locked
Web service security using X509 certificate in Classic ASP RRS feed

  • Question

  • User1501589283 posted

    I'm trying to call a C# dll from classic ASP - this dll calls a webservice. I've been asked by someone that runs that ASP site to create this dll for him and had tons of problems doing that. He told me he has a *.crt file, and that the dll should use that to call his SSL-based webservice.

    So since this is classic ASP, had to make it a COM object and also configure the service and endpoint through code, like so:

    BasicHttpBinding binding = new BasicHttpBinding();
                    binding.Name = "Service1Binding";
                    binding.CloseTimeout = System.TimeSpan.Parse("00:01:00");
    
                    binding.OpenTimeout = System.TimeSpan.Parse("00:01:00");
                    binding.ReceiveTimeout = System.TimeSpan.Parse("00:10:00");
                    binding.SendTimeout = System.TimeSpan.Parse("00:01:00");
    
                    binding.AllowCookies = false;
                    binding.BypassProxyOnLocal = false;
                    binding.HostNameComparisonMode = System.ServiceModel.HostNameComparisonMode.StrongWildcard;
    
                    binding.MaxBufferSize = 65536;
                    binding.MaxBufferPoolSize = 524288;
                    binding.MaxReceivedMessageSize = 65536;
    
                    binding.MessageEncoding = System.ServiceModel.WSMessageEncoding.Text;
                    binding.TextEncoding = System.Text.Encoding.UTF8;
                    binding.TransferMode = System.ServiceModel.TransferMode.Buffered;
    
                    binding.UseDefaultWebProxy = true;
                    binding.ReaderQuotas.MaxDepth = 32;
                    binding.ReaderQuotas.MaxStringContentLength = 8192;
    
                    binding.ReaderQuotas.MaxArrayLength = 16384;
                    binding.ReaderQuotas.MaxBytesPerRead = 4096;
                    binding.ReaderQuotas.MaxNameTableCharCount = 16384;
    
                    binding.Security.Mode = System.ServiceModel.BasicHttpSecurityMode.None;
                    binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;
                    binding.Security.Transport.ProxyCredentialType = HttpProxyCredentialType.None;
    
                    binding.Security.Transport.Realm = "";
                    binding.Security.Mode = BasicHttpSecurityMode.TransportWithMessageCredential;
                    binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
                    binding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.Certificate;
                    binding.Security.Message.AlgorithmSuite = System.ServiceModel.Security.SecurityAlgorithmSuite.Default;
    
                    EndpointAddress endpoint =
                        new EndpointAddress("https://webservice.XXXX.com/Service1.svc");
    
    				var cert = new X509Certificate2(certPath); //local path to *.crt file
                    Service1.ServiceClient client = new Service1.ServiceClient(binding, endpoint);
                    client.ClientCredentials.ClientCertificate.Certificate = cert;
    
                    var result = client.HelloWorld();

    At first i got a Forbidden exception, so I changed the Security.Mode to be BasicHttpSecurityMode.TransportWithMessageCredential. Now, I'm getting this error:

    The private key is not present in the X.509 certificate

    Is it looking for the cert in the store, or using the path I gave it? How can i make this work?

    Tuesday, June 4, 2013 4:10 PM

All replies

  • User220959680 posted

    It is required to add the digital certificate i.e., .crt file to the store where the service request is initiated (web server or local machine during development phase).

    Refer http://blog.mitchdenny.com/2007/09/06/using-certificate-based-authentication-and-protection-with-windows-communication-foundation-wcf/ complete process is well explained.

    Let us know further queries.

    Tuesday, June 4, 2013 6:02 PM
  • User1501589283 posted

    Thanks for you reply. I'm wondering what the right combination of security modes in the BasicHttpBinding object I need to pull the certificate from the store.

     

    This is what I currently have and doesn't work (gives me the error i mentioned about the private key missing):

    binding.Security.Mode = System.ServiceModel.BasicHttpSecurityMode.None;
                    binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;
                    binding.Security.Transport.ProxyCredentialType = HttpProxyCredentialType.None;
    
                    binding.Security.Transport.Realm = "";
                    binding.Security.Mode = BasicHttpSecurityMode.TransportWithMessageCredential;
                    binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
                    binding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.Certificate;
                    binding.Security.Message.AlgorithmSuite = System.ServiceModel.Security.SecurityAlgorithmSuite.Default;

    Tuesday, June 4, 2013 10:47 PM