the membership database.
But in the class X509CertificateValidator public override void Validate(X509Certificate2 certificate) I don't have the same ability as when the user is authenticated
like
void OnAuthenticateRequest(object source, EventArgs eventArgs)
HttpApplication app = (HttpApplication)source;
Basically how can I do this
app.Context.User = new
GenericPrincipal(new
GenericIdentity(username,
"Membership Provider"),roles);
within
public override
void Validate(X509Certificate2 certificate)
and if that is not possible, can this be solved differently? Bottom line, how do I connect a client certificate to a user account in the membership database. Is there a MSDN article on how to do this?
View 1 Replies
Similar Messages:
May 24, 2010
I'm new to cryptography and I'm a bit stuck:
I'm trying to connect (from my development environment) to a web service using HTTPS. The web service requires a client certificate - which I think I've installed correctly.
They have supplied me with a .PFX file. In Windows 7, I double clicked the file to install it into my Current User - Personal certificate store.
I then exported a X509 Base-64 encoded .cer file from the certificate entry in the store. It didn't have a private key associate with it.
Then, in my app, I'm attempting to connect to the service like this:
var certificate = X509Certificate.CreateFromCertFile("xyz.cer"));
var serviceUrl = "https://xyz";
var request = (HttpWebRequest) WebRequest.Create(serviceUrl);
request.ClientCertificates.Add(certificate);
request.Method = WebRequestMethods.Http.Post;
request.ContentType = "application/x-www-form-urlencoded";
I get a 502 Connection failed when I connect.
Is there anything you can see wrong with this method? Our production environment seems to work with a similar configuration, but it's running Windows Server 2003.
View 2 Replies
Oct 15, 2010
I'm trying to receive a Client Certificate in a Web Service and having some problems.
Client
[Code]....
The certificate seems to be correclty loading and added to the client.
The client connects to the server with HTTPS.
Server:
[Code]....
cert.IsPresent is false and all certificate fields are empty.
IIS is configured to Accept Client Certificates.
Reproduced in two environments:
- Windows 7 x64, IIS 7, VS 2008, .NET 3.5
- XP x86, IIS 5, VS 2008, .NET 3.5
Always in the Web Service the Client Certificate is not proesent. I haven't been able to find any other configuration I should do.
View 1 Replies
Nov 30, 2012
Let's assume our users in their office using Internet explorer to sign some Web Pages using their client certificate imported into the Internet explorer browser (let s assume no other browser is used)
what is a good approach/architecture for validating the client certificate (Internet Explorer), how to send that certificate or the signed form to the server and how do we verify the signature
Should we use smart client approach integrated to the web application or some silverlight or so or is web form/web pages enough to implement this security requirement ?
View 1 Replies
Apr 5, 2010
This code is OK: [URL]
I wonder how to incorporate the view of my table?
Example:
I have a table:
- Products
- Customers
I have multiple users, each one to see what Products and the parties if the request with your username and password.
How does this connect to the Membership table?
View 4 Replies
Feb 26, 2010
I tried creating a login page as ASP.NET web application. Then as we have to configure the page to connect to the database to retrieve user details, i clicked on the ASP.NET configuration under Website control.. I was taken to the configuration page with three tabs.. Security was the tab that i was supposed to configure.. But i am not able to go through to the security tab. I get the following error message.
"There is a problem with your selected data store. This can be caused by an invalid server name or credentials, or by insufficient permission. It can also be caused by the role manager feature not being enabled. Click the button below to be redirected to a page where you can choose a new data store.
The following message may help in diagnosing the problem: Unable to connect to SQL Server database."
View 15 Replies
Nov 15, 2010
I have recently upgraded from Windows Server 2003 to Server 2008. All is going well except for an Gmail API I use that's built using ASP.NET.
After configuring the application like I've always done on Server 2003, I keep getting the following error when attempting to access the page:
Unable to open certificate. IWAM_plesk(default) subject: Email Certificate
Exception Details: System.Exception: Unable to open certificate. IWAM_plesk(default) subject: Email Certificate
I have installed the certificate service and it's running... I have granted the IWAM user every possible permission, including making it a member of the Admin group, but still getting the same error.
View 1 Replies
Feb 18, 2011
I've created a custom membership provider and I am trying to use it to secure my WCF service. But, I am getting this error:
The service certificate is not provided. Specify a service certificate in ServiceCredentials.
I don't want to use an x509 certificate. How can I get this working?
Here is my service config:
<?xml version="1.0"?>
<bindings>
<wsHttpBinding>
<binding name="wsHttpBinding1" maxBufferPoolSize="2147483647" [code]...
UPDATE.This blog post, enter link description here, says:[When] you opt in for the UserName client credential type, WCF insists that your service must also reference a service certificate that contains a private key.
I am going to host my service in IIS and plan to use SSL certificate in the web site for encrypting communication. Can I make WCF not insist that I reference a service certificate?
View 2 Replies
Oct 29, 2010
I have certificate(abcd.rar) , which I need to include when I call that web service from asp.net application, Some one tell me how do I implement certificate into my application, certificate is with file extention .rar
View 3 Replies
Sep 8, 2010
i need to attach ssl certificate with my werbservice .https://localhost:1505/CrackerJackService.asmx should be work.I am new to ssl .
View 1 Replies
Jun 24, 2010
There is something I don't understand, When I don't put certificate at all, the SSL connection is established successfully, I wonder how the server decrypt the message without client certificate.What is client side certificate is for
View 4 Replies
Mar 8, 2011
I have an ASP.NET web app where I use an ado sql connection to connect to a database on a SQL Server. The ado connection string is provided with a user login that has sufficient rights to read/write to the database. I originally pushed out the web app in its own IIS web site, using its own application pool and everything worked fine.
However, I am now trying to include the web app under an already existing web site. Everything seemed to work fine until I tried any functionality that called for an INSERT or UPDATE to the database. It turns out the user connecting to the DB didn't have sufficient permissions. Finding this strange, I did some research and found a forum post that suggested the IIS Web Site service account needed read/write permissions in the SQL database in order for an app to perform INSERT/UPDATE. Is this true?
I tested it out, and yes, indeed it worked, only with the Application Pool Identity account. The deatails of my scenario are as follows:
The web app's first IIS Web Site had an application pool Identity that ran under NETWORK SERVICE, which already had a login for SQL SERVER The already existing web site's application pool Identity runs under a domain account. This site already runs another web app that connects to the same database using LINQ (developed by someone else). I am relatively new to web development and am more familiar with ADO, so that is the route I chose.The domain account mentioned above formerly had no SQL Server login/user mapping. I set it up as a dbowner, and viola, the new web app worked under the existing web site.
While I found a way for it to work, we would rather not create a SQL login for this Identity account. We want the login provided in the web app's ADO SqlConnection to be the one to actually connect, because isn't that the point of it?
View 1 Replies
Mar 1, 2010
In our database we have an SQL server account that has the correct roles to access some of the databases.All of our PC and Servers are in domain using Windows Account. Now there is ASP.NET web application, we want the users in the domain to browser some data in the sql server. But we do not want to grant direct permission to every person, so is it possible to connect to sql server and run some T-SQL without granting permission to users using one specify account?
View 3 Replies
Nov 17, 2010
Am facing problem while consuming a java web service using WCF. below is the web.config and aspx.cs file details
Requirement
Service request and response will be encrypted with certificate. when i run this below code am getting the error "The private key is not present in the X.509 certificate."
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="TestClientCertificate">
<clientCredentials>
<clientCertificate storeLocation="CurrentUser" storeName="My"
findValue="certificatename" x509FindType="FindByIssuerName"/>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="TestHttpBinding" maxReceivedMessageSize="1048576" maxBufferSize="1048576" transferMode="Buffered">
<security mode="TransportWithMessageCredential">
<!--<transport clientCredentialType="Certificate"/>-->
<message clientCredentialType="Certificate"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint name="TestHttpPort" address="https://webserviceurl/webservice"
binding="basicHttpBinding" bindingConfiguration="TestHttpBinding"
behaviorConfiguration="TestClientCertificate"
contract="ServiceReference1.webService1">
</endpoint>
</client>
</system.serviceModel>
in page
protected void Page_Load(object sender, EventArgs e)
{
WebServiceClient abc = new WebServiceClient();
BindingElementCollection elements = abc.Endpoint.Binding.CreateBindingElements();
elements.Find<SecurityBindingElement>().IncludeTimestamp = true;
abc.Endpoint.Binding = new CustomBinding(elements);
WebServiceClientResponse xyz = abc.WebMethod("", "");
}
private static bool customXertificateValidation(object sender, X509Certificate cert, X509Chain chain, System.Net.Security.SslPolicyErrors error)
{
return true;
}
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="TestClientCertificate">
<clientCredentials>
<clientCertificate storeLocation="CurrentUser" storeName="My"
findValue="partnerservices" x509FindType="FindByIssuerName"/>
</clientCredentials>
<!--<serviceDebug includeExceptionDetailInFaults="true"/>-->
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="TestHttpBinding" maxReceivedMessageSize="1048576" maxBufferSize="1048576" transferMode="Buffered">
<security mode="TransportWithMessageCredential">
<!--<transport clientCredentialType="Certificate"/>-->
<message clientCredentialType="Certificate"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint name="TestHttpPort" address="https://webservicespprd.biworldwide.com/partnerservices/services/v1/AccountWebService.biws"
binding="basicHttpBinding" bindingConfiguration="TestHttpBinding"
behaviorConfiguration="TestClientCertificate"
contract="ServiceReference1.AccountWebService">
<!--<identity>
<certificate encodedValue="MIIB5zCCAVCgAwIBAgIQlerVslZ+4p1Of3evhNc3TDANBgkqhkiG9w0BAQQFADAP
MQ0wCwYDVQQDEwRTR0JJMB4XDTEwMTExNjA5MjYyOVoXDTM5MTIzMTIzNTk1OVow
DzENMAsGA1UEAxMEU0dCSTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5mYW
n4Qp/8uosJ56fXLqygOkTDuYTTX0KECRce7fkeCFH8SpqQeCltNMjFgNRzr+C4rk
6A7GFe6gMiVyogqYgQn/QyZGT5iTXJ4khkAYui/gLX4Cga3tBCoVckja/93bCUOS
G4rS7W86kgG2hV+BfceqmlRISnlaLWxN/Ys6TAsCAwEAAaNEMEIwQAYDVR0BBDkw
N4AQ7veQWUUKR17/SJxFCEHu56ERMA8xDTALBgNVBAMTBFNHQkmCEJXq1bJWfuKd
Tn93r4TXN0wwDQYJKoZIhvcNAQEEBQADgYEAPsTiaYcghQCtBRH8FupLZIzliSHx
h3rsr6mKQT68rA+I9qjs/lsPaN2ebajDb3xzJRmjlrz2+9Gjc9LUGDaHEgxsPHab
Dh/IOgkqyjVAJHufjroKFfkzTJwwB4/uWU2vOKPpqVXfLqRXJ8du25MI7iWcHVfg
oYS1eESNBuPCErQ="/>
</identity>-->
</endpoint>
</client>
</system.serviceModel>
View 7 Replies
Aug 9, 2010
How can I do if I want there is a server certificate between web application IIS and web services??
Do I need to go to the Public CA??
View 1 Replies
Nov 26, 2010
I developing web application to sign, verify , encrypt, decrypt data at client side with client certificate.
It's happening in server side but how can I implement it client side.
View 1 Replies
Jun 25, 2010
I have hosted a secure WCF service on cloud with a certificate created by makecert.
Now I want to restrict the access to the service by allowing only those clients who have the certificate generated by me.
What is the best approach to implement this
* Shall I go with the changes in the configuration file
* Or Shall I write the code to validate this in the service
* Is there any other alternative?
View 1 Replies
Feb 22, 2010
I want to make a registration page for clients, that would only contain a button register and unregister. When the user would click on any of these 2 button he would should be prompted to select a client certificate from his computer. I would also like to extract the email address from the selected certificate.
Is there any way of declaratively configuring IIS 7 to require a client certificate for just 1 .aspx page on the website. I could then extract the certificate from Request.ClientCertificate, right?
View 1 Replies
Apr 8, 2010
Can a user connect to my web site using an Orkut account ? Just like Google Friend Connect or Facebook, but with Orkut.
The idea is, the user goes to my web site, I have a "Connect using Orkut" button there, on click takes him to the Orkut login page, once s/he logins and grants access to my app, get's redirected to my web site with the Orkut ID as a parameter. The same procedure that works for Google Friend Connect and also Facebook Connect....
I haven't seen an example of this with Orkut. Can it be done ? Is there an Orkut Connect or similar ?
A sample in c# would be excellent, but I would be happy with a sample in any language.
View 1 Replies
Aug 16, 2010
I have a WCF service which accepts X.509 certificate signed incoming messages. As per my understanding the client will send the message with signature encrypted using his private key and web services will decrypt the signature with client's public key. This ensures that the sender of the message is holder of the private key and that he is certified by the server trusted CA as "He is what he claims to be".
It's being a highly secure application I need to give access to only certain clients regardless of whether they are trusted or not. (This is to take care of good turned bad scenario :-)) How do I achieve this? Is there any way to get the client information as subject name etc from his certificate in C# code? Is there any example of this usage?
View 2 Replies
Sep 9, 2010
I dont have a lot of background with SSL and X509 configuration and support with my Asp.Net application, so I was wondering if someone can explain or point me in the right direction to MSDN or any other article or posting explaining if it's possible to do what I am looking to support in my environment.
I have IIS 6.0 with SSL (Verisign cert) as well as "Require client certificates" working against a local installation of Microsoft Certificate Services, https://<domain>/certsrv, where users can request and install client certs (both xp clients for basic
mode, and Vista/7 for advance mode).
Here's what I am up against:
I have a segment of users coming from a virtualized server environment where this environment does not store personal settings for more than 48 hours. It's not an internet cafe, but rather an actual business where their IT staff uses server images to reimage each virtual server in the farm every 48hrs. Thus losing all users data in the "Current Users" Certificate Stores.
The IT staff give users a network folder share to store any personal items (docs, spreadsheets, links, etc.). The servers consist of Windows Server 2003, and will be migrating to Windows Server 2008 in the next 6-9 months.
These users have rights in Internet Explorer to navigate to my certsrv site and use activex to to request and install certificates then clode and reopen the broser to navigate and render the asp.net app.
Problem:
It's a pain to ask the users to request and have issued a client certificate every 48 hours.
The IT staff of this company has asked if I can create some sort of certificate that they can load in the "local computer" certificate store, NOT the "Current User" store, that will be made part of their base image for all their servers, and that this certificate is then used to properly authenticate all users on these servers to my IIS with "require client certificates" selected.
Question:
Is this possible, and if so what can I do on my side to create the proper certificate to give to the IT staff at this business to put into their servers "local computer" certificate store? I assume either under the Personal->Certificates store, or under the "Trusted Root Certification Authorities"->Certificates store. Thus allowing any user of these servers in their thin client virtual environment to open I.E., navigate to my site and select a certificate from the "Choose a digital certificate" popup that allows them to render my Asp.Net application, or avoids this popup altogether.
If this is the wrong forum to post in, please advise and I will move. Probably due to vernacular on my part, I have been unable to find any resources on here, MSDN or Bing to help me solve this problem.
View 1 Replies
Jul 26, 2010
I need to send a X.509 client certificate to a web service in byte array (not attached to request). Besides the certificate, the caller will also send data and signed data. From the web service I can verify if the signature is ok but I don't know what is required to verify that the certificate is ok. I have the client certificate issuer CA trusted in Server (where the web service runs).
More specifically, how can I verify if a X.509 certificate itself is valid? I need to do it in web service not from IIS.
View 4 Replies
Mar 1, 2010
I would like to identify users that connect on a intranet web server (IIS) with client certificates.
I've set up a CA server on a Windows 2003 server pc. On my development pc, i've a windows xp with a web server (IIS) running.From my web server, i generated a certificate request (i specified the netbios name of my web server because this setup is for an intranet), i used that request to generate a web server certificate and i installed it on my IIS to allow SSL connection. . Now, i can connect with https to my web server from an internet explorer. I configured the web server to 'require client certificates'.
I would like to authenticate the users with a client certificate installed on each users pc. My CA server allows users to request a client certificate (domain user) from the CA server just by typing the url of the CA server and click 'User Certificate', 'submit' and then 'Install this certificate'.
In order to test my setup, i opened a Internet Explorer from a pc which resides in the domain and i requested and installed the user certificate. Then i connected to my web server and i get a window with the title "Choose a digital certificate". This window is always empty and never proposes the client certificate i previously installed on the user pc.
I've no idea of what i missed during my setup. I'm still wondering how the browser knows how to select which certificate must be displayed according to the url typed in the address bar.
View 6 Replies
Jan 13, 2010
We have a large extranet asp.net application that users forms authentication. In addition, for SCCM purposes, each computer in the company has a client certificate installed.
Now the question has been raised:
Is it possible for us to test for the presence of this certificate from our asp.net code behinds?
We don't want to switch our security to require client certificates to access the site, there are just parts of some pages that we'd rather not display if the person viewing the site is not using a company issued machine.
View 2 Replies
Feb 21, 2011
I have an ASP.Net app, that runs using windows authentication. The connection to the SQL Server is usually done by creating a sql server account and using that in the connection string.
However, in this specific very restrictive hosting environment, we have been asked to use a specific WINDOWS/active directory account to connect to the SQL Server.
note it is not the windows credentials of the user of the website, we need to connect to the SQL server with - it is one specific windows/AD account.
How do I configure that in my connection-string?
View 2 Replies