locked
How do I use Certificate based authentication with Data Services Client RRS feed

  • Question

  • My Data Services web site requires a client certificate for authentication. I can't seem to figure out how to supply this certificate programmatically using the DataServiceContext. With plain old WCF I use
    ClientBase.ClientCredentials.ClientCertificate.Certificate = {get certificate here}

    Thanks.

    Thursday, April 2, 2009 3:14 PM

Answers

  • Hi,

    The DataServiceContext.SendingRequest event should allow you to hook up certificates to the underlying HttpWebRequest made by the context.

    Here is an example implementation that you could try adding to your context (either directly or with a partial class). It will expose a X509Certificate property called ClientCertificate that will be added whenever a request is sent. While I don't expect this to match what you're trying to do exactly, I hope it will help.

            private X509Certificate clientCertificate = null;
            public X509Certificate ClientCertificate
            {
                get
                {
                    return clientCertificate;
                }
                set
                {
                    if (value == null)
                    {
                        // if the event has been hooked up before, we should remove it
                        if (clientCertificate != null)
                            this.SendingRequest -= this.OnSendingRequest_AddCertificate;
                    }
                    else
                    {
                        // hook up the event if its being set to something non-null
                        if(clientCertificate == null)
                            this.SendingRequest += this.OnSendingRequest_AddCertificate;
                    }
    
                    clientCertificate = value;
                }                   
            }
    
            private void OnSendingRequest_AddCertificate(object sender, SendingRequestEventArgs args)
            {
                if (null != ClientCertificate)
                    (args.Request as HttpWebRequest).ClientCertificates.Add(ClientCertificate);
            }


    This should allow you to do something like:

    MyDataServiceContext ctx = new MyDataServiceContext(myServiceRoot);
    ctx.ClientCertificate = { get certificate here }

    I've done a bit of experimentation just to make sure that the event is firing, but I have not tried it with a valid certificate. Please let me know if you run into any problems using this approach.
    Matt Meehan, ADO.NET Data Services (Astoria)
    Wednesday, April 8, 2009 8:43 PM
    Moderator

All replies

  • Hi,

    The DataServiceContext.SendingRequest event should allow you to hook up certificates to the underlying HttpWebRequest made by the context.

    Here is an example implementation that you could try adding to your context (either directly or with a partial class). It will expose a X509Certificate property called ClientCertificate that will be added whenever a request is sent. While I don't expect this to match what you're trying to do exactly, I hope it will help.

            private X509Certificate clientCertificate = null;
            public X509Certificate ClientCertificate
            {
                get
                {
                    return clientCertificate;
                }
                set
                {
                    if (value == null)
                    {
                        // if the event has been hooked up before, we should remove it
                        if (clientCertificate != null)
                            this.SendingRequest -= this.OnSendingRequest_AddCertificate;
                    }
                    else
                    {
                        // hook up the event if its being set to something non-null
                        if(clientCertificate == null)
                            this.SendingRequest += this.OnSendingRequest_AddCertificate;
                    }
    
                    clientCertificate = value;
                }                   
            }
    
            private void OnSendingRequest_AddCertificate(object sender, SendingRequestEventArgs args)
            {
                if (null != ClientCertificate)
                    (args.Request as HttpWebRequest).ClientCertificates.Add(ClientCertificate);
            }


    This should allow you to do something like:

    MyDataServiceContext ctx = new MyDataServiceContext(myServiceRoot);
    ctx.ClientCertificate = { get certificate here }

    I've done a bit of experimentation just to make sure that the event is firing, but I have not tried it with a valid certificate. Please let me know if you run into any problems using this approach.
    Matt Meehan, ADO.NET Data Services (Astoria)
    Wednesday, April 8, 2009 8:43 PM
    Moderator
  • Matt,

    This worked beautifully.

    Thanks.
    Friday, April 10, 2009 2:34 PM