locked
Cannot add certificate to the SOAP request RRS feed

  • Question

  • User889538011 posted

    I am trying to connect to the WebService with C# but I cannot attach certificate to the request. I succesfully authorized myself using SoapUI so I'm sure something is wrong with my code, not the WS.

    First thing I done was generating proxy class with delivered WSDL file (using Add Service Reference option in Visual Studio). In my Web.config file I got code like this:

    <system.serviceModel>
    <bindings>
      <basicHttpBinding>
        <binding name="myServiceSoapBinding" />
      </basicHttpBinding>
    </bindings>
    <client>
      <endpoint address="http://xxxxxxxxxxxxxxx/myService"
        binding="basicHttpBinding" bindingConfiguration="myServiceSoapBinding"
        contract="xxxxxxxxxxxxx.myService" name="myServicePort" />
    </client></system.serviceModel>
    

    Then, according to that i wrote this code:

    var basicHttpBinding = new BasicHttpBinding(BasicHttpSecurityMode.Message);
    basicHttpBinding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.Certificate;
    var endpoint = new EndpointAddress("http://xxxxxxxxxxxxxxx/myService");
    myService.myServiceClient myServiceClient = new myService.myServiceClient(basicHttpBinding, endpoint);
    var cert = new X509Certificate2(@"xxxxxx\key.p12", "password");
    myServiceClient.ClientCredentials.ClientCertificate.Certificate = cert;
    myServiceClient.Endpoint.Behaviors.Add(new DebugMessageBehavior());
    myService.NewOrderRequest = new myService.NewOrderRequest();
          ....
    var result = myServiceClient.makeNewOrder(orderRequest);

    Finally, I checked whole request and noticed, there is no wsse:Security tag. There is request I was about to send:

    <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
      <s:Header>
        <Action s:mustUnderstand="1" xmlns="http://schemas.microsoft.com/ws/2005/05/addressing/none" />
      </s:Header>
      <s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <newOrderRequest xmlns="http://xxxxxxxxxxxxx/">
          <requestHeader xmlns="">
            <!--some params here-->
          </requestHeader>
        </newOrderRequest>
      </s:Body>
    </s:Envelope>

    Hours of "making changes and testing" ago I was able to sucesfully send the request but WS replied that my certifcate is incorrect or missing. At this moment I'm just getting an exception: "The service certificate is not provided for target 'xxxxxxxx'. Specify a service certificate in ClientCredentials". I stuck here and I have no more ideas. Of course I read a lot of similiar topic but nothing of them solve my problem. Can you help me?

    Monday, December 28, 2020 11:57 AM

All replies

  • User1535942433 posted

    Hi dzeju555,

    "The service certificate is not provided for target 'xxxxxxxx'. Specify a service certificate in ClientCredentials".

    Accroding to your description,as far as I think,your X509Certificate2 setting have errors.I suggest you need to check the configuration.

    More details,you could refer to below article:

    https://docs.microsoft.com/en-us/dotnet/framework/wcf/feature-details/transport-security-with-certificate-authentication

    Best regards,

    Yijing Sun

    Tuesday, December 29, 2020 6:09 AM
  • User889538011 posted

    Well, I tried load certificate from the store and directly from the file and I got the same result. The code in example is about using https (transport layer) + certificate to authorize. WebService I have to use doesn't suport SSL. Another thing is, WebService needs basicHttpBinding. When I use wsHttpBindig it causes compatibility errors.

    Tuesday, December 29, 2020 5:14 PM
  • User1535942433 posted

    Hi dzeju555,

    Do you have set the ClientCredentialType property of the TransportSecurity ?

    Just like this:

    <security mode="Transport">
        <transport clientCredentialType="Certificate" />
    </security> 

    Best regards,

    Yijing Sun

    Wednesday, December 30, 2020 9:05 AM
  • User889538011 posted

    Of course I tried, but I get an exception like this:

    "The provided URI scheme 'http' is invalid; expected 'https'. Parameter name: via"

    Saturday, January 2, 2021 8:41 AM
  • User1535942433 posted

    Hi dzeju555,

    Accroding to your description,I think that the problem means you need to bind https. But it need to specify the SSL certificate.In your description,webservice don't support SSL,so I suggest you could do this:

    Before:

    Security mode= "Transport"

    After:

    Security mode= "none"

    Best regards,
    Yijing Sun

    Monday, January 4, 2021 7:52 AM