Connecting PDA/Phone to Web Services using SSL?

[DevDude]

I am using the following code to make a connection to a remote web service
running on my windows 2003 server. The server is in a domain using
Certificate Services. I have assigned a certificate to the default web site
and configured it. I can connect to the web service using IE, but when
trying to make a web connection via my application, I get various errors. I
can't seem to make it work. Here is a similar example to my code:

service.Url = @"https://" + Server + @"/WebService1/WebService1.asmx";
System.Net.NetworkCredential NC = new NetworkCredential();
ServicePointManager.CertificatePolicy = new TrustAllCertificatePolicy();
NC.UserName = username;
NC.Password = password;
NC.Domain = domain;
service.Credentials = NC;

try
{
if (service.IsConnected())
{
return true;
}
else
{
return false;
}
}
catch(Exception except)
{
MessageBox.Show(except.Message);
}

return false;

When I am not using https, things connect fine. When I use https, I get
"Unable to read data from the network connection", inner exception is "the
remote certificate failed validation procedure".

Is there something I'm doing wrong, or is this simply not supported with
Windows Mobile?

I can't seem to find any clear answers out there. I have added the root
certificate to my mobile device store and it doesnt change the error
returned. Can anyone tell me how to make it work securly? I need to pass
admin credentials around with other various sensitive data and I need a
secure connection from the mobile device. Microsoft is doing it with
Outlook, so you would think it should work.

Thanks in advance,

Nick

 

[Ginny Caughey [MVP]]

DevDude,

Did you copy the certificate to your device and install it?

 

[DevDude]

Yes I did. I even used the SslChainSaver tool that Scott( from the Windows
Mobile Team Blog ) recommended to verify that there were not any
intermediate certs required. I ran that tool this morning and it say that
only the root cert was required. Intermediate certs are included in the
chain. So, to be safe, I took the output .cer files and moved them to the
device to be sure, and still no go, same error. IE will connect fine to the
web service without any certificate warnings, but my application refuses to
make a successful connection to the web service using SSL.

I'm open to suggestions. Any other idea I can/should try? I have a customer
who would like to use my application, but they require it to use SSL for the
connection.

My configuration is simple. Its a Windows 2003 SP1 server running IIS. There
is a virtual directory hosting the web serivce under IIS. This server is in
a Windows 2003 AD domain with Certificate Services installed on the DC. It
has the root cert and my IIS server has its own cert assigned to it by the
CA on the DC. The CA root cert has been copied over to the emulator. IE will
make a successful connection from the emulator without any cert warnings,
but everytime I try to make the connection using the logic below, I get the
error "Can not read data from the transport connection", inner exception
"The remote certificate failed the validation procedure".

One of the posters in the Smart Device forums said that x509 certificates
were not supported. But it seems like I'm trying to do the same thing that
Exchange is already doing(tons of docs on how to configure that). It would
seem that it should work. Am I chasing my tail? Shouldnt this work? If you
say I need ISA Server I am going to java!

Thanks in advance,
Nick

 

[Ginny Caughey [MVP]]

Nick,

The only other thing that comes to mind is can you ping the server? Maybe
someone else will have suggestions too.

 

[DevDude]

Yes, connectivity is fine since I can connect with http fine. Only https
fails.

Nick

 

[siccolo]

I am using the following code to make a connection to a remote web service
running on my windows 2003 server. The server is in a domain using
Certificate Services. I have assigned a certificate to the default web site
and configured it. I can connect to the web service using IE, but when
trying to make a web connection via my application, I get various errors. I
can't seem to make it work. Here is a similar example to my code:

service.Url = @"https://" + Server + @"/WebService1/WebService1.asmx";
System.Net.NetworkCredential NC = new NetworkCredential();
ServicePointManager.CertificatePolicy = new TrustAllCertificatePolicy();
NC.UserName = username;
NC.Password = password;
NC.Domain = domain;
service.Credentials = NC;

try
{
if (service.IsConnected())
{
return true;
}
else
{
return false;
}}

catch(Exception except)
{
MessageBox.Show(except.Message);

}

return false;

When I am not using https, things connect fine. When I use https, I get
"Unable to read data from the network connection", inner exception is "the
remote certificate failed validation procedure".

Is there something I'm doing wrong, or is this simply not supported with
Windows Mobile?

I can't seem to find any clear answers out there. I have added the root
certificate to my mobile device store and it doesnt change the error
returned. Can anyone tell me how to make it work securly? I need to pass
admin credentials around with other various sensitive data and I need a
secure connection from the mobile device. Microsoft is doing it with
Outlook, so you would think it should work.

Thanks in advance,

Nick

are you using "Basic" authenication on the server?

 

[Patino]

I found a solution when dealing with SSL. Check this link
http://weblogs.asp.net/jan/archive/2003/12/04/41154.aspx
It worked for me.

Now I need to ask you a question: in my consumer application (a CF
app) I create the credentials and pass them to the WS object. But, how
do I get these credentials on the WS application? In the WS
application, I define a Principal object, but I need this principal to
be the user who connects to this WS app via the CF app. Note that I am
adapting code that used to work fine but with WSE........CF apps do
not support WSE; so I have to use credentials now. With WSE, in the WS
app, I used to get the 'credentials' over the network using
GetUserNameToken; then assign this user as my Principal
(Thread.CurrentPrincipal). But how do I do this now without WSE ?

Please your prompt response will be VERY APPRECIATED.

rocio