locked
SSL certificate files - using Windows Service with WebRequest to ASHX RRS feed

  • Question

  • User1894502017 posted

    I'm writing code that uses the .NET WebRequest object to send SOAP XML to an ASHX web service (an ASP.NET HTTP Handler).

    I'm planning to use a Windows Service (right now it's just a console app). My app will be kicked off once an hour, and process any new data and send it off to the ASHX web service.

    The owner of the ASHX web service wants me to use SSL. They have given me the security header to include in my SOAP XML, which is as follows:

    <soapenv:Header> <-- Security token as part of header
    <ns1:Security xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
    <ns1:UsernameToken>
    <ns1:Username>myusername</ns1:Username>
    <ns1:Password>mypassword</ns1:Password> 
    </ns1:UsernameToken>
    </ns1:Security>
    </soapenv:Header>
    <soapenv:Body ....

    They have also given me the certificate files - a few .crt files inside a zip file.

    My question: What do I do with these certificate files? Is it enough just to send the SOAP header, or do I need to install the certificates on my server? Do I install them in IIS even though I'm developing a Windows Service and not a web app?

    Monday, March 4, 2013 12:29 PM

Answers

  • User-742633084 posted

    Hi hapax_legome...,

    For connecting HTTPS/SSL secured endpoint via webrequest class, it is almost the same as HTTP one. You just need to change the url to the HTTPS specific one (see articles below):

    #How to send a client certificate by using the HttpWebRequest and HttpWebResponse classes in Microsoft Visual C# .NET
    http://support.microsoft.com/kb/895971

    #How do I use WebRequest to access an SSL encrypted site using https?
    http://stackoverflow.com/questions/560804/how-do-i-use-webrequest-to-access-an-ssl-encrypted-site-using-https

    and for HTTPs server endpoint, it is possible that the server certificate cannot be verified by client-side (windows OS security layer), and it will raise an exception, we can use the event on ServicePointManager class to suppress it (see the following article):

    #HttpWebRequest and Ignoring SSL Certificate Errors
    http://www.west-wind.com/weblog/posts/2011/Feb/11/HttpWebRequest-and-Ignoring-SSL-Certificate-Errors

    And for the question you asked about "why your service provider provvide you some certficate stuffs", here are some of my understanding:

    1. It is possible that the service provider want you to import the certificate (public key certificate of the SSL server) into the trustes certificate on your client machine. This can make the SSL server(certificate) be verified correctly at runtime. But even not, as I mentioned above, we can use code to suppress the error
    2. It is possible that it require you to supply a client certificate for authentication. If this is the case, one of the above article I refered have introduced how to supply client certificate for webrequest client (when accessing SSL/HTTPS service)
    3. Since the service provider asked to you add some security soap headers (contains the username authentication credentials), I'm wondering if they also want you to do some encryption or signing on the header/credentials element (by using some certificate they provided). 

    Anyway, I think you will need to confirm with the service provider on the above things. I hope that's not the #3 case I mentioned because that will make things quite complicated. While for #1 and #2, that's not difficult and is easy to achieve through the references I mentioned.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, March 14, 2013 4:39 AM

All replies

  • User-742633084 posted

    Hi hapax_legome...,

    For connecting HTTPS/SSL secured endpoint via webrequest class, it is almost the same as HTTP one. You just need to change the url to the HTTPS specific one (see articles below):

    #How to send a client certificate by using the HttpWebRequest and HttpWebResponse classes in Microsoft Visual C# .NET
    http://support.microsoft.com/kb/895971

    #How do I use WebRequest to access an SSL encrypted site using https?
    http://stackoverflow.com/questions/560804/how-do-i-use-webrequest-to-access-an-ssl-encrypted-site-using-https

    and for HTTPs server endpoint, it is possible that the server certificate cannot be verified by client-side (windows OS security layer), and it will raise an exception, we can use the event on ServicePointManager class to suppress it (see the following article):

    #HttpWebRequest and Ignoring SSL Certificate Errors
    http://www.west-wind.com/weblog/posts/2011/Feb/11/HttpWebRequest-and-Ignoring-SSL-Certificate-Errors

    And for the question you asked about "why your service provider provvide you some certficate stuffs", here are some of my understanding:

    1. It is possible that the service provider want you to import the certificate (public key certificate of the SSL server) into the trustes certificate on your client machine. This can make the SSL server(certificate) be verified correctly at runtime. But even not, as I mentioned above, we can use code to suppress the error
    2. It is possible that it require you to supply a client certificate for authentication. If this is the case, one of the above article I refered have introduced how to supply client certificate for webrequest client (when accessing SSL/HTTPS service)
    3. Since the service provider asked to you add some security soap headers (contains the username authentication credentials), I'm wondering if they also want you to do some encryption or signing on the header/credentials element (by using some certificate they provided). 

    Anyway, I think you will need to confirm with the service provider on the above things. I hope that's not the #3 case I mentioned because that will make things quite complicated. While for #1 and #2, that's not difficult and is easy to achieve through the references I mentioned.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, March 14, 2013 4:39 AM
  • User1894502017 posted

    Excellent. Thanks

    Tuesday, April 9, 2013 11:22 AM