Help adding service reference

[nomad]

Hi,

I was wondering if it was possible to add a service reference to a web
service which requires an SSL certificate to authenticate? If not, if
I have the SSL certificate installed via mmc snap-in, is there another
way to send an XML payload to the web service with an SSL certificatre
attached to the request?

Appreciate any thoughts on this as I am a bit of a newbie.

Thanks

 

[Marc Gravell]

Can I check - the issue here is adding the reference in the first
place, yes? In which case, you might try obtaining the metadata
separately; most tools such as wsdl.exe, wse3wsdl.exe (for regular
SOAP and WSE3 SOAP respectively) and svcutil.exe (for WCF) will accept
a .wsdl or .xsd (or .discomap) at the command line. It might not be as
shiny as the VS window, but it'll work (and give you more options
too).

You can normally obtain the wsdl by doing (for example) ?wsdl on an
asmx. WCF has a different protocol (mex), but if it is disabled it
shows you a help screen instead telling you how to enable it.

Marc

 

[Marc Gravell]

If I misunderstood, and the issue is *using* the SSL web-service at
runtime, then you'll need to write some code. For wse/wse3 you can add
to the ClientCertificates collection; for WCF (which is what I
understand for "service reference"), there
is .ClientCredentials.ClientCertificate; either set .Certificate, or
call .SetCertificate(). I think you can also do this via config, but I
can't remember how exactly off-hand.

Marc

 

[nomad]

If I misunderstood, and the issue is *using* the SSL web-service at
runtime, then you'll need to write some code. For wse/wse3 you can add
to the ClientCertificates collection; for WCF (which is what I
understand for "service reference"), there
is .ClientCredentials.ClientCertificate; either set .Certificate, or
call .SetCertificate(). I think you can also do this via config, but I
can't remember how exactly off-hand.

Marc

Hi Marc,

Thanks for your replies. The web service I am trying to connect to
needs an ssl certificate otherwise I cannot connect to it. I have
tried using the code below but I keep getting "Unable to connect to
the remote server". I have also made sure that it ignores all
certifcate error but that also doesn't work.

webRequest.ClientCertificates.Add(GetCertificate());

private X509Certificate GetCertificate()
{
///Set store to LocalMachine as this is where the
certificates must be installed
X509Store store = new X509Store(StoreName.My,
StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
///Find certificate based on it's name
X509Certificate2Collection certificates =
store.Certificates.Find(X509FindType.FindBySubjectName, this.sslName,
true);
return certificates[0];

}

The following code which is in the constructor of the class ignores
the ssl cert errors.

ServicePointManager.ServerCertificateValidationCallback =
TrustAllCertificateCallback;

public static bool TrustAllCertificateCallback(object sender,
X509Certificate cert, X509Chain chain, SslPolicyErrors
errors)
{
return true;
}

 

[Marc Gravell]

Maybe I'm being daft; you mentioned SSL to authenticate, so I was
thinking client certificates; but if you actually mean an ssl (https)
certificate, then just ensure that you connect over https. WCF uses
this approach, and won't accept username/password pairs
(TransportWithMessageCredential) unless the transport provides
encryption.

However, most service code is very picky, and wants that certificate
to be properly trusted. Is this the issue? You don't trust the
certificate the server is issuing? In which case MMC would be your
first port of call (or get a better certificate at the server). In
fact, WCF even demands that the servers agree on the time (UTC)...

Marc

 

[nomad]

Maybe I'm being daft; you mentioned SSL to authenticate, so I was
thinking client certificates; but if you actually mean an ssl (https)
certificate, then just ensure that you connect over https. WCF uses
this approach, and won't accept username/password pairs
(TransportWithMessageCredential) unless the transport provides
encryption.

However, most service code is very picky, and wants that certificate
to be properly trusted. Is this the issue? You don't trust the
certificate the server is issuing? In which case MMC would be your
first port of call (or get a better certificate at the server). In
fact, WCF even demands that the servers agree on the time (UTC)...

Marc

Hi,

The client SSL certificate is installed correctly and is trusted. The
web service requires that I attach the client SSL certificate with the
https request, if I don't it will not allow me to connect to their
service. I have used the code above which picks the correct
certificate from the certificate store and attaches it, however when I
send the request I get an "Unable to connect to server" message, which
is basically telling me that the certificate wasn't attached. I was
able to do something similar in VB6 using WinHTTP which worked a
treat, but I can't get it to work in C#.

Appreciate any suggestions.