pulling hair out: issue with client certs using .net to connect to IBM webservice

C

chornbe99

The background:

Vendor-supplied CA Cert and client cert, connecting to vendor-
published web service. Installing the certs in the browser works
(Firefox and Internet Exploder).

Building the soap message long hand and POSTing it via HttpWebRequest,
using cert attachments works.

However... trying to use the IDE tools *never* connects to the web
service; fails with SSL errors (typical 'Can not create SSL
connection' errors). Downloading the WSDL and schema locally via the
browser, then building the objects via WebReferences works (of
course), but then running the code and attaching the certs never seems
to work; fails with "WSEC5075E: No security token found which
satisfies any one of AuthMethods." error.

I think I'm close. When I snoop the POSTed SOAP message, the security
token element is *way* different, and I can't seem to find a way to
override the contents or to force in the name/password.

Here's a filtered sample of my code:



AccountService svc = new AccountService();
WebProxy proxy = new WebProxy( "localhost:8080" );
// my local snooper
svc.Proxy = proxy;

//X509Certificate ca_cert =
System.Security.Cryptography.X509Certificates.X509Certificate.CreateFromCertFile( @"c:
\pnc_CA_cer.cer" );
Microsoft.Web.Services2.Security.X509.X509Certificate ca_cert =
Microsoft.Web.Services2.Security.X509.X509Certificate.CreateCertFromFile( @"c:
\CA_cert.cer" );
svc.ClientCertificates.Add( ca_cert );
//X509Certificate cert =
System.Security.Cryptography.X509Certificates.X509Certificate.CreateFromCertFile( @"c:
\pnc_cert.cer" );
Microsoft.Web.Services2.Security.X509.X509Certificate cert =
Microsoft.Web.Services2.Security.X509.X509Certificate.CreateCertFromFile( @"c:
\cert.cer" );
svc.ClientCertificates.Add( cert );

ICredentials creds = new NetworkCredential( "<myusername>",
"<mypassword>" );
svc.Credentials = creds;
svc.PreAuthenticate = true;

svc.AllowAutoRedirect = true;

try {
Account acct = svc.getAccount( "BLK", "BLKWSRTL", "0003194701" );//
vendor specific stuff
} catch( WebException webex ) {
Console.WriteLine( webex.Message );
} catch( Exception ex ) {
Console.WriteLine( ex.Message );
}

Please, before I go completely postal, what the HELL am I missing?
Thanks.

Here's the SOAP that works:
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/
envelope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<SOAP-ENV:Header>
<wsse:Security xmlns:soapenv="http://schemas.xmlsoap.org/soap/
envelope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://
www.w3.org/2001/XMLSchema-instance" xmlns:wsse="http://
schemas.xmlsoap.org/ws/2003/06/secext">
<wsse:UsernameToken xmlns:wsse="http://schemas.xmlsoap.org/ws/
2003/06/secext">
<wsse:Username xmlns:wsse="http://schemas.xmlsoap.org/ws/2003/06/
secext">$USER_NAME$</wsse:Username>
<wsse:password xmlns:wsse="http://schemas.xmlsoap.org/ws/2003/06/
secext">$PASSWORD$</wsse:password>
</wsse:UsernameToken>
</wsse:Security>
</SOAP-ENV:Header>
<SOAP-ENV:Body>
<m:getAccountRequest xmlns:m="http://<vendor_namespace_here>">
<FundGroupNumber>$FUND_GROUP_NUMBER$</FundGroupNumber>
<AppId>$APP_ID$</AppId>
<AccountNumber>$ACCOUNT_NUMBER$</AccountNumber>
</m:getAccountRequest>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>


Here's the soap that the IDE tools generate - which does *NOT* work:
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsa="http://
schemas.xmlsoap.org/ws/2004/03/addressing" xmlns:wsse="http://
docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-
secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/
oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soap:Header>
<wsa:Action>getAccount</wsa:Action>
<wsa:MessageID>uuid:cbf3ed52-a13a-464e-b3d3-a783b56863ac</
wsa:MessageID>
<wsa:ReplyTo>
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/03/addressing/role/
anonymous</wsa:Address>
</wsa:ReplyTo>
<wsa:To>http://vendor_endpoint_url</wsa:To>
<wsse:Security>
<wsu:Timestamp wsu:Id="Timestamp-b7530e68-f2a4-4a24-80f8-
e062ede2c5d6">
<wsu:Created>2007-06-20T17:06:58Z</wsu:Created>
<wsu:Expires>2007-06-20T17:11:58Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
</soap:Header>
<soap:Body>
<getAccountRequest xmlns="http://vendor_namespace">
<FundGroupNumber xmlns="">BLK</FundGroupNumber>
<AppId xmlns="">BLKWSRTL</AppId>
<AccountNumber xmlns="">0003194701</AccountNumber>
</getAccountRequest>
</soap:Body>
</soap:Envelope>

I feel like I'm very close and just missing something simple. Any
ideas? Thanks.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

C# SOAP Authentication to non C# web service 4
SOAP question 2
Consuming PHP-webservice with C# 1
Inserting items into the SOAP Header from C# Client to call a webservice 6
Calling Webservice like this WSDL. 1
Help sending to SOAP 1.2 web service 1
WSE 2.0 WS-Addressing problem 1
SelectSingleNode throwing exception: 1

Top