D
Daniel Knöpfel
Hi
We have developed a webservice that was accessed by a fat windows client. A
security requirement was that the client authenticates itself by using by
providing a client certificate. The webserver (iis) made then sure that only
clients providing a valid certificate could connect. (settings: Requeire
secure channel, Require client certificates). This worked fine.
Due to a request by our client, we are forced to integrate the webservice in
another website where iis does not requeire a client certificate. I thought
about moving this security check to the application by checking the
HttpContext.Current.Request.ClientCertificate property. Unfortunately, this
does not work as i wish. When i debug, the ClientSertificate.IsPresent
property is always set to false. How is this possible, our client does send
a certificate.
Some more information about our settings:
- in iis we use security settings are set to accept client certificates!
- the certificates we use are invalid !!! Is it possible that iis blocks
this certificates so the webserver does not see them?
I am grateful for any help. Thanks in advance
Greetings
Daniel
--------------------------------------- Client code connection to webservice
and adding certificate to
est ------------------------------------------
private void InitWebService(string URL) {
webService = new Service();
webService.Url = URL;
cookies = new System.Net.CookieContainer();
webService.CookieContainer = cookies; // now Session are no longer lost
// create an X509Certificate object from the information
// in the certificate export file and add it to the
// ClientCertificates collection of the Web service proxy
ResourceManager resourceManager = new
ResourceManager("SmartClient.Certificate.ClientCertificate",
Assembly.GetExecutingAssembly());
object o = resourceManager.GetObject("prime_user_cert_29jun2006"); //
certificate testcertificate would be clientcert
Byte[] bytesOfCertificate = null;
if (o is System.Byte[]) {
bytesOfCertificate = (System.Byte[])o;
}
X509Certificate cert = new X509Certificate(bytesOfCertificate);
webService.ClientCertificates.Add(cert);
}
------------------------------------------------- Server
code ---------------------------------------------------
internal bool ValidateClient(){
HttpClientCertificate certificate =
HttpContext.Current.Request.ClientCertificate;
if(certificate == null || !certificate.IsPresent ){
return false;
}else{
return certificate.IsValid;
}
}
We have developed a webservice that was accessed by a fat windows client. A
security requirement was that the client authenticates itself by using by
providing a client certificate. The webserver (iis) made then sure that only
clients providing a valid certificate could connect. (settings: Requeire
secure channel, Require client certificates). This worked fine.
Due to a request by our client, we are forced to integrate the webservice in
another website where iis does not requeire a client certificate. I thought
about moving this security check to the application by checking the
HttpContext.Current.Request.ClientCertificate property. Unfortunately, this
does not work as i wish. When i debug, the ClientSertificate.IsPresent
property is always set to false. How is this possible, our client does send
a certificate.
Some more information about our settings:
- in iis we use security settings are set to accept client certificates!
- the certificates we use are invalid !!! Is it possible that iis blocks
this certificates so the webserver does not see them?
I am grateful for any help. Thanks in advance
Greetings
Daniel
--------------------------------------- Client code connection to webservice
and adding certificate to
est ------------------------------------------
private void InitWebService(string URL) {
webService = new Service();
webService.Url = URL;
cookies = new System.Net.CookieContainer();
webService.CookieContainer = cookies; // now Session are no longer lost
// create an X509Certificate object from the information
// in the certificate export file and add it to the
// ClientCertificates collection of the Web service proxy
ResourceManager resourceManager = new
ResourceManager("SmartClient.Certificate.ClientCertificate",
Assembly.GetExecutingAssembly());
object o = resourceManager.GetObject("prime_user_cert_29jun2006"); //
certificate testcertificate would be clientcert
Byte[] bytesOfCertificate = null;
if (o is System.Byte[]) {
bytesOfCertificate = (System.Byte[])o;
}
X509Certificate cert = new X509Certificate(bytesOfCertificate);
webService.ClientCertificates.Add(cert);
}
------------------------------------------------- Server
code ---------------------------------------------------
internal bool ValidateClient(){
HttpClientCertificate certificate =
HttpContext.Current.Request.ClientCertificate;
if(certificate == null || !certificate.IsPresent ){
return false;
}else{
return certificate.IsValid;
}
}