none
Call asmx web service using client side certificate RRS feed

  • Question

  • i got a example from this url https://support.microsoft.com/en-sg/help/901183/how-to-call-a-web-service-by-using-a-client-certificate-for-authentica

    code supposed to add client side certificate when calling web service from client side

    using System.Security.Cryptography.X509Certificates;
    ...
    
      public void CallWebService()
      {
        // TODO: Replace <C:\WSClientCert.cer> with the path of your certificate file.
        string certPath = @"<C:\WSClientCert.cer>";
    
        // Create an instance of the Web service proxy.
        WebSvc.math mathservice = new WebSvc.math();
        // TODO: Replace <https://wsserver/securemath/math.asmx> with a valid URL.
        mathservice.Url = @"<https://wsserver/securemath/math.asmx>";
    
        // Create an X509Certificate object from the information 
        // in the certificate export file, and then add the certificate to the 
        // ClientCertificates collection of the Web service proxy.
        mathservice.ClientCertificates.Add(
            X509Certificate.CreateFromCertFile(certPath));
    
        long lngResult = 0;
        try
        {
          lngResult = mathservice.Add(Int32.Parse(operand1.Text), 
              Int32.Parse(operand2.Text));
          string result = lngResult.ToString();
        }
        catch(Exception ex)
        {
          if(ex is WebException)
          {
            WebException we = ex as WebException;
            WebResponse webResponse = we.Response;
            throw new Exception("Exception calling method. " + ex.Message);
          }
        }
      }

    see this line string certPath = @"<C:\WSClientCert.cer>";

    1) tell <> bracket is required when store cert file path?

    2) from where to get certificate?

    3) do i need to purchase certificate to call service from client side ?

    4) suppose if i purchase certificate from x company then how web service can understand my certificate ?

    guide and answer for my all points.

    Monday, July 24, 2017 11:52 AM

Answers

  • Hi Mou_kolkata,

    How did you create your web service with certificate authentication?

    >>tell <> bracket is required when store cert file path?

    You need to replace this with your certificate file path.

    >> from where to get certificate?

    You could create a self-sign certificate or buy it from a certificate store.

    >>o i need to purchase certificate to call service from client side ?

    It depends on your requirement. If it is a self product, I think you could try self-sign certificate for test purpose, if it is company product, I think you need to buy a certificate.

    >> suppose if i purchase certificate from x company then how web service can understand my certificate ?

    You could map the certificate with your application including IIS client certificate mapping authentication.

    #Configure Client Certificate Mapping Authentication (IIS 7)

    https://technet.microsoft.com/en-us/library/cc732996(v=ws.10).aspx

    Best Regards,

    Edward


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    • Marked as answer by Mou_kolkata Tuesday, July 25, 2017 10:02 AM
    Tuesday, July 25, 2017 2:20 AM

All replies

  • Hello,

    Those are the correct questions to ask.  The concept is your server will validate the certificate sent from the client and will expect a specific certificate.  Do you need this level of authentication?  This is required if you want to establish the identity of the client by using a certificate.  It is not required if you only want to use https (SSL).  Typically this is only used if your client is a desktop app or service.

    If your requirements do require distributing certificates to specific clients, then take a look at the MSDN article:

    https://msdn.microsoft.com/en-us/library/ff648360.aspx


    Cheers, Jeff

    Monday, July 24, 2017 9:18 PM
  • Hi Mou_kolkata,

    How did you create your web service with certificate authentication?

    >>tell <> bracket is required when store cert file path?

    You need to replace this with your certificate file path.

    >> from where to get certificate?

    You could create a self-sign certificate or buy it from a certificate store.

    >>o i need to purchase certificate to call service from client side ?

    It depends on your requirement. If it is a self product, I think you could try self-sign certificate for test purpose, if it is company product, I think you need to buy a certificate.

    >> suppose if i purchase certificate from x company then how web service can understand my certificate ?

    You could map the certificate with your application including IIS client certificate mapping authentication.

    #Configure Client Certificate Mapping Authentication (IIS 7)

    https://technet.microsoft.com/en-us/library/cc732996(v=ws.10).aspx

    Best Regards,

    Edward


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    • Marked as answer by Mou_kolkata Tuesday, July 25, 2017 10:02 AM
    Tuesday, July 25, 2017 2:20 AM
  • i am looking for details knowledge to know how client certificate will be validated at server side ?

    Tuesday, July 25, 2017 10:03 AM
  • Hi Mou_kolkata,

    For this new issue, I would suggest you post a new thread, and then we could focus on this new specific issue.

    Best Regards,

    Edward


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Tuesday, July 25, 2017 3:50 PM